Page MenuHomeFreeBSD

sem_post(): wake up the sleeper after adjusting has_waiters
ClosedPublic

Authored by badger on Aug 15 2016, 2:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 26, 2:25 PM
Unknown Object (File)
Dec 9 2024, 8:55 AM
Unknown Object (File)
Dec 6 2024, 10:09 PM
Unknown Object (File)
Nov 22 2024, 2:32 PM
Unknown Object (File)
Nov 12 2024, 12:14 PM
Unknown Object (File)
Nov 5 2024, 4:25 AM
Unknown Object (File)
Nov 5 2024, 1:59 AM
Unknown Object (File)
Oct 28 2024, 10:47 AM
Subscribers

Details

Summary

If the caller of sem_post() wakes up a thread sleeping via sem_wait()
before it clears the has_waiters flag, the caller of sem_wait() has no way of
knowing when it is safe to destroy the semaphore and reuse the memory. This is
because the caller of sem_post() may be interrupted between the wake step and
the clearing of has_waiters. It will then write into the has_waiters flag in
userspace after being preempted for some unknown amount of time.

A test program that illustrates the issue I want to fix is here:
https://people.freebsd.org/~badger/tests/sem_post-stack-corrupt/semaphore.c .
This program can sometimes exit in the otherfunc() function printing
"sem struct changed after yielding". There is a README.txt file in that
same directory describing the test in more detail.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 4793
Build 4849: arc lint + arc unit

Event Timeline

badger retitled this revision from to Wake up the sleeper after adjusting has_waiters.
badger updated this object.
badger edited the test plan for this revision. (Show Details)
badger retitled this revision from Wake up the sleeper after adjusting has_waiters to sem_post(): wake up the sleeper after adjusting has_waiters.Aug 15 2016, 2:35 PM
badger updated this object.
badger added reviewers: vangyzen, kib.
vangyzen edited edge metadata.
This revision is now accepted and ready to land.Aug 15 2016, 2:56 PM
kib edited edge metadata.
jhb edited edge metadata.
This revision was automatically updated to reflect the committed changes.