kern/38812: race between lwp_exit_switchaway and exit1/coredump

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38812: race between lwp_exit_switchaway and exit1/coredump
From: ad%netbsd.org@localhost
Date: Sat, 31 May 2008 18:35:01 +0000 (UTC)

>Number:         38812
>Category:       kern
>Synopsis:       race between lwp_exit_switchaway and exit1/coredump
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 31 18:35:00 +0000 2008
>Originator:     Andrew Doran
>Release:        4.99.62
>Organization:
The NetBSD Project
>Environment:
n/a
>Description:
lwp_exit_switchaway does (l->l_flag &= ~LW_RUNNING) without holding
the LWP locked.

exit1/coredump may set other flags on l_flag, like LW_EXIT. There is
a tiny window where this update may obliterate the previous clearing
of LW_RUNNING by lwp_exit_switchaway.

Result: exit1/coredump later spin in lwp_free, waiting for the zombie
LWP to come off the CPU. Because LW_RUNNING is set it appears that it
is still on the CPU.
>How-To-Repeat:
Be unlucky.

>Fix:
Move the RUNNING flag into the thread-private flag word, l_pflag.
Testing this without a lock is OK at all the points we care about
the RUNNING flag in particular.

Prev by Date: Re: kern/26470 (all process stop for a long time by calling settimeofday() and setitimer())
Next by Date: kern/38814: ksyms needs locking
Previous by Thread: Re: kern/36849 (Should set bus type in SMBus drivers)
Next by Thread: kern/38814: ksyms needs locking
Indexes:

Home | Main Index | Thread Index | Old Index