svn commit: r189044 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb kern

Robert Watson rwatson at FreeBSD.org
Wed Feb 25 07:04:32 PST 2009


Author: rwatson
Date: Wed Feb 25 15:04:30 2009
New Revision: 189044
URL: http://svn.freebsd.org/changeset/base/189044

Log:
  Merge r188485 from head to stable/7:
  
    Modify fdcopy() so that, during fork(2), it won't copy file descriptors
    from the parent to the child process if they have an operation vector
    of &badfileops.  This narrows a set of races involving system calls that
    allocate a new file descriptor, potentially block for some extended
    period, and then return the file descriptor, when invoked by a threaded
    program that concurrently invokes fork(2).  Similar approches are used
    in both Solaris and Linux, and the wideness of this race was introduced
    in FreeBSD when we moved to a more optimistic implementation of
    accept(2) in order to simplify locking.
  
    A small race necessarily remains because the fork(2) might occur after
    the finit() in accept(2) but before the system call has returned, but
    that appears unavoidable using current APIs.  However, this race is
    vastly narrower.
  
    The fix can be validated using the newfileops_on_fork regression test.
  
    PR:           kern/130348
    Reported by:  Ivan Shcheklein <shcheklein at gmail dot com>
    Reviewed by:  jhb, kib

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/kern/kern_descrip.c

Modified: stable/7/sys/kern/kern_descrip.c
==============================================================================
--- stable/7/sys/kern/kern_descrip.c	Wed Feb 25 15:01:26 2009	(r189043)
+++ stable/7/sys/kern/kern_descrip.c	Wed Feb 25 15:04:30 2009	(r189044)
@@ -1613,7 +1613,8 @@ fdcopy(struct filedesc *fdp)
 	newfdp->fd_freefile = -1;
 	for (i = 0; i <= fdp->fd_lastfile; ++i) {
 		if (fdisused(fdp, i) &&
-		    fdp->fd_ofiles[i]->f_type != DTYPE_KQUEUE) {
+		    fdp->fd_ofiles[i]->f_type != DTYPE_KQUEUE &&
+		    fdp->fd_ofiles[i]->f_ops != &badfileops) {
 			newfdp->fd_ofiles[i] = fdp->fd_ofiles[i];
 			newfdp->fd_ofileflags[i] = fdp->fd_ofileflags[i];
 			fhold(newfdp->fd_ofiles[i]);


More information about the svn-src-stable-7 mailing list