I think the second call to reauth should use a second, newly-created, rendezvous port. Why doesn't it?
On Mar 13, 2011 5:44 PM, "Samuel Thibault" <
samuel.thibault@gnu.org> wrote:
> Hello,
>
> I've investigated a duplicate port destroy in ext2fs, what apparently
> happens is this:
>
> - diskfs_S_dir_lookup is called, which for some reason ends up calling
> - fshelp_fetch_root(), which calls
> - reauth(), which calls
> - mach_reply_port() to get a rendez-vous port, and then issues
> - io_reauthenticate() with that port on ext2fs itself (since it's the
> root of the system), thus triggering a call to:
> - diskfs_S_io_reauthenticate() in another thread. There, the
> rendez-vous port is thus the same as the reply port obtained above,
> with the *same name*.
> - reauth() destroys the rendez-vous port (and thus the name!)
> - a bit later, diskfs_S_io_reauthenticate has finished its work,
> and deallocates its rendez-vous port. But the name doesn't exist any
> more. Bad.
>
> How are we supposed to deal with such case?
>
> Samuel
>