Mail Archives: cygwin/2004/12/14/12:22:40
On Dec 13 21:54, Conrad W Song wrote:
> There is a race/bug between ?tty_list::allocate_tty()? and
> ?tty_list::terminate()?.? The cuprits appear to be:
>
> 1) ?tty_list::terminate? does not hold the ?tty_mutex? before freeing a tty
> 2) ?tty::init()? does not clear ?master_pid? field as called by
> ?tty_list::terminate()?.
>
> The result is that ?allocate_tty()? can enter quickly reusing the same PID
> as the process which used to own the master tty (for some reason Windows
> decides to recycle PIDs very quickly).? The process thinks that it is
> holding the master tty (even though the _prior_ process was terminated --
> same PID but different process), and ?tty_master? remains NULL.? Upon
> ?tty_list::terminate?, ?tty_master? is then NULL dereferenced.
>
> I have tried fixing 'tty::init()' to zero out the 'master_pid' field, and it
> appears to solve the problem (have not checked it for other bad behavior),
> as does the workaround of using ?CYGWIN=notty?.? However, I do not believe
> that the back-to-back PID reuse is timing sensitive, so I am surprised that
> strace could not pick up the problem. I therefore suspect a flaw in my
> analysis and am still suspicious about the need for 'tty_mutex' locking in
> 'tty_list::terminate'.? I will try to provide a reproducing test case soon.
Thanks for your analysis! I've applied a matching patch.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -