Page MenuHomeFreeBSD
Differential D31772

kevent: Fix races between timer detach and kqtimer_proc_continue()
ClosedPublic
Actions

Authored by markj on Sep 1 2021, 3:06 PM.
Tags
None
Referenced Files
F150313343: D31772.id94496.diff
Tue, Mar 31, 3:07 AM
F150281476: D31772.id94496.diff
Mon, Mar 30, 8:43 PM
Unknown Object (File)
Tue, Mar 17, 1:02 PM
Unknown Object (File)
Thu, Mar 5, 6:18 PM
Unknown Object (File)
Thu, Mar 5, 6:24 AM
Unknown Object (File)
Feb 26 2026, 8:19 AM
Unknown Object (File)
Jan 4 2026, 4:23 PM
Unknown Object (File)
Dec 25 2025, 11:33 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
kib
Commits
rGc511383de7a0: kevent: Fix races between timer detach and kqtimer_proc_continue()
Summary
- When detaching a knote, we need to double check the enqueued flag
  after acquiring the process lock, as kqtimer_proc_continue() may have
  toggled it.
- kqtimer_proc_continue() could in principle reschedule a stopped
  callout after filt_timerdetach() drains the callout.  So, we need to
  re-check.

Reported by: syzbot+4a4cebb3ec07892cb040@syzkaller.appspotmail.com
Reported by: syzbot+a9c04bc76078a3b7dd8d@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41310
Build 38199: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
18 lines

Diff 94496

View Options

sys/kern/kern_event.c

Loading...