From owner-svn-src-stable@FreeBSD.ORG Wed Jan 26 20:14:12 2011 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81DC31065670; Wed, 26 Jan 2011 20:14:12 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 568AD8FC21; Wed, 26 Jan 2011 20:14:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p0QKECik088425; Wed, 26 Jan 2011 20:14:12 GMT (envelope-from jhb@svn.freebsd.org) Received: (from jhb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p0QKECiT088423; Wed, 26 Jan 2011 20:14:12 GMT (envelope-from jhb@svn.freebsd.org) Message-Id: <201101262014.p0QKECiT088423@svn.freebsd.org> From: John Baldwin Date: Wed, 26 Jan 2011 20:14:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r217900 - stable/7/lib/libc/stdio X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2011 20:14:12 -0000 Author: jhb Date: Wed Jan 26 20:14:12 2011 New Revision: 217900 URL: http://svn.freebsd.org/changeset/base/217900 Log: MFC 216334: When reopening a stream backed by an open file descriptor, do not close the existing file descriptor. Instead, let dup2() atomically close the old file descriptor when assigning the newly opened file to the same descriptor. This closes a race in a multithreaded application where a concurrent open() could allocate the existing file descriptor in between the calls to close() and dup2(). Modified: stable/7/lib/libc/stdio/freopen.c Directory Properties: stable/7/lib/libc/ (props changed) stable/7/lib/libc/stdtime/ (props changed) Modified: stable/7/lib/libc/stdio/freopen.c ============================================================================== --- stable/7/lib/libc/stdio/freopen.c Wed Jan 26 20:14:03 2011 (r217899) +++ stable/7/lib/libc/stdio/freopen.c Wed Jan 26 20:14:12 2011 (r217900) @@ -150,14 +150,6 @@ freopen(file, mode, fp) /* Get a new descriptor to refer to the new file. */ f = _open(file, oflags, DEFFILEMODE); - if (f < 0 && isopen) { - /* If out of fd's close the old one and try again. */ - if (errno == ENFILE || errno == EMFILE) { - (void) (*fp->_close)(fp->_cookie); - isopen = 0; - f = _open(file, oflags, DEFFILEMODE); - } - } sverrno = errno; finish: @@ -165,9 +157,11 @@ finish: * Finish closing fp. Even if the open succeeded above, we cannot * keep fp->_base: it may be the wrong size. This loses the effect * of any setbuffer calls, but stdio has always done this before. + * + * Leave the existing file descriptor open until dup2() is called + * below to avoid races where a concurrent open() in another thread + * could claim the existing descriptor. */ - if (isopen) - (void) (*fp->_close)(fp->_cookie); if (fp->_flags & __SMBF) free((char *)fp->_bf._base); fp->_w = 0; @@ -186,6 +180,8 @@ finish: memset(&fp->_extra->mbstate, 0, sizeof(mbstate_t)); if (f < 0) { /* did not get it after all */ + if (isopen) + (void) (*fp->_close)(fp->_cookie); fp->_flags = 0; /* set it free */ FUNLOCKFILE(fp); errno = sverrno; /* restore in case _close clobbered */ @@ -197,11 +193,12 @@ finish: * to maintain the descriptor. Various C library routines (perror) * assume stderr is always fd STDERR_FILENO, even if being freopen'd. */ - if (wantfd >= 0 && f != wantfd) { + if (wantfd >= 0) { if (_dup2(f, wantfd) >= 0) { (void)_close(f); f = wantfd; - } + } else + (void)_close(fp->_file); } /*