* David Xu <[EMAIL PROTECTED]> [020715 22:31] wrote:
> I found a race condition in kern_descrip.c, the race is in function falloc(),
> it opens a race window at line 1147:
You're right, however I'd appreciate it if you'd look deeper into the
possiblity of races in this code before committing this patch to make
sure we don't want to do this another way.
> FILEDESC_UNLOCK(p->p_fd);
> sx_xlock(&filelist_lock);
> FILEDESC_LOCK(p->p_fd);
>
> fix:
> --- kern_descrip.c Tue Jul 16 12:29:44 2002
> +++ kern_descrip.c.new Tue Jul 16 12:26:50 2002
> @@ -1107,6 +1107,7 @@
> register struct file *fp, *fq;
> int error, i;
>
> +retry:
> sx_xlock(&filelist_lock);
> if (nfiles >= maxfiles) {
> sx_xunlock(&filelist_lock);
> @@ -1151,6 +1152,13 @@
> LIST_INSERT_AFTER(fq, fp, f_list);
> } else {
> LIST_INSERT_HEAD(&filehead, fp, f_list);
> + }
> + if (p->p_fd->fd_ofiles[i] != NULL) {
> + fp->f_count = 0;
> + FILEDESC_UNLOCK(p->p_fd);
> + sx_xunlock(&filelist_lock);
> + ffree(fp);
> + goto retry;
> }
> p->p_fd->fd_ofiles[i] = fp;
> FILEDESC_UNLOCK(p->p_fd);
> ---
>
> David Xu
--
-Alfred Perlstein [[EMAIL PROTECTED]]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
