mirror of
https://git.openafs.org/openafs.git
synced 2025-01-18 15:00:12 +00:00
9d7b94493c
Currently, the refCount in struct rx_securityClass is not protected by any locks. Thus, if two threads create or destroy a connection using the same rx_securityClass at the same time (or call rxs_Release), the refCount can become inaccurate. If the refCount is undercounted, we can prematurely free it while it's still referenced by other connections or services, leading to segfaults, data corruption, etc. For client connections, this can happen between any threads that create and destroy a connection using the same security class struct. For server connections, only two threads can race in this way: the rx listener thread (which creates connections), and the rx event thread (which destroys idle connections in rxi_ReapConnections). To fix this, ideally we would change the refCount field to be an rx_atomic_t. However, struct rx_securityClass is declared in the public installed rx.h header, which cannot include rx_atomic.h. So instead, change refCount users to go through a few new functions: rxs_Ref(), rxs_DecRef(), and rxs_SetRefs(). These functions interpret the refCount as an rx_atomic_t, and so allows callers to use safe refcounting without needing to call rx_atomic_* functions directly. Rename the existing refCount field to refCount_data, and declare it as a char[8]. This gives us enough space to use it as an rx_atomic_t, but avoids using rx_atomic_t in a public header, and discourages callers from manipulating the refCount directly. Thanks to mvitale@sinenomine.net for helping investigate the relevant issue. Change-Id: I55094218c79e8bc5498a6d2c1daa5620b1fceaff Reviewed-on: https://gerrit.openafs.org/15158 Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> |
||
|---|---|---|
| build-tools | ||
| doc | ||
| src | ||
| tests | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .splintrc | ||
| acinclude.m4 | ||
| CODING | ||
| configure-libafs.ac | ||
| configure.ac | ||
| CONTRIBUTING | ||
| INSTALL | ||
| libafsdep | ||
| LICENSE | ||
| Makefile-libafs.in | ||
| Makefile.in | ||
| NEWS | ||
| NTMakefile | ||
| README | ||
| README-WINDOWS | ||
| regen.sh | ||
AFS is a distributed file system that enables users to share and access all of the files stored in a network of computers as easily as they access the files stored on their local machines. The file system is called distributed for this exact reason: files can reside on many different machines, but are available to users on every machine. OpenAFS 1.0 was originally released by IBM under the terms of the IBM Public License 1.0 (IPL10). For details on IPL10 see the LICENSE file in this directory. The current OpenAFS distribution is licensed under a combination of the IPL10 and many other licenses as granted by the relevant copyright holders. The LICENSE file in this directory contains more details, thought it is not a comprehensive statement. See INSTALL for information about building and installing OpenAFS on various platforms. See CODING for developer information and guidelines. See NEWS for recent changes to OpenAFS.