PR/53674 CVS commit: src/sys/kern

["Maxime Villard" <maxv%netbsd.org@localhost>]

The following reply was made to PR kern/53674; it has been noted by GNATS.

From: "Maxime Villard" <maxv%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/53674 CVS commit: src/sys/kern
Date: Sun, 7 Apr 2019 08:37:38 +0000

 Module Name:	src
 Committed By:	maxv
 Date:		Sun Apr  7 08:37:38 UTC 2019
 
 Modified Files:
 	src/sys/kern: subr_pool.c
 
 Log Message:
 Fix tiny race in pool+KASAN, that resulted in occasional false positives.
 
 We were uselessly marking already valid areas as valid. When doing that,
 our KASAN code emits two calls to kasan_markmem, and there is a very small
 window where the area becomes invalid. So, if the area happens to be
 already globally referenced, and if another thread happens to read the
 buffer via this reference, we get a false positive.
 
 This happens only with pool_caches that have a pc_ctor that creates a
 global reference to the buffer, and there is one single pool_cache that
 does that: 'file_cache'.
 
 So now, two changes:
 
  - In pool_cache_get_slow(), the pool_get() has already redzoned the
    object, so no need to call pool_redzone_fill().
 
  - In pool_cache_destruct_object1(), don't re-mark the object. If there is
    no ctor pool_put is fine with already-invalid objects, if there is a
    ctor the object was not marked as invalid in the first place; so in
    either case, the re-marking is not needed.
 
 Fixes PR/53674. Although very rare and difficult to reproduce, a local
 quarantine patch of mine made the false positives recurrent.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.246 -r1.247 src/sys/kern/subr_pool.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.