From owner-freebsd-hackers Sun Feb 14 16:20:32 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA03520 for freebsd-hackers-outgoing; Sun, 14 Feb 1999 16:20:32 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA03515; Sun, 14 Feb 1999 16:20:30 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id QAA10642; Sun, 14 Feb 1999 16:20:23 -0800 (PST) (envelope-from dillon) Date: Sun, 14 Feb 1999 16:20:23 -0800 (PST) From: Matthew Dillon Message-Id: <199902150020.QAA10642@apollo.backplane.com> To: Julian Elischer Cc: hackers@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Again: sorflush() bug fix in uipc_usrreq.c -- need someone to review this References: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :I'm not convinced that it may not be impossible to get anything but :socket fds in the 'hitlist' Since to get on it the fd must be involved in :a cyclical reference (see the big comment in prior code). :still the check can't hurt.. : :julian good 'nuf for me. I traced through the code and I believe it can happen. What has to happen is that you have to have two processes passing file descriptors to each other over a unix domain socket, and have both processes die while descriptors are 'in transit'. You get into trouble if you happen to be passing a non-socket descriptor over the socket when that condition occurs. The cyclical reference problem is a different problem - the hitlist is constructed whether there is cycle or not. The problem with the cyclical bug was that the same descriptor would wind up being double-closed or double-flushed due to the recursion. This particular bug was fixed a long time ago. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message