[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RPC to self with rendez-vous leading to duplicate port destroy
|
From: |
Samuel Thibault |
|
Subject: |
RPC to self with rendez-vous leading to duplicate port destroy |
|
Date: |
Mon, 14 Mar 2011 01:44:20 +0100 |
|
User-agent: |
Mutt/1.5.12-2006-07-14 |
Hello,
I've investigated a duplicate port destroy in ext2fs, what apparently
happens is this:
- diskfs_S_dir_lookup is called, which for some reason ends up calling
- fshelp_fetch_root(), which calls
- reauth(), which calls
- mach_reply_port() to get a rendez-vous port, and then issues
- io_reauthenticate() with that port on ext2fs itself (since it's the
root of the system), thus triggering a call to:
- diskfs_S_io_reauthenticate() in another thread. There, the
rendez-vous port is thus the same as the reply port obtained above,
with the *same name*.
- reauth() destroys the rendez-vous port (and thus the name!)
- a bit later, diskfs_S_io_reauthenticate has finished its work,
and deallocates its rendez-vous port. But the name doesn't exist any
more. Bad.
How are we supposed to deal with such case?
Samuel
- RPC to self with rendez-vous leading to duplicate port destroy,
Samuel Thibault <=