[lttng-dev] [PATCH liburcu] Fix lifetime of rcu_barrier()'s completion structure
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Sun Apr 20 12:26:04 EDT 2014
----- Original Message -----
> From: "Keir Fraser" <keir at cohodata.com>
> To: "Mathieu Desnoyers" <mathieu.desnoyers at efficios.com>
> Cc: lttng-dev at lists.lttng.org, "Paul E. McKenney" <paulmck at linux.vnet.ibm.com>
> Sent: Sunday, April 20, 2014 1:35:46 AM
> Subject: Re: [PATCH liburcu] Fix lifetime of rcu_barrier()'s completion structure
>
>
>
> Mathieu Desnoyers wrote:
> > ----- Original Message -----
> >> From: "Keir Fraser"<keir at cohodata.com>
> >> To: lttng-dev at lists.lttng.org
> >> Cc: "Mathieu Desnoyers"<mathieu.desnoyers at efficios.com>, "Paul E.
> >> McKenney"<paulmck at linux.vnet.ibm.com>
> >> Sent: Friday, April 18, 2014 4:12:49 PM
> >> Subject: [PATCH liburcu] Fix lifetime of rcu_barrier()'s completion
> >> structure
> >>
> >> [Another attachment, I must sort out to integrate with git send-mail]
> >>
> >> rcu_barrier() can return as soon as completion.barrier_count==0, which
> >> frees the completion struct along with the rest of its stack frame. But
> >> its call_rcu callbacks may yet try to read and write completion.futex
> >> via the wake_up function.
> >>
> >> Fix this by calloc()ing the completion struct and implementing a
> >> reference count to determine when it is eventually free()d.
> >>
> >> This also fixes bug #787, since calloc() initialises all fields of the
> >> structure to zero.
> >
> > I slightly edited your patch to use urcu_ref() and uatomic_sub_return()
> > (simple style fix). Please let me know if you are OK with the attached
> > patch.
>
> Yes that's better, in particular I don't know how I missed the existence
> of uatomic_sub_return(). Very happy with that, thanks.
No worries. As far as I am concerned, I'm still wondering how I missed the
uninitialized variable and use-after-free in rcu_barrier(). ;-)
It's now merged into master and stable-0.8.
I opened the following bug tracker entry to track this issue:
https://bugs.lttng.org/issues/788
Thanks,
Mathieu
>
> -- Keir
>
> > Thanks!
> >
> > Mathieu
> >
>
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list