|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-bugs] [Bug 1496] New: a suspected race bug at common/gdbstub.c related to atomic instructions
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1496 Summary: a suspected race bug at common/gdbstub.c related to atomic instructions Product: Xen Version: unstable Platform: All OS/Version: Windows Status: NEW Severity: normal Priority: P3 Component: Unspecified AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx ReportedBy: hongshin@xxxxxxxxx Hi. I am reporting a suspected race bug at __trap_to_gdb() in xen/common/gdbstub.c of Xen 3.4.1. I found this bug while I read Xen code. Since I do not have much background on Xen, it might not be a real bug. But I hope that this report would be helpful. Please examine the code and let me know your opinion. It seems that the function checks whether gdb_ctx->running is 1 or not by atomic_dec_and_test(&gdb_ctx->running). If the return value is negative (a.k.a gdb_ctx->running > 1), it restores the value and then return with error. However, if there is two threads which execute __trap_to_gdb() concurrently and if gdb_ctx->running == 2, the following scenario would be possible. thread 1 | thread 2 --------------------------------------------+------------------------------ if (!atomic_dec_and_test(&gdb_ctx->running))| |if (!atomic_dec_and_test(&gdb_ctx->running)) printk("WARNING... | atomic_inc(&gdb_ctx->running) ; | return -EBUSY; | /* gdb_ctx->running is 1 */ -- Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. _______________________________________________ Xen-bugs mailing list Xen-bugs@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-bugs
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |