ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Inactive incorrectly incremented

Browse Source 
It is possible to have two threads destroying an rbtdb at the same
time when detachnode() executes and removes the last reference to
a node between exiting being set to true for the node and testing
if the references are zero in maybe_free_rbtdb().  Move NODE_UNLOCK()
to after checking if references is zero to prevent detachnode()
changing the reference count too early.
This commit is contained in:
Mark Andrews
2020-12-18 13:31:07 +11:00
parent d86ad80654
commit 859d2fdad6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dns/rbtdb.c
View File

@@ -1256,11 +1256,11 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
for (i = 0; i < rbtdb->node_lock_count; i++) {
NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
rbtdb->node_locks[i].exiting = true;
NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
if (isc_refcount_current(&rbtdb->node_locks[i].references) == 0)
{
inactive++;
}
NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
}
if (inactive != 0) {