Changeset 07d4271 in mainline for kernel/generic/include/proc/task.h

Timestamp:

2024-01-25T16:22:55Z (16 months ago)

Author:

Jiří Zárevúcky <zarevucky.jiri@…>

Branches:

master

Children:

f8b69a1e

Parents:

1a1e124

git-author:

Jiří Zárevúcky <zarevucky.jiri@…> (2024-01-25 15:56:31)

git-committer:

Jiří Zárevúcky <zarevucky.jiri@…> (2024-01-25 16:22:55)

Message:

Fix some unsound task reference manipulation and locking

In some operations that take task ID as an argument,
there's a possibility of the task being destroyed mid-operation
and a subsequent use-after-free situation.
As a general solution, task_find_by_id() is reimplemented to
check for this situation and always return a valid strong reference.
The callers then only need to handle the reference itself, and
don't need to concern themselves with tasks_lock.

File:

• kernel/generic/include/proc/task.h (modified) (2 diffs)

kernel/generic/include/proc/task.h

@@ -88 +88 @@
 
         /** Number of references (i.e. threads). */
-        atomic_size_t refcount;
+        atomic_refcount_t refcount;
         /** Number of threads that haven't exited yet. */
         // TODO: remove
@@ -144 +144 @@
 extern void task_done(void);
 extern task_t *task_create(as_t *, const char *);
-extern void task_destroy(task_t *);
 extern void task_hold(task_t *);
 extern void task_release(task_t *);