svn commit: r340897 - head/sys/kern
Mark Johnston
markj at FreeBSD.org
Sat Nov 24 16:41:30 UTC 2018
Author: markj
Date: Sat Nov 24 16:41:29 2018
New Revision: 340897
URL: https://svnweb.freebsd.org/changeset/base/340897
Log:
Lock the knlist before releasing the in-flux state in knote_fork().
Otherwise there is a window, before iteration is resumed, during which
the knote may be freed. The in-flux state ensures that the knote will
not be removed from the knlist while locks are dropped.
PR: 228858
Reviewed by: kib
Tested by: pho
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18316
Modified:
head/sys/kern/kern_event.c
Modified: head/sys/kern/kern_event.c
==============================================================================
--- head/sys/kern/kern_event.c Sat Nov 24 16:31:43 2018 (r340896)
+++ head/sys/kern/kern_event.c Sat Nov 24 16:41:29 2018 (r340897)
@@ -600,10 +600,10 @@ knote_fork(struct knlist *list, int pid)
kn->kn_fflags |= NOTE_TRACKERR;
if (kn->kn_fop->f_event(kn, NOTE_FORK))
KNOTE_ACTIVATE(kn, 0);
+ list->kl_lock(list->kl_lockarg);
KQ_LOCK(kq);
kn_leave_flux(kn);
KQ_UNLOCK_FLUX(kq);
- list->kl_lock(list->kl_lockarg);
}
list->kl_unlock(list->kl_lockarg);
}
More information about the svn-src-all
mailing list