DragonFlyBSD Kernel Audit
← dashboard
DF-0168

Lazy objcache creation in sysref_alloc is racy (no lock on srclass->oc init)

Summary

sysref_alloc(:142-148) lazily inits srclass->oc with plain NULL-check+store, no lock. Two CPUs first-alloc same class -> two objcaches created, second wins. First leaked. Objects may cross caches via objcache_put at free time. Boot ordering mitigates (most classes single-threaded at first alloc).