Date: Sun, 27 Mar 2011 23:08:04 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Mikolaj Golub <trociny@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r220062 - head/sys/geom/gate Message-ID: <20110327200804.GM78089@deviant.kiev.zoral.com.ua> In-Reply-To: <201103271956.p2RJutha067490@svn.freebsd.org> References: <201103271956.p2RJutha067490@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Jps4F43PgwelbvkV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 27, 2011 at 07:56:55PM +0000, Mikolaj Golub wrote: > Author: trociny > Date: Sun Mar 27 19:56:55 2011 > New Revision: 220062 > URL: http://svn.freebsd.org/changeset/base/220062 >=20 > Log: > In g_gate_create() there is a window between when g_gate_softc is > registered in g_gate_units array and when its sc_provider field is > filled. If during this period g_gate_units is accessed by another > thread that is checking for provider name collision the crash is > possible. > =20 > Fix this by adding sc_name field to struct g_gate_softc. In > g_gate_create() when g_gate_softc is created but sc_provider is still > not sc_name points to provider name stored in the local array. > =20 > Approved by: pjd (mentor) > Reported by: Freddie Cash <fjwcash@gmail.com> > MFC after: 1 week >=20 > Modified: > head/sys/geom/gate/g_gate.c > head/sys/geom/gate/g_gate.h >=20 > Modified: head/sys/geom/gate/g_gate.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/geom/gate/g_gate.c Sun Mar 27 19:29:18 2011 (r220061) > +++ head/sys/geom/gate/g_gate.c Sun Mar 27 19:56:55 2011 (r220062) > @@ -409,13 +409,14 @@ g_gate_create(struct g_gate_ctl_create * > for (unit =3D 0; unit < g_gate_maxunits; unit++) { > if (g_gate_units[unit] =3D=3D NULL) > continue; > - if (strcmp(name, g_gate_units[unit]->sc_provider->name) !=3D 0) > + if (strcmp(name, g_gate_units[unit]->sc_name) !=3D 0) > continue; > mtx_unlock(&g_gate_units_lock); > mtx_destroy(&sc->sc_queue_mtx); > free(sc, M_GATE); > return (EEXIST); > } > + sc->sc_name =3D name; > g_gate_units[sc->sc_unit] =3D sc; > g_gate_nunits++; > mtx_unlock(&g_gate_units_lock); > @@ -434,6 +435,9 @@ g_gate_create(struct g_gate_ctl_create * > sc->sc_provider =3D pp; > g_error_provider(pp, 0); > g_topology_unlock(); > + mtx_lock(&g_gate_units_lock); > + sc->sc_name =3D sc->sc_provider->name; > + mtx_unlock(&g_gate_units_lock); I think you do not need a mutex locked around the single assignment. As I understand, sc_provider->name is constant ? --Jps4F43PgwelbvkV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk2PmSMACgkQC3+MBN1Mb4h/QgCgj0A2+WWl8o01tgozAZqHh7Rn wnIAn0FB2V8Netfa/TelAUxmZ7UhjBHl =K3f0 -----END PGP SIGNATURE----- --Jps4F43PgwelbvkV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110327200804.GM78089>