Date: Sun, 14 Feb 1999 14:33:10 -0800 (PST) From: Julian Elischer <julian@whistle.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: hackers@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Again: sorflush() bug fix in uipc_usrreq.c -- need someone to review this Message-ID: <Pine.BSF.3.95.990214143100.11800B-100000@current1.whistle.com> In-Reply-To: <199902142053.MAA07985@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not convinced that it may not be impossible to get anything but socket fds in the 'hitlist' Since to get on it the fd must be involved in a cyclical reference (see the big comment in prior code). still the check can't hurt.. julian On Sun, 14 Feb 1999, Matthew Dillon wrote: > Nobody but Doug has gotten back to me on this patch, which is in -current > but not currently in stable. Doug indicated that he wasn't very familiar > with the area in question. > > I think it's pretty important that this patch make it into the 3.1 > release but I would like someone familiar with the code to double-check > it. If nobody gets back to me today on it I am going to commit it to > -stable w/ Jordan's permission. > > -Matt > Matthew Dillon > <dillon@backplane.com> > > > : This fix is currently comitted to -4.x. I don't want to backport it to > : -3.x until I get an independant review. > : > : This code is ( I believe ) part of the message queue flushing for > : typically unix domain sockets, relating to file descriptor passing. > : This code is attempting to flush the in-transit file descriptors when > : both sides of the connection go poof. > : > : The problem ( I believe ) is that it is calling sorflush() potentially > : on non-sockets. While most uses of file descriptor passing pass only > : sockets, if this bug is hit for those uses that do not, it could corrupt > : kernel memory or cause a crash. > : > : I need someone to check the code and tell me I'm not blowing smoke before > : I backport this :-) > : > : -Matt > : Matthew Dillon > : <dillon@backplane.com> > : > :*** uipc_usrreq.c 1998/10/25 17:44:51 1.37 > :--- uipc_usrreq.c 1999/01/21 08:03:49 > :*************** > :*** 1114,1121 **** > : /* > : * for each FD on our hit list, do the following two things > : */ > :! for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) > :! sorflush((struct socket *)(*fpp)->f_data); > : for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) > : closef(*fpp, (struct proc *) NULL); > : free((caddr_t)extra_ref, M_FILE); > :--- 1114,1124 ---- > : /* > : * for each FD on our hit list, do the following two things > : */ > :! for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) { > :! struct file *tfp = *fpp; > :! if (tfp->f_type == DTYPE_SOCKET && tfp->f_data != NULL) > :! sorflush((struct socket *)(tfp->f_data)); > :! } > : > : > :To Unsubscribe: send mail to majordomo@FreeBSD.org > :with "unsubscribe freebsd-hackers" in the body of the message > : > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.990214143100.11800B-100000>