DragonFly BSD
DragonFly commits List (threaded) for 2010-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: kernel - Fix rare token overwrite race


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 25 Sep 2010 16:16:00 -0700 (PDT)

commit b528f10fca490702489154b515758fc09439a0aa
Author: Matthew Dillon <dillon@apollo.backplane.com>
Date:   Sat Sep 25 16:10:48 2010 -0700

    kernel - Fix rare token overwrite race
    
    td_toks_stop was being decremented prior to releasing the token reference
    and cleaning up the optional mp lock.  This left a very small
    one-instruction opening where the following sequence of events could
    occur:
    
      * While releasing the ref in 'if (tok->t_ref == ref) tok->t_ref = NULL;'
        a fast interrupt could come along, acquire a token reusing our ref,
        then release it.
    
      * A thread on another cpu then successfully acquires the now released
        token.
    
      * The fast interrupt returns our interrupted thread resumes with the
        execution of 'tok->t_ref = NULL;'.
    
      * The other thread asserts on the missing token ref or otherwise performs
        actions which assume the token is still held when it is not due to
        the first thread blowing it up.
    
    Reported-by: Francois Tigeot <ftigeot@wolfpond.org>

Summary of changes:
 sys/kern/lwkt_token.c |   29 +++++++++++++++++++----------
 1 files changed, 19 insertions(+), 10 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/b528f10fca490702489154b515758fc09439a0aa


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]