diff options
author | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2021-11-06 17:35:15 +0000 |
---|---|---|
committer | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2021-11-06 17:35:15 +0000 |
commit | 33dbca2b7f09b459e0f5589684dac82bc9862900 (patch) | |
tree | e424aa76ee9974bc756881a9011a87165e729344 /lib/libcrypto | |
parent | 4ea7def068b4955120b30eb471006aa149c54f4c (diff) |
Make `unp_msgcount' and `unp_file' atomic. Introduce `unp_rights_mtx'
mutex(9) to protect `unp_rights'.
This removes global rwlock(9) from unp_internalize() and unp_externalize()
normal paths and leaves it in the unp_externalize() error path only. Also
we don't need to simultaneously hold fdplock() and `unp_lock' within
unp_internalize().
The `unp_rights' can't be atomic. Otherwise the thread which exceeding the
limit will break all other not-exceeding threads until it decrements
`unp_rights'. That why the mutex(9) used for protection.
It's safe to call fptounp() without `unp_lock' held. We always got this
file descriptor by fd_getfile(9) so we always have the extra reference
and this descriptor can't be closed by concurrent thread. Some sockets
could be destroyed through 'PRU_ABORT' path but they don't have
associated file descriptor and they are not accessible in the
unp_internalize() path.
The `unp_file' access without `unp_lock' held is also safe. Each socket
could have the only associated file descriptor and each file descriptor
could have the only associated socket. We only assign `unp_file' in the
unp_internalize() path where we got the socket by fd_getfile(9). This
descriptor has the extra reference and couldn't be closed concurrently.
We could override `unp_file' but with the same address because the
associated file descriptor can't be changed so the address will be also
the same. While unp_gc() concurrently runs the dereference of
non-NULL `unp_file' is always safe.
Discussed with kettenis@ and mpi@.
ok mpi@
Diffstat (limited to 'lib/libcrypto')
0 files changed, 0 insertions, 0 deletions