svn commit: r186601 - head/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Tue Dec 30 12:51:57 UTC 2008
Author: kib
Date: Tue Dec 30 12:51:56 2008
New Revision: 186601
URL: http://svn.freebsd.org/changeset/base/186601
Log:
Clear the pointers to the file in the struct filedesc before file is closed
in fdfree. Otherwise, sysctl_kern_proc_filedesc may dereference stale
struct file * values.
Reported and tested by: pho
MFC after: 1 month
Modified:
head/sys/kern/kern_descrip.c
Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c Tue Dec 30 12:51:14 2008 (r186600)
+++ head/sys/kern/kern_descrip.c Tue Dec 30 12:51:56 2008 (r186601)
@@ -1703,14 +1703,16 @@ fdfree(struct thread *td)
FILEDESC_XUNLOCK(fdp);
if (i > 0)
return;
- /*
- * We are the last reference to the structure, so we can
- * safely assume it will not change out from under us.
- */
+
fpp = fdp->fd_ofiles;
for (i = fdp->fd_lastfile; i-- >= 0; fpp++) {
- if (*fpp)
- (void) closef(*fpp, td);
+ if (*fpp) {
+ FILEDESC_XLOCK(fdp);
+ fp = *fpp;
+ *fpp = NULL;
+ FILEDESC_XUNLOCK(fdp);
+ (void) closef(fp, td);
+ }
}
FILEDESC_XLOCK(fdp);
More information about the svn-src-all
mailing list