Bug 215686 - (Possibly theoretical) race condition in kern.devstat.all sysctl
Summary: (Possibly theoretical) race condition in kern.devstat.all sysctl
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-31 16:09 UTC by Shea Levy
Modified: 2016-12-31 16:09 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Shea Levy 2016-12-31 16:09:22 UTC
The code path which copies out devstat nodes to the sysctl req does not use the necessary barriers to make the 'sequence0' and 'sequence1' fields meaningful. For any given device, it's possible that matching sequence numbers would be exported to userspace while the rest of the structure is otherwise inconsistent.

From my reading of devstat_start_transaction and devstat_end_transaction, we want to ensure that none of the field reads are reordered to be before the read of sequence0 and none are reordered to be after the read of sequence1, thus ensuring that if the sequence numbers match, the data in the structure is a consistent snapshot of some point in time.