DragonFly kernel List (threaded) for 2011-02
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

race condition in knote deletion?

From:	Nicolas Thery <nthery@xxxxxxxxx>
Date:	Wed, 2 Feb 2011 01:00:51 +0100

Hello,

knote_detach_and_drop() can sleep while getting the mp lock after
setting the KN_DELETING flag thus
releasing temporarily the kqueue token.

static void
knote_detach_and_drop(struct knote *kn)
{
        kn->kn_status |= KN_DELETING | KN_REPROCESS;
        if (kn->kn_fop->f_flags & FILTEROP_MPSAFE) {
                kn->kn_fop->f_detach(kn);
        } else {
                get_mplock();
                kn->kn_fop->f_detach(kn);
                rel_mplock();
        }
        knote_drop(kn);
}

So  wouldn't another cpu running knote_release() while the 1st one
sleeps call knote_detach_and_drop() too
causing a crash when the 1st cpu resumes?

static __inline
int
knote_release(struct knote *kn)
{
        while (kn->kn_status & KN_REPROCESS) {
                kn->kn_status &= ~KN_REPROCESS;
                if (kn->kn_status & KN_WAITING) {
                        kn->kn_status &= ~KN_WAITING;
                        wakeup(kn);
                }
                if (kn->kn_status & KN_DELETING) {
                        knote_detach_and_drop(kn);
                        return(1);
                        /* NOT REACHED */
                }
                if (filter_event(kn, 0))
                        KNOTE_ACTIVATE(kn);
        }
        kn->kn_status &= ~KN_PROCESSING;
        return(0);
}


Cheers
Nicolas

Follow-Ups:
- Re: race condition in knote deletion?
  - From: Matthew Dillon <dillon@apollo.backplane.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]