[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] Possible race condition in netconn_write

From: Geir Ertzaas
Subject: [lwip-users] Possible race condition in netconn_write
Date: Tue, 23 May 2006 12:58:47 +0200
User-agent: Thunderbird (Windows/20060308)

I have found a problem with the code in netconn_write (api_lib.c) that caused infrequent severe crashes in my application. The code creates and deletes a semaphore, conn->sem, which is used to wait for free send buffer space. The main lwip_thread signals this semaphore when there is room available in the send buffer, however the check to see whether to signal the semaphore is based on conn->sem!=0. This is a potential race condition as the semaphore is deleted prior to the conn->sem being set to 0 in netconn_write. The lwip_thread runs at a higher task priority than the application thread and may interrupt the application thread between the delete and and the 0 assignment. I fixed this in my application by removing the semaphore deletion/assignment from netconn_write and have the semaphore exist until netconn_delete is called.

In netconn_write :

memp_free(MEMP_API_MSG, msg);
conn->state = NETCONN_NONE;
if (conn->sem != SYS_SEM_NULL) {
sys_sem_free(conn->sem); //<<-- Potential race condition.
  conn->sem = SYS_SEM_NULL;                   //<<--

return conn->err;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]