Date: Mon, 15 Jul 2002 23:24:16 -0700 From: Alfred Perlstein <bright@mu.org> To: David Xu <davidx@viasoft.com.cn> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: race condition in kern_descrip.c and fix Message-ID: <20020716062416.GT77219@elvis.mu.org> In-Reply-To: <200207160547.NAA08469@mail.viasoft.com.cn> References: <200207160547.NAA08469@mail.viasoft.com.cn>
next in thread | previous in thread | raw e-mail | index | archive | help
* David Xu <davidx@viasoft.com.cn> [020715 22:31] wrote: > I found a race condition in kern_descrip.c, the race is in function falloc(), > it opens a race window at line 1147: You're right, however I'd appreciate it if you'd look deeper into the possiblity of races in this code before committing this patch to make sure we don't want to do this another way. > FILEDESC_UNLOCK(p->p_fd); > sx_xlock(&filelist_lock); > FILEDESC_LOCK(p->p_fd); > > fix: > --- kern_descrip.c Tue Jul 16 12:29:44 2002 > +++ kern_descrip.c.new Tue Jul 16 12:26:50 2002 > @@ -1107,6 +1107,7 @@ > register struct file *fp, *fq; > int error, i; > > +retry: > sx_xlock(&filelist_lock); > if (nfiles >= maxfiles) { > sx_xunlock(&filelist_lock); > @@ -1151,6 +1152,13 @@ > LIST_INSERT_AFTER(fq, fp, f_list); > } else { > LIST_INSERT_HEAD(&filehead, fp, f_list); > + } > + if (p->p_fd->fd_ofiles[i] != NULL) { > + fp->f_count = 0; > + FILEDESC_UNLOCK(p->p_fd); > + sx_xunlock(&filelist_lock); > + ffree(fp); > + goto retry; > } > p->p_fd->fd_ofiles[i] = fp; > FILEDESC_UNLOCK(p->p_fd); > --- > > David Xu -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716062416.GT77219>