Page MenuHomeFreeBSD
Differential D31772

kevent: Fix races between timer detach and kqtimer_proc_continue()
ClosedPublic
Actions

Authored by markj on Sep 1 2021, 3:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 2, 3:40 AM
Unknown Object (File)
Sun, Sep 28, 4:30 PM
Unknown Object (File)
Sun, Sep 28, 3:23 AM
Unknown Object (File)
Mon, Sep 22, 11:53 AM
Unknown Object (File)
Thu, Sep 18, 5:00 AM
Unknown Object (File)
Sep 9 2025, 10:14 PM
Unknown Object (File)
Aug 25 2025, 7:39 AM
Unknown Object (File)
Aug 15 2025, 12:23 AM
View All 92 Files
Subscribers
imp
jmg

Details

Reviewers
kib
Commits
rGc511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Summary
- When detaching a knote, we need to double check the enqueued flag
  after acquiring the process lock, as kqtimer_proc_continue() may have
  toggled it.
- kqtimer_proc_continue() could in principle reschedule a stopped
  callout after filt_timerdetach() drains the callout.  So, we need to
  re-check.

Reported by: syzbot+4a4cebb3ec07892cb040@syzkaller.appspotmail.com
Reported by: syzbot+a9c04bc76078a3b7dd8d@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
18 lines

Diff 94508

View Options

sys/kern/kern_event.c

Loading...