race condition in knote deletion?
Nicolas Thery
nthery at gmail.com
Tue Feb 1 16:03:54 PST 2011
Hello,
knote_detach_and_drop() can sleep while getting the mp lock after
setting the KN_DELETING flag thus
releasing temporarily the kqueue token.
static void
knote_detach_and_drop(struct knote *kn)
{
kn->kn_status |= KN_DELETING | KN_REPROCESS;
if (kn->kn_fop->f_flags & FILTEROP_MPSAFE) {
kn->kn_fop->f_detach(kn);
} else {
get_mplock();
kn->kn_fop->f_detach(kn);
rel_mplock();
}
knote_drop(kn);
}
So wouldn't another cpu running knote_release() while the 1st one
sleeps call knote_detach_and_drop() too
causing a crash when the 1st cpu resumes?
static __inline
int
knote_release(struct knote *kn)
{
while (kn->kn_status & KN_REPROCESS) {
kn->kn_status &= ~KN_REPROCESS;
if (kn->kn_status & KN_WAITING) {
kn->kn_status &= ~KN_WAITING;
wakeup(kn);
}
if (kn->kn_status & KN_DELETING) {
knote_detach_and_drop(kn);
return(1);
/* NOT REACHED */
}
if (filter_event(kn, 0))
KNOTE_ACTIVATE(kn);
}
kn->kn_status &= ~KN_PROCESSING;
return(0);
}
Cheers
Nicolas
More information about the Kernel
mailing list