git: poll/select: Fix panic in kqueue backend

Mon Mar 27 19:18:54 PDT 2023

commit e6bc4d0d50b6415dab7ca6c4726c6b0b236b1fca
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Mon Mar 27 19:11:05 2023 -0700

    poll/select: Fix panic in kqueue backend
    
    * The poll and select system calls use kqueue as a backend and
      attempt to cache active events from prior calls to improve
      performance.
    
      However, this makes a potential race more likely where in a
      high-concurrency application one thread close()es a descriptor
      that another thread had previously used in a poll/select operation
      and this close() races the later poll/select operation that is
      attempting to remove the kevent.
    
    * The race can sometimes prevent the poll/select kevent copyout
      code from removing previously cached but no-longer-used
      events, because the removal references the events by their
      descriptor rather than directly and the descriptor is no longer
      valid.
    
      This causes kern_kevent() to loop infinite and hit a panic
      designed to check for that situation.
    
    * Fix the problem by moving the removal of old events from the
      poll/select copyout code into kqueue_scan().  kqueue_scan()
      can detect old unused events using the sequence id that the
      poll/select kernel code stores in the kevent.

Summary of changes:
 sys/kern/kern_event.c  | 58 +++++++++++++++++++++++++++++++++-----------------
 sys/kern/sys_generic.c | 11 +++++++---
 sys/sys/event.h        | 10 +++++----
 3 files changed, 52 insertions(+), 27 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e6bc4d0d50b6415dab7ca6c4726c6b0b236b1fca


-- 
DragonFly BSD source repository