Re: poll() system call overwrites the complete pollfd struct instead of just revents
Re: poll() system call overwrites the complete pollfd struct instead of just revents
- Subject: Re: poll() system call overwrites the complete pollfd struct instead of just revents
- From: Daniel Eischen <email@hidden>
- Date: Mon, 26 Jan 2009 11:16:06 -0500 (EST)
On Mon, 26 Jan 2009, Kurt Miller wrote:
For multi-threaded programs like Sun's JDK, an unexpected problem can
happen due to the kernel writing over the complete pollfd struct upon
return from the poll system call. Say thread A is blocked in the poll
system call and thread B modifies the events field. Then thread B wakes
up thread A, which returns from the system call and unexpectedly
overwrites the events field, erasing the changes made by thread B. In
Sun's JDK, thread A loops back to poll expecting the changes thread B
made to the events field to persist.
Both Solaris and Linux don't modify the events field. POSIX doesn't
specify either way, but it seems to be a reasonable assumption that the
kernel only write to the revents field.
FreeBSD seems to have the same problem. I guess it is
an optimization to copyout the entire pollfd array instead
of looping and copying out just the revents field?
--
DE
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden