This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Thu, Jun 16, 2005 at 09:01:23AM +0200, Hans H?bner wrote:
> On Wed, 15 Jun 2005, Will Lentz wrote:
>
> >I may have found a potential bug in
> >packages/net/bsd_tcpip/current/src/sys/kern/uipc_socket.c (or I may be
> >completely wrong :-).
> >
> >At the end of sodealloc(), the following code exists:
> > zfreei(so->so_zone, so);
> > wakeup(so->so_zone);
> >The problem is that zfreei() changes so->so_zone. Shouldn't wakeup() be
> >done on the original so->so_zone? I only noticed this problem by:
> >1- while(1) {
> > sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );
> > connect( sock, ... );
> > close( sock );
> > }
> > Eventually this pauses in socket() (in cyg_tsleep()) when you run out
> >of eCos sockets.
> >
> >2- After 2*MSL or so, cyg_wakeup() gets called with chan == 0x0. Why?
> >The zfreei() call in sodealloc() changes so->so_zone to 0 before the
> >wakeup() call.
This is not quite correct. zfreei() does not change so->so_zone. What
it does is return the memory for the so structure to the pool. The
wakeup then uses the memory which has just been returned to the
pool. There is a race condition. Once back into the pool the memory
could be allocated to another thread before the call to wakeup is
made.
Attached is a patch to fix this.
Andrew
Attachment:
sodealloc.diff
Description: Text document
-- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |