Report information
The Basics
Id:
42188
Status:
open
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Francis Dupont <Francis_Dupont@isc.org>
Requestors:
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S1 High
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Dates
Created:Wed, 20 Apr 2016 06:00:21 -0400
Updated:Mon, 26 Jun 2017 19:48:40 -0400
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Wed, 20 Apr 2016 06:00:21 -0400 Mukund Sivaraman <muks@isc.org> - Ticket created
Subject: Race in adaptive rwlock code

There's a race in the adaptive rwlock implementation in read and update of rwl->spins.
  Wed, 20 Apr 2016 07:02:30 -0400 Mukund Sivaraman <muks@isc.org> - Correspondence added

On Wed Apr 20 10:00:21 2016, muks wrote: > There's a race in the adaptive rwlock implementation in read and > update of rwl->spins. The new code seems to use ISC_PLATFORM_BUSYWAITNOP which seems to be defined as "rep; nop" for x86 and x86_64. rep is an instruction prefix that repeats the next instruction ecx times, decrementing ecx at each step. So ecx ought to be set to some deterministic value for it (what is its value here?). Also it clobbers ecx here.. is that fine?
  Wed, 20 Apr 2016 11:49:29 -0400 Mukund Sivaraman <muks@isc.org> - Correspondence added

On Wed Apr 20 11:02:30 2016, muks wrote: > On Wed Apr 20 10:00:21 2016, muks wrote: > > There's a race in the adaptive rwlock implementation in read and > > update of rwl->spins. > > The new code seems to use ISC_PLATFORM_BUSYWAITNOP which seems to be > defined as "rep; nop" for x86 and x86_64. > > rep is an instruction prefix that repeats the next instruction ecx > times, decrementing ecx at each step. So ecx ought to be set to some > deterministic value for it (what is its value here?). Also it clobbers > ecx here.. is that fine? Francis pointed out that the rep prefix does not apply to the nop instruction - the opcode sequence is used as the "pause" instruction. So this part of the bug report is bogus. The part about the race condition in rwl->spins still exists.
Wed, 27 Apr 2016 06:19:45 -0400 Stephen Morris <stephen@isc.org> - Area bug added
Wed, 27 Apr 2016 06:19:45 -0400 Stephen Morris <stephen@isc.org> - Component BIND Server added
Wed, 27 Apr 2016 12:25:24 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added
Wed, 27 Apr 2016 12:25:24 -0400 Stephen Morris <stephen@isc.org> - Severity S1 High added
Mon, 02 May 2016 10:28:30 -0400 Francis Dupont <Francis_Dupont@isc.org> - Taken
Wed, 18 May 2016 03:55:17 -0400 Francis Dupont <Francis_Dupont@isc.org> - Status changed from 'new' to 'open'
Mon, 26 Jun 2017 19:48:40 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public