Page MenuHomeFreeBSD
Differential D31772

kevent: Fix races between timer detach and kqtimer_proc_continue()
ClosedPublic
Actions

Authored by markj on Sep 1 2021, 3:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 25, 11:33 PM
Unknown Object (File)
Sat, Dec 20, 2:53 PM
Unknown Object (File)
Nov 24 2025, 3:04 PM
Unknown Object (File)
Nov 23 2025, 9:40 PM
Unknown Object (File)
Nov 21 2025, 6:33 AM
Unknown Object (File)
Nov 19 2025, 2:27 AM
Unknown Object (File)
Nov 17 2025, 3:06 AM
Unknown Object (File)
Nov 17 2025, 3:06 AM
View All Files
Subscribers
imp
jmg

Details

Reviewers
kib
Commits
rGc511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Summary
- When detaching a knote, we need to double check the enqueued flag
  after acquiring the process lock, as kqtimer_proc_continue() may have
  toggled it.
- kqtimer_proc_continue() could in principle reschedule a stopped
  callout after filt_timerdetach() drains the callout.  So, we need to
  re-check.

Reported by: syzbot+4a4cebb3ec07892cb040@syzkaller.appspotmail.com
Reported by: syzbot+a9c04bc76078a3b7dd8d@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
18 lines

Diff 94508

View Options

sys/kern/kern_event.c

Loading...