tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released
authorEdwin Török <edwin.torok@cloud.com>
Thu, 12 Jan 2023 17:48:29 +0000 (17:48 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 9 Feb 2023 15:55:25 +0000 (15:55 +0000)
commit021b82cc0c71ba592439f175c1ededa800b172a9
tree432f6903b16b79b7c288c8ef400574fd6bd9bb14
parent5797b798a542a7e5be34698463152cb92f18776f
tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released

The modification to the _H() macro for Ocaml 5 support introduced a subtle
bug.  From the manual:

  https://ocaml.org/manual/intfc.html#ss:parallel-execution-long-running-c-code

"After caml_release_runtime_system() was called and until
caml_acquire_runtime_system() is called, the C code must not access any OCaml
data, nor call any function of the run-time system, nor call back into OCaml
code."

Previously, the value was a naked C pointer, so dereferencing it wasn't
"accessing any Ocaml data", but the fix to avoid naked C pointers added a
layer of indirection through an Ocaml Custom object, meaning that the common
pattern of using _H() in a blocking section is unsafe.

In order to fix:

 * Drop the _H() macro and replace it with a static inline xce_of_val().
 * Opencode the assignment into Data_custom_val() in the two constructors.
 * Rename "value xce" parameters to "value xce_val" so we can consistently
   have "xenevtchn_handle *xce" on the stack, and obtain the pointer with the
   GC lock still held.

Fixes: 22d5affdf0ce ("tools/ocaml/evtchn: OCaml 5 support, fix potential resource leak")
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Christian Lindig <christian.lindig@citrix.com>
(cherry picked from commit 2636d8ff7a670c4d2485757dbe966e36c259a960)
tools/ocaml/libs/eventchn/xeneventchn_stubs.c