CVS commit: src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/kern
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 16 Apr 2023 11:14:58 +0000

Module Name:    src
Committed By:   riastradh
Date:           Sun Apr 16 11:14:58 UTC 2023

Modified Files:
        src/sys/kern: subr_autoconf.c

Log Message:
autoconf(9): Avoid potential ABA bug in config_makeroom.

When we unlock alldevs_lock to allocate a new cd_devs array nsp,
other threads may have:

1. freed the old one (osp),
2. done some other memory allocation,
3. allocated a new _larger_ array whose address happens to concide
   with osp (e.g., in (2) the page was recycled for a different pool
   cache), and
4. updated cd_devs back to osp but increased cd_ndevs.

In that case, the memory may be corrupted: we try to copy the wrong
number of device_t pointers into nsp and we free osp with the wrong
(stale) length.

Avoid this by checking whether cd_ndevs has changed too -- if not,
osp might have been recycled but at least the lengths we're about to
copy and free are still correct so there's no harm in an ABA
situation.

XXX pullup-8
XXX pullup-9
XXX pullup-10


To generate a diff of this commit:
cvs rdiff -u -r1.307 -r1.308 src/sys/kern/subr_autoconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/kern
Next by Date: CVS commit: src/sys/kern
Previous by Thread: CVS commit: src/sys/kern
Next by Thread: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index