Races in ichsmb(9) when accessed from a multithreaded process
Ryan Stone
rysto32 at gmail.com
Mon Feb 3 16:41:14 UTC 2014
ichsmb.c has the following rather worrisome comment:
* This driver assumes that the generic SMBus code will ensure that
* at most one process at a time calls into the SMBus methods below.
However, when I look at the code is sys/dev/smbus, I see nothing that
actually guarantees this if two threads in the same process call
ioctls on the same file descriptor. It does call smbus_request_bus,
but mostly that just calls down into the smbus implementation (in this
case ichsmb) with SMBUS_CALLBACK. ichsmb always just acks the
request, so no actual locking ends up occurring.
Is it intended that smb(9) clients be required to do their own
locking? It seems to me that that is way more fragile than it needs
to be.
More information about the freebsd-hackers
mailing list