Date: Wed, 21 Mar 2007 19:32:08 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern vfs_syscalls.c Message-ID: <200703211932.l2LJW8ht093196@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jhb 2007-03-21 19:32:08 UTC
FreeBSD src repository
Modified files:
sys/kern vfs_syscalls.c
Log:
If vn_open() fails during kern_open(), don't fdrop() the new file object
until after the call to fdclose(). This closes an obscure race that
could result in the later call to fdclose() actually closing a different
file descriptor if another thread close()'s the file descriptor being
opened before fdrop() is called, so the fdrop() in kern_open() frees the
file object, then the second thread (or a third) creates a new file
descriptor which reuses both the same index and the same file pointer
thus tricking fdclose() in the first thread into thinking that the
original file was still open.
MFC after: 1 week
Revision Changes Path
1.434 +2 -5 src/sys/kern/vfs_syscalls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703211932.l2LJW8ht093196>