Page MenuHomeFreeBSD

Fix race condition in catopen(3).

Authored by delphij on Tue, Mar 17, 6:44 AM.



Fix race condition in catopen(3).

The current code uses a rwlock to protect the cached list, which
in turn holds a list of catentry objects, and increments reference
count while holding only read lock.

Fix this by converting the reference counter to use atomic operations.

While I'm there, also perform some clean ups around memory operations.

PR: 202636
Reported by: Henry Hu <>

Test Plan

Run test case provided in the bug.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

delphij created this revision.Tue, Mar 17, 6:44 AM
markj added inline comments.Tue, Mar 17, 6:45 PM
162 ↗(On Diff #69587)

All of the refcount field references use unneeded parentheses.

366 ↗(On Diff #69587)

Why not use atomic_fetchadd_int()?

delphij updated this revision to Diff 69628.Wed, Mar 18, 4:15 AM

Address reviewer comments.

delphij marked 2 inline comments as done.Wed, Mar 18, 4:16 AM

Please take another look.

markj accepted this revision.Wed, Mar 18, 5:08 PM

Seems ok to me. I am skeptical that a rw lock is better than a mutex here.

86 ↗(On Diff #69628)

You might explicitly initialize the refcount to 0 here with a short comment explaining why negative entries don't have any references, but it is up to you.

This revision is now accepted and ready to land.Wed, Mar 18, 5:08 PM
This revision was automatically updated to reflect the committed changes.