Date: Fri, 10 Oct 2008 17:49:47 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern subr_bus.c Message-ID: <200810101749.m9AHnseu097638@repoman.freebsd.org>
index | next in thread | raw e-mail
imp 2008-10-10 17:49:47 UTC
FreeBSD src repository
Modified files:
sys/kern subr_bus.c
Log:
SVN rev 183750 on 2008-10-10 17:49:47Z by imp
Close, but not eliminate, a race condition. It is one that properly
designed drivers would never hit, but was exposed in diving into
another problem...
When expanding the devclass array, free the old memory after updating
the pointer to the new memory. For the following single race case,
this helps:
allocate new memory
copy to new memory
free old memory
<interrupt> read pointer to freed memory
update pointer to new memory
Now we do
allocate new memory
copy to new memory
update pointer to new memory
free old memory
Which closes this problem, but doesn't even begin to address the
multicpu races, which all should be covered by Giant at the moment,
but likely aren't completely.
Note: reviewers were ok with this fix, but suggested the use case
wasn't one we wanted to encourage.
Reviewed by: jhb, scottl.
Revision Changes Path
1.210 +6 -4 src/sys/kern/subr_bus.c
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810101749.m9AHnseu097638>