PCR 12671 - Memory object deletion with simultaneous quota parent deletion could result in memory object quota leak
Summary: Memory object deletion with simultaneous quota parent deletion could result i...
Status: NEW
Alias: None
Product: Kernel
Classification: Deos
Component: Kernel (show other PCRs)
Version: mainline
Hardware: All Deos
: Hold
: Limitation
Target Milestone: Chia
Assignee: .Kernel
URL:
Whiteboard:
Depends on: 12670
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-16 11:53 MST by Stephen P. Smith
Modified: 2020-09-21 16:53 MST (History)
3 users (show)

See Also:
Impact Assessment: Heavy
Organization: Honeywell
stephen.smith: Requirements?
stephen.smith: Code?
stephen.smith: TestCases?
stephen.smith: TestProcedures?
stephen.smith: Other?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this PCR.
Description Stephen P. Smith 2020-06-16 11:53:46 MST 
+++ This PCR was initially created as a clone of PCR #12670 +++

If the quota parent process is deleted between when MemoryObject::ConceptualObjectDestructor() exits the critical after calling quotaParentListNode.removeFromList() AND when MemoryObject::deallocate() returns the MO quota to the parent, THEN the MO quota could be returned to a deleted process and be lost or could be returned to the wrong process.

This race condition exists on Memory Objects and not other KIOs because Memory objects are the only KIOs that can be deleted by a thread that is not in the quota parent process. Note: A thread not in a process' quota parent process can use deleteProcess() to initiate process deletion but the main thread in the deleted process actually performs the deletion.
Comment 1 Stephen P. Smith 2020-06-16 11:54:45 MST 
Updates to the Chia kernel have not been authorized.
Comment 2 deosbugs.ccb 2020-09-21 16:24:56 MST 
CCB minutes for 2020-09-21-83425
Comment 3 deosbugs.ccb 2020-09-21 16:53:38 MST 
CCB visited this PCR on 2020-09-21-83425