[Xenomai] [HEADS-UP] Xenomai 3.x / Cobalt - critical fix

Philippe Gerum rpm at xenomai.org
Thu Nov 16 17:54:53 CET 2017


A really bad bug has just been fixed in the implementation of a basic
synchronization object (aka Cobalt monitor) in the Cobalt core,
affecting SMP configs exclusively. As observed with a real world
application, the bug could cause waiters to sleep indefinitely on a monitor.

Cobalt monitors are heavily used in all non-POSIX Xenomai APIs
indirectly via the syncobj abstraction from libcopperplate, i.e.
alchemy, psos, vxworks, so all of those APIs are potentially affected by
this bug. Strictly POSIX apps not depending on libcopperplate are immune
to this issue though.

All Xenomai 3.x releases are vulnerable. A fix is avail from the git
repo, for the stable-3.0.x [1] and next [2] branches.

This is a really creepy, timing-dependent bug. If you depend on any of
the vulnerable APIs, you really want to pick that fix. I mean, really,
no joke.

[1]
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=3112a3f98feaa8fa3109f89013bec8674308ede3
[2]
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=8211ff20e3380fffa0df4ba4bea5b62c0f4005c2

-- 
Philippe.



More information about the Xenomai mailing list