From owner-freebsd-audit Mon Mar 5 1:38:46 2001 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 558) id 3BAE837B718; Mon, 5 Mar 2001 01:38:40 -0800 (PST) To: alfred@FreeBSD.ORG, bmilekic@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: protecting cr_ref and ui_ref in -stable Message-Id: <20010305093840.3BAE837B718@hub.freebsd.org> Date: Mon, 5 Mar 2001 01:38:40 -0800 (PST) From: hsu@FreeBSD.ORG (Jeffrey Hsu) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is something like the following needed in -stable? -current protects these structures with a mutex and I've had panics in -stable from bad reference counts. Index: sys/resourcevar.h =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/sys/resourcevar.h,v retrieving revision 1.16.2.1 diff -u -r1.16.2.1 resourcevar.h --- sys/resourcevar.h 2000/09/07 19:13:55 1.16.2.1 +++ sys/resourcevar.h 2001/03/05 09:28:17 @@ -93,7 +93,12 @@ }; #ifdef _KERNEL -#define uihold(uip) (uip)->ui_ref++ +#define uihold(uip) do { \ + int s = splnet(); \ + (uip)->ui_ref++; \ + splx(s); \ +} while(0) + struct proc; void addupc_intr __P((struct proc *p, u_long pc, u_int ticks)); Index: sys/ucred.h =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/sys/ucred.h,v retrieving revision 1.14.2.3 diff -u -r1.14.2.3 ucred.h --- sys/ucred.h 2000/10/28 02:10:30 1.14.2.3 +++ sys/ucred.h 2001/03/05 09:26:27 @@ -55,7 +55,11 @@ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ #ifdef _KERNEL -#define crhold(cr) (cr)->cr_ref++ +#define crhold(cr) do { \ + int s = splnet(); \ + (cr)->cr_ref++; \ + splx(s); \ +} while (0) struct proc; Index: kern/kern_prot.c =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/kern/kern_prot.c,v retrieving revision 1.53.2.6 diff -u -r1.53.2.6 kern_prot.c --- kern/kern_prot.c 2000/12/09 02:44:47 1.53.2.6 +++ kern/kern_prot.c 2001/03/05 09:32:33 @@ -998,6 +998,9 @@ crfree(cr) struct ucred *cr; { + int s; + + s = splnet(); if (--cr->cr_ref == 0) { /* * Some callers of crget(), such as nfs_statfs(), @@ -1008,6 +1011,7 @@ uifree(cr->cr_uidinfo); FREE((caddr_t)cr, M_CRED); } + splx(s); } /* @@ -1018,9 +1022,15 @@ struct ucred *cr; { struct ucred *newcr; + int s; + - if (cr->cr_ref == 1) + s = splnet(); + if (cr->cr_ref == 1) { + splx(s); return (cr); + } + splx(s); newcr = crget(); *newcr = *cr; uihold(newcr->cr_uidinfo); Index: kern/kern_resource.c =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/kern/kern_resource.c,v retrieving revision 1.55.2.4 diff -u -r1.55.2.4 kern_resource.c --- kern/kern_resource.c 2001/03/02 17:12:35 1.55.2.4 +++ kern/kern_resource.c 2001/03/05 09:29:35 @@ -718,11 +718,14 @@ uid_t uid; { struct uidinfo *uip; + int s; uip = uilookup(uid); if (uip == NULL) uip = uicreate(uid); + s = splnet(); uip->ui_ref++; + splx(s); return (uip); } @@ -731,7 +734,11 @@ struct uidinfo *uip; { + int s; + + s = splnet(); if (--uip->ui_ref == 0) { + splx(s); if (uip->ui_sbsize != 0) /* XXX no %qd in kernel. Truncate. */ printf("freeing uidinfo: uid = %d, sbsize = %ld\n", @@ -743,6 +750,7 @@ FREE(uip, M_UIDINFO); return (1); } + splx(s); return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message