Page MenuHomeFreeBSD
Differential D18060

Fix unsynchronized updates to kn_status.
ClosedPublic
Actions

Authored by markj on Nov 20 2018, 9:33 PM.
Tags
None
Referenced Files
F133118473: D18060.id50646.diff
Thu, Oct 23, 3:17 AM
Unknown Object (File)
Sat, Oct 18, 9:16 PM
Unknown Object (File)
Sat, Oct 18, 9:15 PM
Unknown Object (File)
Sat, Oct 18, 9:15 PM
Unknown Object (File)
Sat, Oct 18, 9:15 PM
Unknown Object (File)
Sat, Oct 18, 11:01 AM
Unknown Object (File)
Sat, Oct 18, 1:50 AM
Unknown Object (File)
Sun, Oct 12, 1:19 AM
View All 75 Files
Subscribers
imp

Details

Reviewers
kib
jmg
Commits
rS340734: Avoid unsynchronized updates to kn_status.
Summary

kn_status is protected by the kqueue's lock, but we were updating it
without the kqueue lock held. For EVFILT_TIMER knotes, there is no
knlist lock, so the knote activation could occur during the kn_status
update following event registration. The activation should enqueue the
knote and set KN_QUEUED, but I have a test case where the KN_QUEUED flag
gets lost, leading to corruption of the queue.

Fix the problem by setting or clearing KN_DISABLED before dropping the
kqueue lock to call into the filter. KN_DISABLED is only used by the
core kevent code, so there is no side effect from setting it earlier.

Test Plan

I have a test program that can trigger the race and a resulting crash; Peter
added it to stress2.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 20914
Build 20279: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
21 lines

Diff 50647

View Options

sys/kern/kern_event.c

Loading...