Author: jilles Date: Thu Jun 23 20:59:13 2016 New Revision: 302151 URL: https://svnweb.freebsd.org/changeset/base/302151
Log: posixshm: Fix lock leak when mac_posixshm_check_read rejects read. While reading the code, I noticed that shm_read() returns without unlocking foffset and rangelock if mac_posixshm_check_read() rejects the read. Reviewed by: kib, jhb, rwatson Approved by: re (gjb) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D6927 Modified: head/sys/kern/uipc_shm.c Modified: head/sys/kern/uipc_shm.c ============================================================================== --- head/sys/kern/uipc_shm.c Thu Jun 23 20:05:59 2016 (r302150) +++ head/sys/kern/uipc_shm.c Thu Jun 23 20:59:13 2016 (r302151) @@ -295,14 +295,14 @@ shm_read(struct file *fp, struct uio *ui int error; shmfd = fp->f_data; - foffset_lock_uio(fp, uio, flags); - rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, - uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); #ifdef MAC error = mac_posixshm_check_read(active_cred, fp->f_cred, shmfd); if (error) return (error); #endif + foffset_lock_uio(fp, uio, flags); + rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, + uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); error = uiomove_object(shmfd->shm_object, shmfd->shm_size, uio); rangelock_unlock(&shmfd->shm_rl, rl_cookie, &shmfd->shm_mtx); foffset_unlock_uio(fp, uio, flags); _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
