Search

Home

Sort by

Full Search
Definition
Symbol
File Path
History
Type

In Project(s)

Searched hist:18334 (Results 1 - 1 of 1) sorted by relevance

/haiku/src/libs/compat/freebsd_network/
H A D	callout.cpp	diff f863f473 Fri Mar 31 21:56:24 MDT 2023 Augustin Cavalier <waddlesplash@gmail.com> freebsd_network: Check for c_due > 0 in the callout invocation. Here is the scenario in which this matters: 1. A callout comes due, it is removed from the list, and c_due is set to 0. We then wind up in the mtx_lock here inside invoke_callout; while some other thread holds the lock. 2. The other thread, holding the lock, decides to reschedule the callout for a later time than the present. callout_reset sees the callout has a c_due of 0, thus indicating it is not in the sTimers list, adds it, and sets a (future) c_due. 3. The other thread unlocks c_mtx, thus the callout thread acquires it and proceeds. Under the code I wrote in hrev56875, before this commit, the following would occur (at least with the ipro1000 driver on some hardware): 4. c_due would be set to -1, thus signaling the callout was no longer scheduled, and thus not in the sTimers list (despite being in it!). The callout's own method would decide to reschedule itself, and invoke callout_reset as such. 5. callout_reset would, seeing c_due of <= 0, try to add the callout to the sTimers list. However it is already in the list, and in many circumstances the only item in the list, so it would get silently linked to itself. 6. An infinite loop due to the looped linked-list and/or double-remove resulting in NULL dereferences would result. Steps 1-2 coinciding in just the right way was apparently very rare, hence why this problem only appeared very infrequently. The code I wrote to force their coinciding made the problem happen extremely frequently. This fixes #18334. (Figuring out that the problem was an item being linked to itself, and most critically a double-reschedule not a double-removal, took far too long to figure out. I will be refactoring this code more in subsequent commits, but also introducing new assertions to our linked-list systems which enabled me to finally track down this problem at all. Who knows; perhaps they will shake loose other bugs.)

Completed in 32 milliseconds

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97