#2280 assigned defect

Object extend is broken on SMP

Reported by: Sebastian Huber Owned by: Needs Funding
Priority: normal Milestone: Indefinite
Component: score Version: 4.11
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

The object identifier to control mapping is done like this:

the_object = information->local_table[ index ]

The object extension allocates a new local_table and frees the old one. Thus the sequence above may access freed memory under certain cases.

Possible solutions:

  1. Disable interrupts and make sure that the old table stays valid for a long enough time period after the registration of the new table. This timing depends on the particular hardware and may lead to very hard to find bugs.
  1. Use a generation count, e.g. update the generation count during local table updates and make sure the generation count didn't change during local table reads.

Change History (5)

comment:1 Changed on May 20, 2016 at 6:00:48 AM by Sebastian Huber <sebastian.huber@…>

In b80156cf15a9e080e8608a30e3e2795211c03f3e/rtems:

score: Avoid Giant _Objects_Extend_information()

Avoid Giant lock for _Objects_Extend_information().

Update #2280.
Update #2555.

comment:2 Changed on Jan 26, 2017 at 7:16:00 AM by Sebastian Huber

Milestone: 4.11.14.11.2

comment:3 Changed on Feb 15, 2017 at 1:37:51 PM by Sebastian Huber

Milestone: 4.11.2Indefinite
Owner: set to Needs Funding
Status: newassigned

comment:4 Changed on Oct 10, 2017 at 6:27:10 AM by Sebastian Huber

Component: SMPscore

comment:5 Changed on Oct 10, 2017 at 6:29:01 AM by Sebastian Huber

Component: scorecpukit
Note: See TracTickets for help on using tickets.