From owner-svn-src-all@FreeBSD.ORG Mon Nov 3 03:12:16 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0FA4C542; Mon, 3 Nov 2014 03:12:16 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F0AC8B0D; Mon, 3 Nov 2014 03:12:15 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sA33CFKK010077; Mon, 3 Nov 2014 03:12:15 GMT (envelope-from mjg@FreeBSD.org) Received: (from mjg@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sA33CFc4010076; Mon, 3 Nov 2014 03:12:15 GMT (envelope-from mjg@FreeBSD.org) Message-Id: <201411030312.sA33CFc4010076@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mjg set sender to mjg@FreeBSD.org using -f From: Mateusz Guzik Date: Mon, 3 Nov 2014 03:12:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r274000 - head/sys/fs/devfs X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 03:12:16 -0000 Author: mjg Date: Mon Nov 3 03:12:15 2014 New Revision: 274000 URL: https://svnweb.freebsd.org/changeset/base/274000 Log: Fix up some session-related races in devfs. One was introduced with r272596, the rest was there to begin with. Noted by: jhb Modified: head/sys/fs/devfs/devfs_vnops.c Modified: head/sys/fs/devfs/devfs_vnops.c ============================================================================== --- head/sys/fs/devfs/devfs_vnops.c Mon Nov 3 00:37:39 2014 (r273999) +++ head/sys/fs/devfs/devfs_vnops.c Mon Nov 3 03:12:15 2014 (r274000) @@ -499,6 +499,7 @@ devfs_access(struct vop_access_args *ap) { struct vnode *vp = ap->a_vp; struct devfs_dirent *de; + struct proc *p; int error; de = vp->v_data; @@ -511,11 +512,16 @@ devfs_access(struct vop_access_args *ap) return (0); if (error != EACCES) return (error); + p = ap->a_td->td_proc; /* We do, however, allow access to the controlling terminal */ - if (!(ap->a_td->td_proc->p_flag & P_CONTROLT)) + PROC_LOCK(p); + if (!(p->p_flag & P_CONTROLT)) { + PROC_UNLOCK(p); return (error); - if (ap->a_td->td_proc->p_session->s_ttydp == de->de_cdp) - return (0); + } + if (p->p_session->s_ttydp == de->de_cdp) + error = 0; + PROC_UNLOCK(p); return (error); } @@ -525,6 +531,7 @@ devfs_close(struct vop_close_args *ap) { struct vnode *vp = ap->a_vp, *oldvp; struct thread *td = ap->a_td; + struct proc *p; struct cdev *dev = vp->v_rdev; struct cdevsw *dsw; int vp_locked, error, ref; @@ -545,24 +552,30 @@ devfs_close(struct vop_close_args *ap) * if the reference count is 2 (this last descriptor * plus the session), release the reference from the session. */ - if (td && vp == td->td_proc->p_session->s_ttyvp) { - oldvp = NULL; - sx_xlock(&proctree_lock); - if (vp == td->td_proc->p_session->s_ttyvp) { - SESS_LOCK(td->td_proc->p_session); - VI_LOCK(vp); - if (count_dev(dev) == 2 && - (vp->v_iflag & VI_DOOMED) == 0) { - td->td_proc->p_session->s_ttyvp = NULL; - td->td_proc->p_session->s_ttydp = NULL; - oldvp = vp; + if (td != NULL) { + p = td->td_proc; + PROC_LOCK(p); + if (vp == p->p_session->s_ttyvp) { + PROC_UNLOCK(p); + oldvp = NULL; + sx_xlock(&proctree_lock); + if (vp == p->p_session->s_ttyvp) { + SESS_LOCK(p->p_session); + VI_LOCK(vp); + if (count_dev(dev) == 2 && + (vp->v_iflag & VI_DOOMED) == 0) { + p->p_session->s_ttyvp = NULL; + p->p_session->s_ttydp = NULL; + oldvp = vp; + } + VI_UNLOCK(vp); + SESS_UNLOCK(p->p_session); } - VI_UNLOCK(vp); - SESS_UNLOCK(td->td_proc->p_session); - } - sx_xunlock(&proctree_lock); - if (oldvp != NULL) - vrele(oldvp); + sx_xunlock(&proctree_lock); + if (oldvp != NULL) + vrele(oldvp); + } else + PROC_UNLOCK(p); } /* * We do not want to really close the device if it @@ -816,6 +829,7 @@ devfs_prison_check(struct devfs_dirent * { struct cdev_priv *cdp; struct ucred *dcr; + struct proc *p; int error; cdp = de->de_cdp; @@ -829,10 +843,15 @@ devfs_prison_check(struct devfs_dirent * if (error == 0) return (0); /* We do, however, allow access to the controlling terminal */ - if (!(td->td_proc->p_flag & P_CONTROLT)) + p = td->td_proc; + PROC_LOCK(p); + if (!(p->p_flag & P_CONTROLT)) { + PROC_UNLOCK(p); return (error); - if (td->td_proc->p_session->s_ttydp == cdp) - return (0); + } + if (p->p_session->s_ttydp == cdp) + error = 0; + PROC_UNLOCK(p); return (error); }