summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorVitaliy Makkoveev <mvs@cvs.openbsd.org>2021-11-06 17:35:15 +0000
committerVitaliy Makkoveev <mvs@cvs.openbsd.org>2021-11-06 17:35:15 +0000
commit33dbca2b7f09b459e0f5589684dac82bc9862900 (patch)
treee424aa76ee9974bc756881a9011a87165e729344 /lib/libcrypto
parent4ea7def068b4955120b30eb471006aa149c54f4c (diff)
Make `unp_msgcount' and `unp_file' atomic. Introduce `unp_rights_mtx'
mutex(9) to protect `unp_rights'. This removes global rwlock(9) from unp_internalize() and unp_externalize() normal paths and leaves it in the unp_externalize() error path only. Also we don't need to simultaneously hold fdplock() and `unp_lock' within unp_internalize(). The `unp_rights' can't be atomic. Otherwise the thread which exceeding the limit will break all other not-exceeding threads until it decrements `unp_rights'. That why the mutex(9) used for protection. It's safe to call fptounp() without `unp_lock' held. We always got this file descriptor by fd_getfile(9) so we always have the extra reference and this descriptor can't be closed by concurrent thread. Some sockets could be destroyed through 'PRU_ABORT' path but they don't have associated file descriptor and they are not accessible in the unp_internalize() path. The `unp_file' access without `unp_lock' held is also safe. Each socket could have the only associated file descriptor and each file descriptor could have the only associated socket. We only assign `unp_file' in the unp_internalize() path where we got the socket by fd_getfile(9). This descriptor has the extra reference and couldn't be closed concurrently. We could override `unp_file' but with the same address because the associated file descriptor can't be changed so the address will be also the same. While unp_gc() concurrently runs the dereference of non-NULL `unp_file' is always safe. Discussed with kettenis@ and mpi@. ok mpi@
Diffstat (limited to 'lib/libcrypto')
0 files changed, 0 insertions, 0 deletions