![[RTEMS Logo]](/images/logo.png){kind=logo}
Opened on 03/04/15 at 06:53:45
Last modified on 10/10/17 at 06:29:01
#2280 assigned defect
Object extend is broken on SMP
| Reported by: | Sebastian Huber | Owned by: | Needs Funding |
|---|---|---|---|
| Priority: | normal | Milestone: | Indefinite |
| Component: | score | Version: | 4.11 |
| Severity: | normal | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: |
Description
The object identifier to control mapping is done like this:
the_object = information->local_table[ index ]
The object extension allocates a new local_table and frees the old one. Thus the sequence above may access freed memory under certain cases.
Possible solutions:
- Disable interrupts and make sure that the old table stays valid for a long enough time period after the registration of the new table. This timing depends on the particular hardware and may lead to very hard to find bugs.
- Use a generation count, e.g. update the generation count during local table updates and make sure the generation count didn't change during local table reads.
Change History (5)
comment:1 Changed on 05/20/16 at 06:00:48 by Sebastian Huber <sebastian.huber@…>
comment:2 Changed on 01/26/17 at 07:16:00 by Sebastian Huber
| Milestone: | 4.11.1 → 4.11.2 |
|---|
comment:3 Changed on 02/15/17 at 13:37:51 by Sebastian Huber
| Milestone: | 4.11.2 → Indefinite |
|---|---|
| Owner: | set to Needs Funding |
| Status: | new → assigned |
comment:4 Changed on 10/10/17 at 06:27:10 by Sebastian Huber
| Component: | SMP → score |
|---|
comment:5 Changed on 10/10/17 at 06:29:01 by Sebastian Huber
| Component: | score → cpukit |
|---|
Note: See
TracTickets for help on using
tickets.
In b80156cf15a9e080e8608a30e3e2795211c03f3e/rtems: