Date: Sun, 7 Apr 2013 15:26:10 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r249233 - head/sys/kern Message-ID: <201304071526.r37FQAt7093026@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jilles Date: Sun Apr 7 15:26:09 2013 New Revision: 249233 URL: http://svnweb.freebsd.org/changeset/base/249233 Log: mqueue,ksem,shm: Fix race condition with setting UF_EXCLOSE. POSIX mqueue, compatibility ksem and POSIX shm create a file descriptor that has close-on-exec set. However, they do this incorrectly, leaving a window where a thread may fork and exec while the flag has not been set yet. The race is easily reproduced on a multicore system with one thread doing shm_open and close and another thread doing posix_spawnp and waitpid. Set UF_EXCLOSE via falloc()'s flags argument instead. This also simplifies the code. MFC after: 1 week Modified: head/sys/kern/uipc_mqueue.c head/sys/kern/uipc_sem.c head/sys/kern/uipc_shm.c Modified: head/sys/kern/uipc_mqueue.c ============================================================================== --- head/sys/kern/uipc_mqueue.c Sun Apr 7 13:03:57 2013 (r249232) +++ head/sys/kern/uipc_mqueue.c Sun Apr 7 15:26:09 2013 (r249233) @@ -1977,7 +1977,7 @@ kern_kmq_open(struct thread *td, const c if (len < 2 || path[0] != '/' || strchr(path + 1, '/') != NULL) return (EINVAL); - error = falloc(td, &fp, &fd, 0); + error = falloc(td, &fp, &fd, O_CLOEXEC); if (error) return (error); @@ -2032,10 +2032,6 @@ kern_kmq_open(struct thread *td, const c finit(fp, flags & (FREAD | FWRITE | O_NONBLOCK), DTYPE_MQUEUE, pn, &mqueueops); - FILEDESC_XLOCK(fdp); - if (fdp->fd_ofiles[fd].fde_file == fp) - fdp->fd_ofiles[fd].fde_flags |= UF_EXCLOSE; - FILEDESC_XUNLOCK(fdp); td->td_retval[0] = fd; fdrop(fp, td); return (0); Modified: head/sys/kern/uipc_sem.c ============================================================================== --- head/sys/kern/uipc_sem.c Sun Apr 7 13:03:57 2013 (r249232) +++ head/sys/kern/uipc_sem.c Sun Apr 7 15:26:09 2013 (r249233) @@ -485,7 +485,7 @@ ksem_create(struct thread *td, const cha fdp = td->td_proc->p_fd; mode = (mode & ~fdp->fd_cmask) & ACCESSPERMS; - error = falloc(td, &fp, &fd, 0); + error = falloc(td, &fp, &fd, O_CLOEXEC); if (error) { if (name == NULL) error = ENOSPC; @@ -578,10 +578,6 @@ ksem_create(struct thread *td, const cha finit(fp, FREAD | FWRITE, DTYPE_SEM, ks, &ksem_ops); - FILEDESC_XLOCK(fdp); - if (fdp->fd_ofiles[fd].fde_file == fp) - fdp->fd_ofiles[fd].fde_flags |= UF_EXCLOSE; - FILEDESC_XUNLOCK(fdp); fdrop(fp, td); return (0); Modified: head/sys/kern/uipc_shm.c ============================================================================== --- head/sys/kern/uipc_shm.c Sun Apr 7 13:03:57 2013 (r249232) +++ head/sys/kern/uipc_shm.c Sun Apr 7 15:26:09 2013 (r249233) @@ -534,7 +534,7 @@ sys_shm_open(struct thread *td, struct s fdp = td->td_proc->p_fd; cmode = (uap->mode & ~fdp->fd_cmask) & ACCESSPERMS; - error = falloc(td, &fp, &fd, 0); + error = falloc(td, &fp, &fd, O_CLOEXEC); if (error) return (error); @@ -629,10 +629,6 @@ sys_shm_open(struct thread *td, struct s finit(fp, FFLAGS(uap->flags & O_ACCMODE), DTYPE_SHM, shmfd, &shm_ops); - FILEDESC_XLOCK(fdp); - if (fdp->fd_ofiles[fd].fde_file == fp) - fdp->fd_ofiles[fd].fde_flags |= UF_EXCLOSE; - FILEDESC_XUNLOCK(fdp); td->td_retval[0] = fd; fdrop(fp, td);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304071526.r37FQAt7093026>