From c50b9bf4137333850e76393752495a09147e73a6 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Wed, 6 Jul 2011 20:43:54 +0200 Subject: Fix a match-spec trace bug that could cause emulator crash A trace matchspec with 'enable_trace' or 'disable_trace' in body could cause an emulator crash if a concurrent process altered the trace setting of the traced function by calling erlang:trace_pattern. The effect was a deallocation of the binary holding the matchspec program while it was running. Fixed by increasing reference count of ms-binary in the cases when 'enable_trace' or 'disable_trace' may cause a system block that may alter the ongoing trace. The paradox here is that db_prog_match() is using erts_smp_block_system() to do 'enable_trace' and 'disable_trace' in a safe (atomic) way. But that also have the (non-atomic) effect that racing thread might block the system and change the trace settings with erlang:trace_pattern. --- erts/emulator/beam/erl_db_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/erts/emulator/beam/erl_db_util.c b/erts/emulator/beam/erl_db_util.c index c3b074f782..e5be1f253a 100644 --- a/erts/emulator/beam/erl_db_util.c +++ b/erts/emulator/beam/erl_db_util.c @@ -1731,6 +1731,7 @@ Eterm db_prog_match(Process *c_p, Binary *bprog, #define BEGIN_ATOMIC_TRACE(p) \ do { \ if (! atomic_trace) { \ + erts_refc_inc(&bprog->refc, 2); \ erts_smp_proc_unlock((p), ERTS_PROC_LOCK_MAIN); \ erts_smp_block_system(0); \ atomic_trace = !0; \ @@ -1741,6 +1742,9 @@ Eterm db_prog_match(Process *c_p, Binary *bprog, if (atomic_trace) { \ erts_smp_release_system(); \ erts_smp_proc_lock((p), ERTS_PROC_LOCK_MAIN); \ + if (erts_refc_dectest(&bprog->refc, 0) == 0) {\ + erts_bin_free(bprog); \ + } \ atomic_trace = 0; \ } \ } while (0) -- cgit v1.2.3