| |
|
 |
|
 |
|
|
|
| |
|
|
xen-bugs
[Xen-bugs] [Bug 1496] New: a suspected race bug at common/gdbstub.c rela
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1496
Summary: a suspected race bug at common/gdbstub.c related to
atomic instructions
Product: Xen
Version: unstable
Platform: All
OS/Version: Windows
Status: NEW
Severity: normal
Priority: P3
Component: Unspecified
AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
ReportedBy: hongshin@xxxxxxxxx
Hi. I am reporting a suspected race bug at __trap_to_gdb()
in xen/common/gdbstub.c of Xen 3.4.1.
I found this bug while I read Xen code. Since I do not have
much background on Xen, it might not be a real bug. But
I hope that this report would be helpful.
Please examine the code and let me know your opinion.
It seems that the function checks whether gdb_ctx->running is 1 or not
by atomic_dec_and_test(&gdb_ctx->running).
If the return value is negative (a.k.a gdb_ctx->running > 1),
it restores the value and then return with error.
However, if there is two threads which execute __trap_to_gdb() concurrently
and if gdb_ctx->running == 2, the following scenario would be possible.
thread 1 | thread 2
--------------------------------------------+------------------------------
if (!atomic_dec_and_test(&gdb_ctx->running))|
|if
(!atomic_dec_and_test(&gdb_ctx->running))
printk("WARNING... |
atomic_inc(&gdb_ctx->running) ; |
return -EBUSY;
| /* gdb_ctx->running is 1 */
--
Configure bugmail:
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-bugs] [Bug 1496] New: a suspected race bug at common/gdbstub.c related to atomic instructions,
bugzilla-daemon <=
|
|
|
| |
|
Home