From owner-freebsd-threads@FreeBSD.ORG Wed Dec 8 02:50:06 2010 Return-Path: Delivered-To: freebsd-threads@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 818731065696 for ; Wed, 8 Dec 2010 02:50:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 50DF38FC16 for ; Wed, 8 Dec 2010 02:50:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oB82o6ZX072937 for ; Wed, 8 Dec 2010 02:50:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oB82o6X5072936; Wed, 8 Dec 2010 02:50:06 GMT (envelope-from gnats) Date: Wed, 8 Dec 2010 02:50:06 GMT Message-Id: <201012080250.oB82o6X5072936@freefall.freebsd.org> To: freebsd-threads@FreeBSD.org From: David Xu Cc: Subject: Re: threads/79887: [patch] freopen() isn't thread-safe X-BeenThere: freebsd-threads@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David Xu List-Id: Threading on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Dec 2010 02:50:06 -0000 The following reply was made to PR threads/79887; it has been noted by GNATS. From: David Xu To: John Baldwin Cc: bug-followup@freebsd.org, tejblum@yandex-team.ru Subject: Re: threads/79887: [patch] freopen() isn't thread-safe Date: Wed, 08 Dec 2010 10:43:35 +0800 John Baldwin wrote: > David, > > I think the submitter's analysis is correct that the only place that can set > the close function pointer is funopen() and that for that case (and any other > "fake" files), the file descriptor will be -1. If the fd is >= 0, then it > must be a file-descriptor-backed FILE, and relying on dup2() to close the fd > is ok. > > As the manpage notes, the most common usage is to redirect stderr or stdout by > doing 'freopen("/dev/null", "w", stderr)'. The bug allows some other random > code that is calling open() in another thread to have that open() return 2 > during the window where fd '2' is closed during freopen(). That other file > descriptor then gets trounced by the dup2() call in freopen() to point to > something else. > > The code likely uses _close() rather than close() directly to be cleaner. > Given that this is stdio, I don't think we are really worried about the > performance impact of one extra wrapper function. > > I think the original patch is most likely correct. > The patch works, I just don't like the design of the (*fp->_close)(fp->_cookie) it seems the patch make freopen bypass it. I think the patch can be committed, but I am busy and have no time to do it by myself.