Hello hackers... I'm wondering... Jeffrey Hsu was talking about this at BSDCon03. There is no need to lock data when we just made simple read, for example:
mtx_lock(&foo_mtx);
foo = 5;
mtx_unlock(&foo_mtx);
but only:
bar = foo;
IMHO this is quite dangerous.
Let's see:
thread1 thread2
mtx_lock(&foo_mtx);
foo = data_from_user;
bar = foo;
foo &= MASK;
mtx_unlock(&foo_mtx);
In this case we have really dangerous race if data from user are
safe only when we made 'and' operation on them.
OR of course we can just store wrong value in 'bar' and this could
be case of different problems.
So I'm not sure now if I understand everything well. We can't just say
'We never split such writes. We always do: foo = (data_from_user & MASK)',
because author of some 3rd party kernel module will be sure that when
he locks writes to some variable this operation is safe and he could
split such writes and in kernel could be dynamic read without lock.
Does this make any sense?
--
Pawel Jakub Dawidek [EMAIL PROTECTED]
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
pgp00000.pgp
Description: PGP signature
