ck_fifo_mpmc: Fix NULL deference when re-using nodes.

If a FIFO entry is being re-used, it is possible for NULL
assignment to be triggered due to race with enqueue.
ck_pring
Samy Al Bahra 12 years ago
parent c4e50a193a
commit 86884ed574

@ -361,6 +361,14 @@ ck_fifo_mpmc_dequeue(struct ck_fifo_mpmc *fifo,
update.generation = tail.generation + 1; update.generation = tail.generation + 1;
ck_pr_cas_ptr_2(&fifo->tail, &tail, &update); ck_pr_cas_ptr_2(&fifo->tail, &tail, &update);
} else { } else {
/*
* It is possible for head snapshot to have been
* re-used. Avoid deferencing during enqueue
* re-use.
*/
if (next.pointer == NULL)
continue;
/* Save value before commit. */ /* Save value before commit. */
*(void **)value = ck_pr_load_ptr(&next.pointer->value); *(void **)value = ck_pr_load_ptr(&next.pointer->value);
@ -408,6 +416,13 @@ ck_fifo_mpmc_trydequeue(struct ck_fifo_mpmc *fifo,
ck_pr_cas_ptr_2(&fifo->tail, &tail, &update); ck_pr_cas_ptr_2(&fifo->tail, &tail, &update);
return false; return false;
} else { } else {
/*
* It is possible for head snapshot to have been
* re-used. Avoid deferencing during enqueue.
*/
if (next.pointer == NULL)
return false;
/* Save value before commit. */ /* Save value before commit. */
*(void **)value = ck_pr_load_ptr(&next.pointer->value); *(void **)value = ck_pr_load_ptr(&next.pointer->value);

Loading…
Cancel
Save