215686 – (Possibly theoretical) race condition in kern.devstat.all sysctl

Bug 215686 - (Possibly theoretical) race condition in kern.devstat.all sysctl

Summary: (Possibly theoretical) race condition in kern.devstat.all sysctl

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-31 16:09 UTC by Shea Levy
Modified:	2016-12-31 16:09 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shea Levy 2016-12-31 16:09:22 UTC

The code path which copies out devstat nodes to the sysctl req does not use the necessary barriers to make the 'sequence0' and 'sequence1' fields meaningful. For any given device, it's possible that matching sequence numbers would be exported to userspace while the rest of the structure is otherwise inconsistent.

From my reading of devstat_start_transaction and devstat_end_transaction, we want to ensure that none of the field reads are reordered to be before the read of sequence0 and none are reordered to be after the read of sequence1, thus ensuring that if the sequence numbers match, the data in the structure is a consistent snapshot of some point in time.