[systemd-devel] [PATCH] domain: fix a BUG_ON() when kdbus_domain_new() fails

Djalal Harouni tixxdz at opendz.org
Mon Jun 2 08:57:55 PDT 2014 

Currently just running: test/test-kdbus will trigger the BUG_ON()
appended at the bottom.

This is due to the test in check_domain_make() where we try to register
the same domain twice line: 297, hence kdbus_domain_new() fails with
-EEXIST at line domain.c:289

Later on error path we clear the non-finalized domain:
kdbus_domain_unref()
 => __kdbus_domain_free()
   => BUG_ON(!domain->disconnected)

After a closer look, it seems we will hit this BUG_ON() on every time
kdbus_domain_new() fails. domain was not finalized so
kdbus_domain_disconnect() is never called, and domain->disconnect can't
be true.

To fix this, I just set 'domain->disconnect = true' at the beginning
which is perfectly true since that domain is not finalized hence not
connected, and before we return success set it again to 'false' in other
words: connected.

I just took this path since it seems logic, and having a single exit
node "kdbus_domain_unref()" on success/errors wich passes all these
BUG_ON() makes the code robust.

In other places: bus, endpoints we do not follow this and we duplicate
the unref() logic, for endpoints it would be easy to convert! I'll
probably follow with patches for that.

[16254.397574] ------------[ cut here ]------------
[16254.398272] kernel BUG at /home/tixxdz/code/d-bus/domain.c:163!
[16254.398524] invalid opcode: 0000 [#1] SMP
[16254.398524] Modules linked in: kdbus(OE) ip6t_rpfilter bnep bluetooth ip6t_REJECT cfg80211 rfkill xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ppdev serio_raw 8139too i2c_piix4 parport_pc parport microcode bochs_drm drm_kms_helper ttm drm 8139cp i2c_core mii ata_generic pata_acpi
[16254.398524] CPU: 3 PID: 30638 Comm: test-kdbus Tainted: G	OE 3.15.0-0.rc5.git2.9.fc21.x86_64 #1
[16254.398524] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[16254.398524] task: ffff88005c11cd40 ti: ffff880005958000 task.ti: ffff880005958000
[16254.398524] RIP: 0010:[<ffffffffa031939b>]  [<ffffffffa031939b>] __kdbus_domain_free+0x9b/0xa0 [kdbus]
[16254.398524] RSP: 0018:ffff880005959de8  EFLAGS: 00010246
[16254.398524] RAX: ffff88005c11cd40 RBX: ffff880046743400 RCX: 0000000000008b40
[16254.398524] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff880046743400
[16254.398524] RBP: ffff880005959df0 R08: 0000000000000000 R09: 0000000000000000
[16254.398524] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800466fa800
[16254.398524] R13: 00000000ffffffef R14: ffff8800466fa960 R15: ffff880046741400
[16254.398524] FS:  00007fa151358740(0000) GS:ffff88005dc00000(0000) knlGS:0000000000000000
[16254.398524] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[16254.398524] CR2: 00007fa13db78048 CR3: 0000000005a25000 CR4: 00000000000006e0
[16254.398524] Stack:
[16254.398524]  ffff880046743400 ffff880005959e40 ffffffffa03199e8 ffff880005959e68
[16254.398524]  ffff8800466fa8a8 01ffffffa031c0a0 ffff880005a58540 00000000ffff0180
[16254.398524]  ffff880005a589c0 0000000000000005 00007fff3dc96990 ffff880005959ec0
[16254.398524] Call Trace:
[16254.398524]  [<ffffffffa03199e8>] kdbus_domain_new+0x218/0x4c0 [kdbus]
[16254.398524]  [<ffffffffa0315546>] kdbus_handle_ioctl+0xb46/0xbd0 [kdbus]
[16254.398524]  [<ffffffff81360c21>] ? inode_has_perm.isra.47+0x51/0x90
[16254.398524]  [<ffffffff81251540>] do_vfs_ioctl+0x2f0/0x520
[16254.398524]  [<ffffffff812517f1>] SyS_ioctl+0x81/0xa0
[16254.398524]  [<ffffffff817fc769>] system_call_fastpath+0x16/0x1b
[16254.398524] Code: 8b 7b 08 e8 98 ca ef e0 48 8b 7b 10 e8 8f ca ef e0 48 89 df e8 87 ca ef e0 5b 5d c3 0f 1f 40 00 e8 6b ff ff ff eb d8 0f 0b 0f 0b <0f> 0b 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 53 8b 47 28 48 89 fb
[16254.398524] RIP  [<ffffffffa031939b>] __kdbus_domain_free+0x9b/0xa0 [kdbus]
[16254.398524]  RSP <ffff880005959de8>
[16254.437815] ---[ end trace bb9a1036dec78fcc ]---

Signed-off-by: Djalal Harouni <tixxdz at opendz.org>
---
 domain.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/domain.c b/domain.c
index 4748a17..45c3c0e 100644
--- a/domain.c
+++ b/domain.c
@@ -261,13 +261,15 @@ int kdbus_domain_new(struct kdbus_domain *parent, const char *name,
 	mutex_init(&d->lock);
 	atomic64_set(&d->msg_seq_last, 0);
 	idr_init(&d->user_idr);
+	d->disconnected = true;
 
 	/* lock order: parent domain -> domain -> subsys_lock */
 	if (parent) {
 		mutex_lock(&parent->lock);
 		if (parent->disconnected) {
 			mutex_unlock(&parent->lock);
-			return -ESHUTDOWN;
+			ret = -ESHUTDOWN;
+			goto exit_unlock;
 		}
 	}
 
@@ -351,6 +353,9 @@ int kdbus_domain_new(struct kdbus_domain *parent, const char *name,
 		list_add_tail(&d->domain_entry, &parent->domain_list);
 	}
 
+	/* Put it in the connected state */
+	d->disconnected = false;
+
 	mutex_unlock(&kdbus_subsys_lock);
 	if (parent)
 		mutex_unlock(&parent->lock);
-- 
1.9.0

More information about the systemd-devel mailing list