From owner-freebsd-current  Mon Jul 15 23:24:28 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1738337B407
	for <freebsd-current@freebsd.org>; Mon, 15 Jul 2002 23:24:17 -0700 (PDT)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D23DC43E58
	for <freebsd-current@freebsd.org>; Mon, 15 Jul 2002 23:24:16 -0700 (PDT)
	(envelope-from bright@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 8B1A9AE255; Mon, 15 Jul 2002 23:24:16 -0700 (PDT)
Date: Mon, 15 Jul 2002 23:24:16 -0700
From: Alfred Perlstein <bright@mu.org>
To: David Xu <davidx@viasoft.com.cn>
Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
Subject: Re: race condition in kern_descrip.c and fix
Message-ID: <20020716062416.GT77219@elvis.mu.org>
References: <200207160547.NAA08469@mail.viasoft.com.cn>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200207160547.NAA08469@mail.viasoft.com.cn>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

* David Xu <davidx@viasoft.com.cn> [020715 22:31] wrote:
> I found a race condition in kern_descrip.c, the race is in function falloc(),
> it opens a race window at line 1147:

You're right, however I'd appreciate it if you'd look deeper into the
possiblity of races in this code before committing this patch to make
sure we don't want to do this another way.


> 		FILEDESC_UNLOCK(p->p_fd);
>         sx_xlock(&filelist_lock);
>         FILEDESC_LOCK(p->p_fd);
> 
> fix:
> --- kern_descrip.c	Tue Jul 16 12:29:44 2002
> +++ kern_descrip.c.new	Tue Jul 16 12:26:50 2002
> @@ -1107,6 +1107,7 @@
>  	register struct file *fp, *fq;
>  	int error, i;
>  
> +retry:
>  	sx_xlock(&filelist_lock);
>  	if (nfiles >= maxfiles) {
>  		sx_xunlock(&filelist_lock);
> @@ -1151,6 +1152,13 @@
>  		LIST_INSERT_AFTER(fq, fp, f_list);
>  	} else {
>  		LIST_INSERT_HEAD(&filehead, fp, f_list);
> +	}
> +	if (p->p_fd->fd_ofiles[i] != NULL) {
> +		fp->f_count = 0;
> +		FILEDESC_UNLOCK(p->p_fd);
> +		sx_xunlock(&filelist_lock);
> +		ffree(fp);
> +		goto retry;
>  	}
>  	p->p_fd->fd_ofiles[i] = fp;
>  	FILEDESC_UNLOCK(p->p_fd);
> ---	
> 
> David Xu

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message