Problem with linux_kevent_wait_hires ?
5 views
Skip to first unread message
Paul Stevenson
Oct 17, 2012, 2:21:16 PM10/17/12
to libk...@googlegroups.com
I'm running into a crash in libkqueue, where I'm seeing a null knote in linux_kevent_copyout().
It looks to me as though this could happen if we've used linux_kevent_wait_hires() in linux_kevent_wait(). AFAICS, there's nowhere in that path that updates epevt, so after a wait_hires() we'll either see the last event returned by this thread, or else a NULL epevt if this is the first successful wait on this thread. Am I missing something that causes epevt to be properly updated when we use linux_kevent_wait_hires()?
Thanks,
Paul
Mark Heily
Oct 18, 2012, 9:13:15 PM10/18/12
to libk...@googlegroups.com
On Wed, Oct 17, 2012 at 2:21 PM, Paul Stevenson <paul.q.s...@gmail.com> wrote:
I'm running into a crash in libkqueue, where I'm seeing a null knote in linux_kevent_copyout().It looks to me as though this could happen if we've used linux_kevent_wait_hires() in linux_kevent_wait(). AFAICS, there's nowhere in that path that updates epevt, so after a wait_hires() we'll either see the last event returned by this thread, or else a NULL epevt if this is the first successful wait on this thread. Am I missing something that causes epevt to be properly updated when we use linux_kevent_wait_hires()?
What branch or version of libkqueue are you using? The trunk has some problems, hopefully you are not using the trunk :)
Do you have a small testcase that can reliably reproduce the crash?
Thanks,
- Mark
Paul Stevenson
Oct 18, 2012, 9:34:43 PM10/18/12
to libk...@googlegroups.com
On Thu, Oct 18, 2012 at 6:13 PM, Mark Heily <ma...@heily.com> wrote:
>
> What branch or version of libkqueue are you using? The trunk has some
> problems, hopefully you are not using the trunk :)
Yes, it's on the trunk - this functionality doesn't exist in 1.0.6.
>
> What branch or version of libkqueue are you using? The trunk has some
> problems, hopefully you are not using the trunk :)
>
> Do you have a small testcase that can reliably reproduce the crash?
and don't have a good understanding of how libdispatch is using
libkqueue.
I would guess that spawning a fresh thread that creates a kqueue,
triggers an event on it somehow, and then waits on the event with a
timeout of <1ms should trigger the problem.
The call to linux_kevent_wait() will call into
linux_kevent_wait_hires(), which will return that an event is
available, and then linux_kevent_copyout() will access epevt, which
will be created fresh since that's the first access to it from this
new thread, and linux_kevent_copyout() will crash in the call to
knote_lock(), since epevt[0].data.ptr is NULL.
Paul
Mark Heily
Oct 18, 2012, 9:51:39 PM10/18/12
to libk...@googlegroups.com
On Thu, Oct 18, 2012 at 9:34 PM, Paul Stevenson <paul.q.s...@gmail.com> wrote:
On Thu, Oct 18, 2012 at 6:13 PM, Mark Heily <ma...@heily.com> wrote:Yes, it's on the trunk - this functionality doesn't exist in 1.0.6.
>
> What branch or version of libkqueue are you using? The trunk has some
> problems, hopefully you are not using the trunk :)
I'll take a look and see how hard this will be to backport to the stable branch. The trunk is currently broken and should not be used for anything.
Paul Stevenson
Oct 18, 2012, 10:10:01 PM10/18/12
to libk...@googlegroups.com
On Thu, Oct 18, 2012 at 6:51 PM, Mark Heily <ma...@heily.com> wrote:
>
> I'll take a look and see how hard this will be to backport to the stable
> branch. The trunk is currently broken and should not be used for anything.
I don't think anything needs specifically to be backported right now -
>
> I'll take a look and see how hard this will be to backport to the stable
> branch. The trunk is currently broken and should not be used for anything.
it's just looks like a bug that needs to be fixed on the trunk prior
to the next stable release.
Paul
Reply all
Reply to author
Forward
0 new messages