-
Notifications
You must be signed in to change notification settings - Fork 35
Fix race between critnib_release() and free_leaf() in critnib #1362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix race between critnib_release() and free_leaf() in critnib #1362
Conversation
83ace89
to
8558628
Compare
2da9574
to
bd5621a
Compare
3aac31d
to
4254ffb
Compare
PR is ready for review. |
4254ffb
to
1ac3d97
Compare
1ac3d97
to
188aa5c
Compare
@bratpiorka Done |
@lplewa please review |
src/critnib/critnib.c
Outdated
utils_atomic_store_release_u8(&k->pending_deleted_leaf, 0); | ||
add_to_deleted_leaf_list(c, k); | ||
do { | ||
utils_atomic_load_acquire_u64(&k->ref_count, &ref_count); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this load here? Compare and do load of refcount anyway
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. Moved before the do while ()
.
Done.
Fix race between critnib_release() and free_leaf() in critnib: critnib_release() decremented ref_count to 0 and (before it called c->cb_free_leaf(k->to_be_freed)) free_leaf() added this leaf to the c->deleted_leaf list and alloc_leaf() reused it and zeroed k->to_be_freed before it could be freed in critnib_release(). This patch fixes this issue. Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
188aa5c
to
02cc039
Compare
Description
Fix race between critnib_release() and free_leaf() in critnib:
critnib_release() decremented ref_count to 0 and (before it called c->cb_free_leaf(k->to_be_freed))
free_leaf() added this leaf to the c->deleted_leaf list and alloc_leaf() reused it
and zeroed k->to_be_freed before it could be freed in critnib_release().
This patch fixes this issue.
Checklist