From owner-svn-src-stable@FreeBSD.ORG  Fri Apr 26 21:07:28 2013
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 46CBC60A;
 Fri, 26 Apr 2013 21:07:28 +0000 (UTC)
 (envelope-from jilles@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 27E8E1DCD;
 Fri, 26 Apr 2013 21:07:28 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3QL7S2a051032;
 Fri, 26 Apr 2013 21:07:28 GMT (envelope-from jilles@svn.freebsd.org)
Received: (from jilles@localhost)
 by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3QL7RMK051027;
 Fri, 26 Apr 2013 21:07:27 GMT (envelope-from jilles@svn.freebsd.org)
Message-Id: <201304262107.r3QL7RMK051027@svn.freebsd.org>
From: Jilles Tjoelker <jilles@FreeBSD.org>
Date: Fri, 26 Apr 2013 21:07:27 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r249953 - stable/9/sys/kern
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 21:07:28 -0000

Author: jilles
Date: Fri Apr 26 21:07:27 2013
New Revision: 249953
URL: http://svnweb.freebsd.org/changeset/base/249953

Log:
  MFC r249233: mqueue,ksem,shm: Fix race condition with setting UF_EXCLOSE.
  
  POSIX mqueue, compatibility ksem and POSIX shm create a file descriptor that
  has close-on-exec set. However, they do this incorrectly, leaving a window
  where a thread may fork and exec while the flag has not been set yet. The
  race is easily reproduced on a multicore system with one thread doing
  shm_open and close and another thread doing posix_spawnp and waitpid.
  
  Set UF_EXCLOSE via falloc()'s flags argument instead. This also simplifies
  the code.

Modified:
  stable/9/sys/kern/uipc_mqueue.c
  stable/9/sys/kern/uipc_sem.c
  stable/9/sys/kern/uipc_shm.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/kern/uipc_mqueue.c
==============================================================================
--- stable/9/sys/kern/uipc_mqueue.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_mqueue.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -1977,7 +1977,7 @@ kern_kmq_open(struct thread *td, const c
 	if (len < 2  || path[0] != '/' || index(path + 1, '/') != NULL)
 		return (EINVAL);
 
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error)
 		return (error);
 
@@ -2032,10 +2032,6 @@ kern_kmq_open(struct thread *td, const c
 	finit(fp, flags & (FREAD | FWRITE | O_NONBLOCK), DTYPE_MQUEUE, pn,
 	    &mqueueops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	td->td_retval[0] = fd;
 	fdrop(fp, td);
 	return (0);

Modified: stable/9/sys/kern/uipc_sem.c
==============================================================================
--- stable/9/sys/kern/uipc_sem.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_sem.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -485,7 +485,7 @@ ksem_create(struct thread *td, const cha
 
 	fdp = td->td_proc->p_fd;
 	mode = (mode & ~fdp->fd_cmask) & ACCESSPERMS;
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error) {
 		if (name == NULL)
 			error = ENOSPC;
@@ -578,10 +578,6 @@ ksem_create(struct thread *td, const cha
 
 	finit(fp, FREAD | FWRITE, DTYPE_SEM, ks, &ksem_ops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	fdrop(fp, td);
 
 	return (0);

Modified: stable/9/sys/kern/uipc_shm.c
==============================================================================
--- stable/9/sys/kern/uipc_shm.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_shm.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -533,7 +533,7 @@ sys_shm_open(struct thread *td, struct s
 	fdp = td->td_proc->p_fd;
 	cmode = (uap->mode & ~fdp->fd_cmask) & ACCESSPERMS;
 
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error)
 		return (error);
 
@@ -628,10 +628,6 @@ sys_shm_open(struct thread *td, struct s
 
 	finit(fp, FFLAGS(uap->flags & O_ACCMODE), DTYPE_SHM, shmfd, &shm_ops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	td->td_retval[0] = fd;
 	fdrop(fp, td);