Fix potential use-after free in taskqueue_drain_all
ClosedPublic
Actions

Authored by julian on Oct 5 2016, 11:52 PM.

Details

Reviewers

Commits

rS306935: While the thread is sleeping in taskqueue_drain_all() it is

Summary

While the thread is sleeping it is posible that the queue entry it
is looking at is removed from the queue, but we make no effort to
account for this.

Test Plan

Systems which used to hang due to this now boot

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

julian updated this revision to Diff 21091.Oct 5 2016, 11:52 PM

julian retitled this revision from to Fix potential use-after free in taskqueue_drain_all.

julian updated this object.

julian edited the test plan for this revision. (Show Details)

Herald added a subscriber: imp. · View Herald TranscriptOct 5 2016, 11:52 PM

adrian accepted this revision.Oct 7 2016, 8:34 PM

adrian added a reviewer: adrian.

This revision is now accepted and ready to land.Oct 7 2016, 8:34 PM

Please commit this patch, this fixes FreeBSD PR 209580.

julian added a comment.Oct 10 2016, 4:42 AM

This comment was removed by julian.

Closed by commit rS306935: While the thread is sleeping in taskqueue_drain_all() it is (authored by julian). · Explain WhyOct 10 2016, 4:57 AM

This revision was automatically updated to reflect the committed changes.

julian mentioned this in rS306935: While the thread is sleeping in taskqueue_drain_all() it is.

Revision Contents
Changeset List

Path

Size

stable/

10/

sys/

kern/

subr_taskqueue.c

23 lines

Diff 21216

View Options

stable/10/sys/kern/subr_taskqueue.c

Fix potential use-after free in taskqueue_drain_allClosedPublicActions