Date: Sun, 14 Feb 1999 16:20:23 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Julian Elischer <julian@whistle.com> Cc: hackers@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Again: sorflush() bug fix in uipc_usrreq.c -- need someone to review this Message-ID: <199902150020.QAA10642@apollo.backplane.com> References: <Pine.BSF.3.95.990214143100.11800B-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:I'm not convinced that it may not be impossible to get anything but
:socket fds in the 'hitlist' Since to get on it the fd must be involved in
:a cyclical reference (see the big comment in prior code).
:still the check can't hurt..
:
:julian
good 'nuf for me.
I traced through the code and I believe it can happen. What has to happen
is that you have to have two processes passing file descriptors to each
other over a unix domain socket, and have both processes die while
descriptors are 'in transit'. You get into trouble if you happen to be
passing a non-socket descriptor over the socket when that condition occurs.
The cyclical reference problem is a different problem - the hitlist is
constructed whether there is cycle or not. The problem with the cyclical
bug was that the same descriptor would wind up being double-closed or
double-flushed due to the recursion. This particular bug was fixed a long
time ago.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902150020.QAA10642>