Re: Fix use of WITNESS_UNLOCK() in rw_exit_{read,write}()

2020-03-02 Thread Mateusz Guzik
Oops, sorry for the mixup below. I got the e-mail bounced from someone and it used their 'From' instead of the original. Regardless, technical contend stands. :) On 3/2/20, Mateusz Guzik wrote: > On 2/29/20, Visa Hankala wrote: >> There is a bug in how rw_exit_read() and rw_exit_write() use >>

Re: Fix use of WITNESS_UNLOCK() in rw_exit_{read,write}()

2020-03-02 Thread Mateusz Guzik
On 2/29/20, Visa Hankala wrote: > There is a bug in how rw_exit_read() and rw_exit_write() use > WITNESS_UNLOCK(). The fast paths call WITNESS_UNLOCK() after releasing > the actual lock. This leads to a use-after-free in the checker if the > lock is dynamically allocated and another thread

Fix use of WITNESS_UNLOCK() in rw_exit_{read,write}()

2020-02-29 Thread Visa Hankala
There is a bug in how rw_exit_read() and rw_exit_write() use WITNESS_UNLOCK(). The fast paths call WITNESS_UNLOCK() after releasing the actual lock. This leads to a use-after-free in the checker if the lock is dynamically allocated and another thread happens to free it too early. The following