Module Name: src
Committed By: maxv
Date: Sun Apr 7 08:37:38 UTC 2019
Modified Files:
src/sys/kern: subr_pool.c
Log Message:
Fix tiny race in pool+KASAN, that resulted in occasional false positives.
We were uselessly marking already valid areas as valid. When doing that,
our KASAN code emits two calls to kasan_markmem, and there is a very small
window where the area becomes invalid. So, if the area happens to be
already globally referenced, and if another thread happens to read the
buffer via this reference, we get a false positive.
This happens only with pool_caches that have a pc_ctor that creates a
global reference to the buffer, and there is one single pool_cache that
does that: 'file_cache'.
So now, two changes:
- In pool_cache_get_slow(), the pool_get() has already redzoned the
object, so no need to call pool_redzone_fill().
- In pool_cache_destruct_object1(), don't re-mark the object. If there is
no ctor pool_put is fine with already-invalid objects, if there is a
ctor the object was not marked as invalid in the first place; so in
either case, the re-marking is not needed.
Fixes PR/53674. Although very rare and difficult to reproduce, a local
quarantine patch of mine made the false positives recurrent.
To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 src/sys/kern/subr_pool.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
