Project

General

Profile

Bug #9951

hook_stack_notify_unregister can leave stack locked

Added by Jason King about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason King
Category:
kernel
Start date:
2018-11-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Upstream of Joyent OS-7318.

In hook_stack_notify_unregister, we have the following code:

        hks = hook_stack_get(stackid);
        if (hks != NULL) {
                CVW_ENTER_WRITE(&hks->hks_lock);
                canrun = (hook_wait_setflag(&hks->hks_waiter, FWF_ADD_WAIT_MASK,
                    FWF_ADD_WANTED, FWF_ADD_ACTIVE) != -1);

                error = hook_notify_unregister(&hks->hks_nhead, callback, &arg);
                CVW_EXIT_WRITE(&hks->hks_lock);
        } else {
                error = ESRCH;
        }
        mutex_exit(&hook_stack_lock);

        if (error == 0) {
                if (canrun) {
                        /*
                         * Generate fake unregister event for callback that
                         * is being removed, letting it know everything that
                         * currently exists is now "disappearing." 
                         */
                        (void) snprintf(buffer, sizeof (buffer), "%u",
                            hks->hks_netstackid);

                        SLIST_FOREACH(hfi, &hks->hks_familylist, hfi_entry) {
                                callback(HN_UNREGISTER, arg, buffer, NULL,
                                    hfi->hfi_family.hf_name);
                        }

                        hook_wait_unsetflag(&hks->hks_waiter, FWF_ADD_ACTIVE);
                }

If the hook_notify_unregister call fails, hook_wait_unsetflag will never get cleared, leaving the hook stack locked.
Also, as this is deleting data, the flags should be FWF_DEL_{WAIT_MASK,WANTED,ACTIVE}

#1

Updated by Jason King about 2 years ago

  • Status changed from New to Pending RTI
#2

Updated by Electric Monk about 2 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 68c34d0407d130a7e8cb7dfb5394a985db03d785

commit  68c34d0407d130a7e8cb7dfb5394a985db03d785
Author: Jason King <jason.king@joyent.com>
Date:   2018-11-06T19:03:56.000Z

    9951 hook_stack_notify_unregister can leave stack locked
    Reviewed by: Andy Fiddaman <omnios@citrus-it.net>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF