This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Thu, Jun 16, 2005 at 09:01:23AM +0200, Hans H?bner wrote: > On Wed, 15 Jun 2005, Will Lentz wrote: > > >I may have found a potential bug in > >packages/net/bsd_tcpip/current/src/sys/kern/uipc_socket.c (or I may be > >completely wrong :-). > > > >At the end of sodealloc(), the following code exists: > > zfreei(so->so_zone, so); > > wakeup(so->so_zone); > >The problem is that zfreei() changes so->so_zone. Shouldn't wakeup() be > >done on the original so->so_zone? I only noticed this problem by: > >1- while(1) { > > sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ); > > connect( sock, ... ); > > close( sock ); > > } > > Eventually this pauses in socket() (in cyg_tsleep()) when you run out > >of eCos sockets. > > > >2- After 2*MSL or so, cyg_wakeup() gets called with chan == 0x0. Why? > >The zfreei() call in sodealloc() changes so->so_zone to 0 before the > >wakeup() call. This is not quite correct. zfreei() does not change so->so_zone. What it does is return the memory for the so structure to the pool. The wakeup then uses the memory which has just been returned to the pool. There is a race condition. Once back into the pool the memory could be allocated to another thread before the call to wakeup is made. Attached is a patch to fix this. Andrew
Attachment:
sodealloc.diff
Description: Text document
-- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |