----- Original Message ----- > From: "Keir Fraser" <[email protected]> > To: "Mathieu Desnoyers" <[email protected]> > Cc: [email protected], "Paul E. McKenney" <[email protected]> > Sent: Sunday, April 20, 2014 1:35:46 AM > Subject: Re: [PATCH liburcu] Fix lifetime of rcu_barrier()'s completion > structure > > > > Mathieu Desnoyers wrote: > > ----- Original Message ----- > >> From: "Keir Fraser"<[email protected]> > >> To: [email protected] > >> Cc: "Mathieu Desnoyers"<[email protected]>, "Paul E. > >> McKenney"<[email protected]> > >> Sent: Friday, April 18, 2014 4:12:49 PM > >> Subject: [PATCH liburcu] Fix lifetime of rcu_barrier()'s completion > >> structure > >> > >> [Another attachment, I must sort out to integrate with git send-mail] > >> > >> rcu_barrier() can return as soon as completion.barrier_count==0, which > >> frees the completion struct along with the rest of its stack frame. But > >> its call_rcu callbacks may yet try to read and write completion.futex > >> via the wake_up function. > >> > >> Fix this by calloc()ing the completion struct and implementing a > >> reference count to determine when it is eventually free()d. > >> > >> This also fixes bug #787, since calloc() initialises all fields of the > >> structure to zero. > > > > I slightly edited your patch to use urcu_ref() and uatomic_sub_return() > > (simple style fix). Please let me know if you are OK with the attached > > patch. > > Yes that's better, in particular I don't know how I missed the existence > of uatomic_sub_return(). Very happy with that, thanks.
No worries. As far as I am concerned, I'm still wondering how I missed the uninitialized variable and use-after-free in rcu_barrier(). ;-) It's now merged into master and stable-0.8. I opened the following bug tracker entry to track this issue: https://bugs.lttng.org/issues/788 Thanks, Mathieu > > -- Keir > > > Thanks! > > > > Mathieu > > > -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
