Date: Thu, 29 Jan 2009 10:33:32 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r187882 - in stable/7/sys: . contrib/pf dev/cxgb kern Message-ID: <200901291033.n0TAXWjC051297@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Thu Jan 29 10:33:32 2009 New Revision: 187882 URL: http://svn.freebsd.org/changeset/base/187882 Log: MFC r186601: Clear the pointers to the file in the struct filedesc before file is closed in fdfree. Otherwise, sysctl_kern_proc_filedesc may dereference stale struct file * values. Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/kern/kern_descrip.c Modified: stable/7/sys/kern/kern_descrip.c ============================================================================== --- stable/7/sys/kern/kern_descrip.c Thu Jan 29 09:32:56 2009 (r187881) +++ stable/7/sys/kern/kern_descrip.c Thu Jan 29 10:33:32 2009 (r187882) @@ -1733,14 +1733,16 @@ fdfree(struct thread *td) FILEDESC_XUNLOCK(fdp); if (i > 0) return; - /* - * We are the last reference to the structure, so we can - * safely assume it will not change out from under us. - */ + fpp = fdp->fd_ofiles; for (i = fdp->fd_lastfile; i-- >= 0; fpp++) { - if (*fpp) - (void) closef(*fpp, td); + if (*fpp) { + FILEDESC_XLOCK(fdp); + fp = *fpp; + *fpp = NULL; + FILEDESC_XUNLOCK(fdp); + (void) closef(fp, td); + } } FILEDESC_XLOCK(fdp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901291033.n0TAXWjC051297>