Date: Tue, 16 Jul 2002 13:21:20 +0800 From: David Xu <davidx@viasoft.com.cn> To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: race condition in kern_descrip.c and fix Message-ID: <200207160547.NAA08469@mail.viasoft.com.cn>
next in thread | raw e-mail | index | archive | help
I found a race condition in kern_descrip.c, the race is in function falloc(),
it opens a race window at line 1147:
FILEDESC_UNLOCK(p->p_fd);
sx_xlock(&filelist_lock);
FILEDESC_LOCK(p->p_fd);
fix:
--- kern_descrip.c Tue Jul 16 12:29:44 2002
+++ kern_descrip.c.new Tue Jul 16 12:26:50 2002
@@ -1107,6 +1107,7 @@
register struct file *fp, *fq;
int error, i;
+retry:
sx_xlock(&filelist_lock);
if (nfiles >= maxfiles) {
sx_xunlock(&filelist_lock);
@@ -1151,6 +1152,13 @@
LIST_INSERT_AFTER(fq, fp, f_list);
} else {
LIST_INSERT_HEAD(&filehead, fp, f_list);
+ }
+ if (p->p_fd->fd_ofiles[i] != NULL) {
+ fp->f_count = 0;
+ FILEDESC_UNLOCK(p->p_fd);
+ sx_xunlock(&filelist_lock);
+ ffree(fp);
+ goto retry;
}
p->p_fd->fd_ofiles[i] = fp;
FILEDESC_UNLOCK(p->p_fd);
---
David Xu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207160547.NAA08469>