Page MenuHomeFreeBSD

Fix race condition in catopen(3).
ClosedPublic

Authored by delphij on Mar 17 2020, 6:44 AM.

Details

Summary

Fix race condition in catopen(3).

The current code uses a rwlock to protect the cached list, which
in turn holds a list of catentry objects, and increments reference
count while holding only read lock.

Fix this by converting the reference counter to use atomic operations.

While I'm there, also perform some clean ups around memory operations.

PR: 202636
Reported by: Henry Hu <henry.hu.sh@gmail.com>

Test Plan

Run test case provided in the bug.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

lib/libc/nls/msgcat.c
162 ↗(On Diff #69587)

All of the refcount field references use unneeded parentheses.

366 ↗(On Diff #69587)

Why not use atomic_fetchadd_int()?

Address reviewer comments.

Please take another look.

Seems ok to me. I am skeptical that a rw lock is better than a mutex here.

lib/libc/nls/msgcat.c
86 ↗(On Diff #69628)

You might explicitly initialize the refcount to 0 here with a short comment explaining why negative entries don't have any references, but it is up to you.

This revision is now accepted and ready to land.Mar 18 2020, 5:08 PM
This revision was automatically updated to reflect the committed changes.