From e1d9391c7276abe132b77530f6d0b3199517ca9a Mon Sep 17 00:00:00 2001 From: cheloha Date: Sat, 9 Sep 2023 03:03:45 +0000 Subject: [PATCH] clockintr_dispatch: copy cl_func to cq_shadow.cl_func before calling it When we add support for disestablishing clockintrs in the near future, the current call to cl->cl_func will be in a race with free(9) on another CPU. Copying cl_func to cq_shadow.cl_func before leaving the mutex and then calling the copy eliminates the race. Correcting the race has a negligible performance impact and simplifies the forthcoming clockintr_disestablish() patch. Requested by dlg@ back in March. --- sys/kern/kern_clockintr.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_clockintr.c b/sys/kern/kern_clockintr.c index d22ad2b9055..b91c7b6a483 100644 --- a/sys/kern/kern_clockintr.c +++ b/sys/kern/kern_clockintr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_clockintr.c,v 1.40 2023/09/08 22:23:30 cheloha Exp $ */ +/* $OpenBSD: kern_clockintr.c,v 1.41 2023/09/09 03:03:45 cheloha Exp $ */ /* * Copyright (c) 2003 Dale Rahn * Copyright (c) 2020 Mark Kettenis @@ -258,10 +258,11 @@ clockintr_dispatch(void *frame) } clockqueue_pend_delete(cq, cl); cq->cq_shadow.cl_expiration = cl->cl_expiration; + cq->cq_shadow.cl_func = cl->cl_func; cq->cq_running = cl; mtx_leave(&cq->cq_mtx); - cl->cl_func(&cq->cq_shadow, frame); + cq->cq_shadow.cl_func(&cq->cq_shadow, frame); mtx_enter(&cq->cq_mtx); cq->cq_running = NULL; -- 2.20.1