From owner-freebsd-stable  Sun Oct 29 13:53:55 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from earth.backplane.com (placeholder-dcat-1076843399.broadbandoffice.net [64.47.83.135])
	by hub.freebsd.org (Postfix) with ESMTP id 35B1C37B479
	for <freebsd-stable@freebsd.org>; Sun, 29 Oct 2000 13:53:48 -0800 (PST)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.1/8.9.3) id e9TLqt371320;
	Sun, 29 Oct 2000 13:52:55 -0800 (PST)
	(envelope-from dillon)
Date: Sun, 29 Oct 2000 13:52:55 -0800 (PST)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200010292152.e9TLqt371320@earth.backplane.com>
To: Jordan Hubbard <jkh@winston.osd.bsdi.com>,
	Alexander Viro <viro@math.psu.edu>
Cc: freebsd-stable@freebsd.org
Subject: Proposed patch related to August discussion on file descriptor races and kern/11629
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

    I've finally had time to really go through the file descriptor
    handling code for FreeBSD and work up a more complete patch to
    solve races intrdocued by the shared descriptor table feature
    (used by RFMEM forks, aka threads).

    Alexander Viro emailed me in August giving me a heads up on the 
    issue and described what they did to fix Linux.  I also found a PR
    on pieces of the same issue, kern/11629.  Note that there are exploits
    available that can crash an unfixed machine.

    The fix is, as most of us would expect, to hold an additional reference
    on the struct file pointer during an operation.  The reference held by 
    the file descriptor array is no longer sufficient since the file
    descriptor array may be shared between processes.

    This involves some straightforward but significant work, which I now have
    a patch for.  The work is not entirely trivial so I have some qualms
    about putting it in 4.2, but I believe the issue is important enough that
    we *should* put this in 4.2.

    I would appreciate a review for correctness.  Unfortunately I have only
    one test box at the moment, and very little time available so this patch
    is directly for 4.2, not -current.

	http://apollo.backplane.com/FreeBSD4/

    Jordan, due to the circumstances of this patch and its complexity, I
    believe I need you to sign-off on it for the release (or decide otherwise
    if you do not think we can test it sufficiently before the role).  I am
    doing final testing of the patch now (making sure I didn't cause any
    file table leaks).


						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message