Page MenuHomeFreeBSD
Differential D7505

sem_post(): wake up the sleeper after adjusting has_waiters
ClosedPublic
Actions

Authored by badger on Aug 15 2016, 2:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 26, 7:48 AM
Unknown Object (File)
Sun, May 21, 4:20 AM
Unknown Object (File)
Fri, May 5, 2:02 PM
Unknown Object (File)
Apr 6 2023, 4:41 AM
Unknown Object (File)
Apr 3 2023, 6:44 AM
Unknown Object (File)
Mar 16 2023, 11:20 AM
Unknown Object (File)
Feb 28 2023, 11:18 AM
Unknown Object (File)
Feb 22 2023, 3:58 PM
View All 28 Files
Subscribers
imp

Details

Reviewers
kib
jhb
vangyzen
Commits
rS304184: sem_post(): wake up the sleeper only after adjusting has_waiters
Summary

If the caller of sem_post() wakes up a thread sleeping via sem_wait()
before it clears the has_waiters flag, the caller of sem_wait() has no way of
knowing when it is safe to destroy the semaphore and reuse the memory. This is
because the caller of sem_post() may be interrupted between the wake step and
the clearing of has_waiters. It will then write into the has_waiters flag in
userspace after being preempted for some unknown amount of time.

A test program that illustrates the issue I want to fix is here:
https://people.freebsd.org/~badger/tests/sem_post-stack-corrupt/semaphore.c .
This program can sometimes exit in the otherfunc() function printing
"sem struct changed after yielding". There is a README.txt file in that
same directory describing the test in more detail.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

badger updated this revision to Diff 19286.Aug 15 2016, 2:30 PM
badger retitled this revision from to Wake up the sleeper after adjusting has_waiters.
badger updated this object.
badger edited the test plan for this revision. (Show Details)
Herald added a subscriber: imp. · View Herald TranscriptAug 15 2016, 2:30 PM
badger retitled this revision from Wake up the sleeper after adjusting has_waiters to sem_post(): wake up the sleeper after adjusting has_waiters.Aug 15 2016, 2:35 PM
badger updated this object.
badger added reviewers: vangyzen, kib.
vangyzen accepted this revision.Aug 15 2016, 2:56 PM
vangyzen edited edge metadata.
This revision is now accepted and ready to land.Aug 15 2016, 2:56 PM
badger added a reviewer: jhb.Aug 15 2016, 3:49 PM
kib accepted this revision.Aug 15 2016, 3:56 PM
kib edited edge metadata.
jhb accepted this revision.Aug 15 2016, 5:36 PM
jhb edited edge metadata.
Closed by commit rS304184: sem_post(): wake up the sleeper only after adjusting has_waiters (authored by badger). · Explain WhyAug 15 2016, 8:09 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
6 lines

Diff 19308

View Options

head/sys/kern/kern_umtx.c

Loading...