Re: poll() system call overwrites the complete pollfd struct instead of just revents
Re: poll() system call overwrites the complete pollfd struct instead of just revents
- Subject: Re: poll() system call overwrites the complete pollfd struct instead of just revents
- From: Kurt Miller <email@hidden>
- Date: Mon, 26 Jan 2009 11:49:13 -0500
Daniel Eischen wrote:
> On Mon, 26 Jan 2009, Kurt Miller wrote:
>
>> For multi-threaded programs like Sun's JDK, an unexpected problem can
>> happen due to the kernel writing over the complete pollfd struct upon
>> return from the poll system call. Say thread A is blocked in the poll
>> system call and thread B modifies the events field. Then thread B wakes
>> up thread A, which returns from the system call and unexpectedly
>> overwrites the events field, erasing the changes made by thread B. In
>> Sun's JDK, thread A loops back to poll expecting the changes thread B
>> made to the events field to persist.
>>
>> Both Solaris and Linux don't modify the events field. POSIX doesn't
>> specify either way, but it seems to be a reasonable assumption that the
>> kernel only write to the revents field.
>
> FreeBSD seems to have the same problem. I guess it is
> an optimization to copyout the entire pollfd array instead
> of looping and copying out just the revents field?
>
Yes that is my understanding. There doesn't appear to be any
other reason to copy the full struct out.
-Kurt
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden