From owner-freebsd-arch  Wed Apr 18 15:12:29 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id 86D0737B423
	for <arch@FreeBSD.ORG>; Wed, 18 Apr 2001 15:12:26 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.2/8.11.2) id f3IMCPD45159;
	Wed, 18 Apr 2001 15:12:25 -0700 (PDT)
	(envelope-from dillon)
Date: Wed, 18 Apr 2001 15:12:25 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200104182212.f3IMCPD45159@earth.backplane.com>
To: Terry Lambert <tlambert@primenet.com>
Cc: arch@FreeBSD.ORG
Subject: Re: Found BAD BUG: squashed
References:  <200104182207.PAA11716@usr08.primenet.com>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


:I have identified the bug.
:
:It turns out that the bug causes memory corruption by freeing
:but continuing to use a credential, and it only occurs in big
:resource usage cases, and then seemingly at random.
:
:It is the fact that there are two credentials per socket, one
:for the socket, and one for the descriptor itself.
:
:The cr_ref is an unsigned short, and ...

    Ahhh..  Excellent find Terry!

    Why do you want to cycle a new credential when the unsigned short
    ref count reaches 65535 (what you call the right fix) verses simply
    changing the ref count to an unsigned long (what you call the quick
    and dirty fix)?  That seems kinda reversed to me.

					-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message