Page MenuHomeFreeBSD
Differential D31772

kevent: Fix races between timer detach and kqtimer_proc_continue()
ClosedPublic
Actions

Authored by markj on Sep 1 2021, 3:06 PM.
Tags
None
Referenced Files
F159042768: D31772.diff
Tue, Jun 9, 10:29 AM
F159007923: D31772.id94508.diff
Mon, Jun 8, 11:12 PM
F158979185: D31772.id.diff
Mon, Jun 8, 1:45 PM
Unknown Object (File)
Mon, Jun 8, 1:54 AM
Unknown Object (File)
Sun, Jun 7, 7:21 PM
Unknown Object (File)
Tue, Jun 2, 6:23 PM
Unknown Object (File)
Tue, Jun 2, 1:24 PM
Unknown Object (File)
Mon, Jun 1, 5:06 AM
View All Files
Subscribers
imp
jmg

Details

Reviewers
kib
Commits
rGc511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Summary
- When detaching a knote, we need to double check the enqueued flag
  after acquiring the process lock, as kqtimer_proc_continue() may have
  toggled it.
- kqtimer_proc_continue() could in principle reschedule a stopped
  callout after filt_timerdetach() drains the callout.  So, we need to
  re-check.

Reported by: syzbot+4a4cebb3ec07892cb040@syzkaller.appspotmail.com
Reported by: syzbot+a9c04bc76078a3b7dd8d@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
18 lines

Diff 94508

View Options

sys/kern/kern_event.c

Loading...