Race condition in uvwasi_fd_close() #88
Comments
cjihrig
added a commit
that referenced
this issue
Jan 22, 2020
uvwasi_fd_close() performed the following operations: - lock the file descriptor mutex - close the file - release the file descriptor mutex - call the file table's remove() function Once the fd's mutex is released, another thread could acquire it before the fd is removed from the file table. If this happens, remove() could destroy a held mutex. This commit updates uvwasi_fd_close() to perform the entire sequence while holding the file table's lock, preventing new acquisitions of the fd's mutex. Fixes: #88
cjihrig
added a commit
that referenced
this issue
Jan 22, 2020
uvwasi_fd_close() performed the following operations: - lock the file descriptor mutex - close the file - release the file descriptor mutex - call the file table's remove() function Once the fd's mutex is released, another thread could acquire it before the fd is removed from the file table. If this happens, remove() could destroy a held mutex. This commit updates uvwasi_fd_close() to perform the entire sequence while holding the file table's lock, preventing new acquisitions of the fd's mutex. Fixes: #88
cjihrig
added a commit
that referenced
this issue
Jan 22, 2020
uvwasi_fd_close() performed the following operations: - lock the file descriptor mutex - close the file - release the file descriptor mutex - call the file table's remove() function Once the fd's mutex is released, another thread could acquire it before the fd is removed from the file table. If this happens, remove() could destroy a held mutex. This commit updates uvwasi_fd_close() to perform the entire sequence while holding the file table's lock, preventing new acquisitions of the fd's mutex. Fixes: #88
cjihrig
added a commit
to cjihrig/node
that referenced
this issue
Jan 23, 2020
Original commit message:
prevent race conditions with uvwasi_fd_close()
uvwasi_fd_close() performed the following operations:
- lock the file descriptor mutex
- close the file
- release the file descriptor mutex
- call the file table's remove() function
Once the fd's mutex is released, another thread could
acquire it before the fd is removed from the file
table. If this happens, remove() could destroy a held
mutex.
This commit updates uvwasi_fd_close() to perform the
entire sequence while holding the file table's lock,
preventing new acquisitions of the fd's mutex.
Fixes: nodejs/uvwasi#88
Trott
pushed a commit
to Trott/io.js
that referenced
this issue
Jan 23, 2020
Original commit message:
prevent race conditions with uvwasi_fd_close()
uvwasi_fd_close() performed the following operations:
- lock the file descriptor mutex
- close the file
- release the file descriptor mutex
- call the file table's remove() function
Once the fd's mutex is released, another thread could
acquire it before the fd is removed from the file
table. If this happens, remove() could destroy a held
mutex.
This commit updates uvwasi_fd_close() to perform the
entire sequence while holding the file table's lock,
preventing new acquisitions of the fd's mutex.
Fixes: nodejs/uvwasi#88
PR-URL: nodejs#31432
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
codebytere
pushed a commit
to nodejs/node
that referenced
this issue
Feb 17, 2020
Original commit message:
prevent race conditions with uvwasi_fd_close()
uvwasi_fd_close() performed the following operations:
- lock the file descriptor mutex
- close the file
- release the file descriptor mutex
- call the file table's remove() function
Once the fd's mutex is released, another thread could
acquire it before the fd is removed from the file
table. If this happens, remove() could destroy a held
mutex.
This commit updates uvwasi_fd_close() to perform the
entire sequence while holding the file table's lock,
preventing new acquisitions of the fd's mutex.
Fixes: nodejs/uvwasi#88
PR-URL: #31432
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
codebytere
pushed a commit
to nodejs/node
that referenced
this issue
Mar 15, 2020
Original commit message:
prevent race conditions with uvwasi_fd_close()
uvwasi_fd_close() performed the following operations:
- lock the file descriptor mutex
- close the file
- release the file descriptor mutex
- call the file table's remove() function
Once the fd's mutex is released, another thread could
acquire it before the fd is removed from the file
table. If this happens, remove() could destroy a held
mutex.
This commit updates uvwasi_fd_close() to perform the
entire sequence while holding the file table's lock,
preventing new acquisitions of the fd's mutex.
Fixes: nodejs/uvwasi#88
PR-URL: #31432
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
codebytere
pushed a commit
to nodejs/node
that referenced
this issue
Mar 17, 2020
Original commit message:
prevent race conditions with uvwasi_fd_close()
uvwasi_fd_close() performed the following operations:
- lock the file descriptor mutex
- close the file
- release the file descriptor mutex
- call the file table's remove() function
Once the fd's mutex is released, another thread could
acquire it before the fd is removed from the file
table. If this happens, remove() could destroy a held
mutex.
This commit updates uvwasi_fd_close() to perform the
entire sequence while holding the file table's lock,
preventing new acquisitions of the fd's mutex.
Fixes: nodejs/uvwasi#88
PR-URL: #31432
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
uvwasi_fd_close()locks the fd mutex, closes the file, releases the mutex, then callsuvwasi_fd_table_remove()to free the fd table entry and destroy the entry's mutex.Another thread could acquire the mutex once it is unlocked, and
uvwasi_fd_table_remove()would destroy it.The text was updated successfully, but these errors were encountered: