kern/43694: fd_getfile / fd_alloc race

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/43694: fd_getfile / fd_alloc race
From: pooka%iki.fi@localhost
Date: Mon, 2 Aug 2010 10:25:01 +0000 (UTC)

>Number:         43694
>Category:       kern
>Synopsis:       fd_getfile / fd_alloc race
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 02 10:25:00 +0000 2010
>Originator:     Antti Kantee
>Release:        
>Organization:
>Environment:
>Description:
fd_getfile() ups the fdfile's refcnt, checks for ff_file and if NULL
lowers the refcnt and returns fail.  Meanwhile, fd_alloc selects
a free file descriptor and KASSERTs that the refcount is 0.
>How-To-Repeat:
run tests/kernel/t_filedesc -v iters=10000000 getfilerace
>Fix:
Maybe the kassert is wrong.  But I didn't fully think through how
application threads need to synchronize fd usage to be race-free.

Prev by Date: PR/43692 CVS commit: src/distrib
Next by Date: PR/43694 CVS commit: src/tests/kernel
Previous by Thread: PR/43692 CVS commit: src/distrib
Next by Thread: PR/43694 CVS commit: src/tests/kernel
Indexes:

Home | Main Index | Thread Index | Old Index