Page MenuHomeFreeBSD
Differential D31772

kevent: Fix races between timer detach and kqtimer_proc_continue()
ClosedPublic
Actions

Authored by markj on Sep 1 2021, 3:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, May 2, 2:41 PM
Unknown Object (File)
Thu, May 2, 2:41 PM
Unknown Object (File)
Thu, May 2, 2:41 PM
Unknown Object (File)
Thu, May 2, 1:45 PM
Unknown Object (File)
Sun, Apr 14, 5:29 PM
Unknown Object (File)
Mon, Apr 8, 1:56 PM
Unknown Object (File)
Apr 6 2024, 12:19 PM
Unknown Object (File)
Feb 11 2024, 2:59 PM
View All 36 Files
Subscribers
imp
jmg

Details

Reviewers
kib
Commits
rGc511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Summary
- When detaching a knote, we need to double check the enqueued flag
  after acquiring the process lock, as kqtimer_proc_continue() may have
  toggled it.
- kqtimer_proc_continue() could in principle reschedule a stopped
  callout after filt_timerdetach() drains the callout.  So, we need to
  re-check.

Reported by: syzbot+4a4cebb3ec07892cb040@syzkaller.appspotmail.com
Reported by: syzbot+a9c04bc76078a3b7dd8d@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
18 lines

Diff 94508

View Options

sys/kern/kern_event.c

Loading...