1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999 Eivind Eklund <eivind@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of the University nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #ifndef _SYS_KASSERT_H_ 32 #define _SYS_KASSERT_H_ 33 34 #include <sys/cdefs.h> 35 36 #ifdef _KERNEL 37 extern const char *panicstr; /* panic message */ 38 extern bool panicked; 39 #define KERNEL_PANICKED() __predict_false(panicked) 40 41 /* 42 * Trap accesses going through a pointer. Moreover if kasan is available trap 43 * reading the pointer itself. 44 * 45 * Sample usage: you have a struct with numerous fields and by API contract 46 * only some of them get populated, even if the implementation temporary writes 47 * to them. You can use DEBUG_POISON_POINTER so that the consumer which should 48 * no be looking at the field gets caught. 49 * 50 * DEBUG_POISON_POINTER(obj->ptr); 51 * .... 52 * if (obj->ptr != NULL) // traps with kasan, does not trap otherwise 53 * .... 54 * if (obj->ptr->field) // traps with and without kasan 55 */ 56 #ifdef INVARIANTS 57 58 #include <sys/asan.h> 59 60 extern caddr_t poisoned_buf; 61 #define DEBUG_POISON_POINTER_VALUE poisoned_buf 62 63 #define DEBUG_POISON_POINTER(x) ({ \ 64 x = (void *)(DEBUG_POISON_POINTER_VALUE); \ 65 kasan_mark(&x, 0, sizeof(x), KASAN_GENERIC_REDZONE); \ 66 }) 67 68 #else 69 #define DEBUG_POISON_POINTER(x) 70 #endif 71 72 #ifdef INVARIANTS /* The option is always available */ 73 #define VNASSERT(exp, vp, msg) do { \ 74 if (__predict_false(!(exp))) { \ 75 vn_printf(vp, "VNASSERT failed: %s not true at %s:%d (%s)\n",\ 76 #exp, __FILE__, __LINE__, __func__); \ 77 kassert_panic msg; \ 78 } \ 79 } while (0) 80 #define MPASSERT(exp, mp, msg) do { \ 81 if (__predict_false(!(exp))) { \ 82 printf("MPASSERT mp %p failed: %s not true at %s:%d (%s)\n",\ 83 (mp), #exp, __FILE__, __LINE__, __func__); \ 84 kassert_panic msg; \ 85 } \ 86 } while (0) 87 #define VNPASS(exp, vp) do { \ 88 const char *_exp = #exp; \ 89 VNASSERT(exp, vp, ("condition %s not met at %s:%d (%s)", \ 90 _exp, __FILE__, __LINE__, __func__)); \ 91 } while (0) 92 #define MPPASS(exp, mp) do { \ 93 const char *_exp = #exp; \ 94 MPASSERT(exp, mp, ("condition %s not met at %s:%d (%s)", \ 95 _exp, __FILE__, __LINE__, __func__)); \ 96 } while (0) 97 #define __assert_unreachable() \ 98 panic("executing segment marked as unreachable at %s:%d (%s)\n", \ 99 __FILE__, __LINE__, __func__) 100 #else /* INVARIANTS */ 101 #define VNASSERT(exp, vp, msg) do { \ 102 } while (0) 103 #define MPASSERT(exp, mp, msg) do { \ 104 } while (0) 105 #define VNPASS(exp, vp) do { \ 106 } while (0) 107 #define MPPASS(exp, mp) do { \ 108 } while (0) 109 #define __assert_unreachable() __unreachable() 110 #endif /* INVARIANTS */ 111 112 #ifndef CTASSERT /* Allow lint to override */ 113 #define CTASSERT(x) _Static_assert(x, "compile-time assertion failed") 114 #endif 115 116 /* 117 * These functions need to be declared before the KASSERT macro is invoked in 118 * !KASSERT_PANIC_OPTIONAL builds, so their declarations are sort of out of 119 * place compared to other function definitions in this header. On the other 120 * hand, this header is a bit disorganized anyway. 121 */ 122 void panic(const char *, ...) __dead2 __printflike(1, 2); 123 void vpanic(const char *, __va_list) __dead2 __printflike(1, 0); 124 #endif /* _KERNEL */ 125 126 #if defined(_STANDALONE) 127 /* 128 * Until we have more experience with KASSERTS that are called 129 * from the boot loader, they are off. The bootloader does this 130 * a little differently than the kernel (we just call printf atm). 131 * we avoid most of the common functions in the boot loader, so 132 * declare printf() here too. 133 */ 134 int printf(const char *, ...) __printflike(1, 2); 135 # define kassert_panic printf 136 #else /* !_STANDALONE */ 137 # if defined(WITNESS) || defined(INVARIANT_SUPPORT) 138 # ifdef KASSERT_PANIC_OPTIONAL 139 void kassert_panic(const char *fmt, ...) __printflike(1, 2); 140 # else 141 # define kassert_panic panic 142 # endif /* KASSERT_PANIC_OPTIONAL */ 143 # endif /* defined(WITNESS) || defined(INVARIANT_SUPPORT) */ 144 #endif /* _STANDALONE */ 145 146 #if (defined(_KERNEL) && defined(INVARIANTS)) || defined(_STANDALONE) 147 #define KASSERT(exp,msg) do { \ 148 if (__predict_false(!(exp))) \ 149 kassert_panic msg; \ 150 } while (0) 151 #else /* !(KERNEL && INVARIANTS) && !_STANDALONE */ 152 #define KASSERT(exp,msg) do { \ 153 } while (0) 154 #endif /* (_KERNEL && INVARIANTS) || _STANDALONE */ 155 156 #ifdef _KERNEL 157 /* 158 * Helpful macros for quickly coming up with assertions with informative 159 * panic messages. 160 */ 161 #define MPASS(ex) MPASS4(ex, #ex, __FILE__, __LINE__) 162 #define MPASS2(ex, what) MPASS4(ex, what, __FILE__, __LINE__) 163 #define MPASS3(ex, file, line) MPASS4(ex, #ex, file, line) 164 #define MPASS4(ex, what, file, line) \ 165 KASSERT((ex), ("Assertion %s failed at %s:%d", what, file, line)) 166 167 /* 168 * Assert that a pointer can be loaded from memory atomically. 169 * 170 * This assertion enforces stronger alignment than necessary. For example, 171 * on some architectures, atomicity for unaligned loads will depend on 172 * whether or not the load spans multiple cache lines. 173 */ 174 #define ASSERT_ATOMIC_LOAD_PTR(var, msg) \ 175 KASSERT(sizeof(var) == sizeof(void *) && \ 176 ((uintptr_t)&(var) & (sizeof(void *) - 1)) == 0, msg) 177 /* 178 * Assert that a thread is in critical(9) section. 179 */ 180 #define CRITICAL_ASSERT(td) \ 181 KASSERT((td)->td_critnest >= 1, ("Not in critical section")) 182 183 /* 184 * If we have already panic'd and this is the thread that called 185 * panic(), then don't block on any mutexes but silently succeed. 186 * Otherwise, the kernel will deadlock since the scheduler isn't 187 * going to run the thread that holds any lock we need. 188 */ 189 #define SCHEDULER_STOPPED_TD(td) ({ \ 190 MPASS((td) == curthread); \ 191 __predict_false((td)->td_stopsched); \ 192 }) 193 #define SCHEDULER_STOPPED() SCHEDULER_STOPPED_TD(curthread) 194 #endif /* _KERNEL */ 195 196 #endif /* _SYS_KASSERT_H_ */ 197