src - FreeBSD source tree

diff options


context:
space:
mode:

author	Konstantin Belousov <kib@FreeBSD.org>	2026-03-31 09:13:35 +0000
committer	Konstantin Belousov <kib@FreeBSD.org>	2026-04-02 02:20:05 +0000
commit	51db69c14fb1a1c2dc807695e6f564d498d33d5a (patch)
tree	8734c8fe049b75cd95a2be722bd7e784f1c45762
parent	ae04c7bbf065278687fa930e81a96767e9009d38 (diff)

kqueue: assert that kqueue knote lists own the knotes

Reviewed by: kevans, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D56212

Diffstat

-rw-r--r--

sys/kern/kern_event.c

1 files changed, 12 insertions, 2 deletions

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index deb23ae96f9a..f3723783146a 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c

@@ -1739,9 +1739,11 @@ findkn:

KQ_LOCK(kq);

if (kev->ident < kq->kq_knlistsize) {

- SLIST_FOREACH(kn, &kq->kq_knlist[kev->ident], kn_link)

+ SLIST_FOREACH(kn, &kq->kq_knlist[kev->ident], kn_link) {

+ MPASS(kn->kn_kq == kq);

if (kev->filter == kn->kn_filter)

break;

+ }

}

} else {

if ((kev->flags & EV_ADD) == EV_ADD) {

@@ -1767,10 +1769,12 @@ findkn:

list = &kq->kq_knhash[

KN_HASH((u_long)kev->ident, kq->kq_knhashmask)];

- SLIST_FOREACH(kn, list, kn_link)

+ SLIST_FOREACH(kn, list, kn_link) {

+ MPASS(kn->kn_kq == kq);

if (kev->ident == kn->kn_id &&

kev->filter == kn->kn_filter)

break;

+ }

}

@@ -2882,6 +2886,7 @@ knote_attach(struct knote *kn, struct kqueue *kq)

KASSERT(kn_in_flux(kn), ("knote %p not marked influx", kn));

KQ_OWNED(kq);

+ MPASS(kn->kn_kq == kq);

if ((kq->kq_state & KQ_CLOSING) != 0)

return (EBADF);

@@ -2930,6 +2935,7 @@ knote_drop_detached(struct knote *kn, struct thread *td)

msleep(kq, &kq->kq_lock, PSOCK, "kqflxwt", 0);

}

+ MPASS(kn->kn_kq == kq);

if (kn->kn_fop->f_isfd)

list = &kq->kq_knlist[kn->kn_id];

else

@@ -3106,6 +3112,7 @@ kqueue_fork_copy_list(struct klist *knlist, struct knote *marker,

KQ_OWNED(kq);

kn = SLIST_FIRST(knlist);

while (kn != NULL) {

+ MPASS(kn->kn_kq == kq);

if ((kn->kn_status & KN_DETACHED) != 0 ||

(kn_in_flux(kn) && (kn->kn_status & KN_SCAN) == 0)) {

kn = SLIST_NEXT(kn, kn_link);

@@ -3139,6 +3146,7 @@ kqueue_fork_copy(struct filedesc *fdp, struct file *fp, struct file *fp1,

kq = kq1->kq_forksrc;

marker = knote_alloc(M_WAITOK);

marker->kn_status = KN_MARKER;

+ marker->kn_kq = kq;

KQ_LOCK(kq);

for (i = 0; i < kq->kq_knlistsize; i++) {

@@ -3250,6 +3258,7 @@ kern_proc_kqueue_report(struct sbuf *s, struct proc *p, int kq_fd,

KQ_LOCK(kq);

for (i = 0; i < kq->kq_knlistsize; i++) {

SLIST_FOREACH(kn, &kq->kq_knlist[i], kn_link) {

+ MPASS(kn->kn_kq == kq);

error = kern_proc_kqueue_report_one(s, p, kq_fd,

kq, kn, compat32);

if (error != 0)

@@ -3260,6 +3269,7 @@ kern_proc_kqueue_report(struct sbuf *s, struct proc *p, int kq_fd,

goto out;

for (i = 0; i <= kq->kq_knhashmask; i++) {

SLIST_FOREACH(kn, &kq->kq_knhash[i], kn_link) {

+ MPASS(kn->kn_kq == kq);

error = kern_proc_kqueue_report_one(s, p, kq_fd,

kq, kn, compat32);

if (error != 0)