svn commit: r252313 - head/sys/kern
Mateusz Guzik
mjguzik at gmail.com
Fri Jun 28 01:03:52 UTC 2013
On Thu, Jun 27, 2013 at 07:14:04PM +0000, Mikolaj Golub wrote:
> Author: trociny
> Date: Thu Jun 27 19:14:03 2013
> New Revision: 252313
> URL: http://svnweb.freebsd.org/changeset/base/252313
>
> Log:
> To avoid LOR, always drop the filedesc lock before exporting fd to sbuf.
>
> Reviewed by: kib
> MFC after: 3 days
>
> Modified:
> head/sys/kern/kern_descrip.c
>
> Modified: head/sys/kern/kern_descrip.c
> ==============================================================================
> --- head/sys/kern/kern_descrip.c Thu Jun 27 18:59:07 2013 (r252312)
> +++ head/sys/kern/kern_descrip.c Thu Jun 27 19:14:03 2013 (r252313)
> @@ -3427,12 +3427,10 @@ kern_proc_filedesc_out(struct proc *p,
> * re-validate and re-evaluate its properties when
> * the loop continues.
> */
> - if (type == KF_TYPE_VNODE || type == KF_TYPE_FIFO)
> - FILEDESC_SUNLOCK(fdp);
> + FILEDESC_SUNLOCK(fdp);
> error = export_fd_to_sb(data, type, i, fflags, refcnt,
> offset, fd_cap_rights, kif, sb, &remainder);
> - if (type == KF_TYPE_VNODE || type == KF_TYPE_FIFO)
> - FILEDESC_SLOCK(fdp);
> + FILEDESC_SLOCK(fdp);
> if (error)
> break;
> }
Is this really ok? What prevents given fd from going away during
export_fd_to_sb execution? Both DTYPE_VNODE and DTYPE_FIFO pass down
a vrefed vnode so these are safe. But for example DTYPE_SOCKET goes with
fp->f_data, which can go away in the meantime (or I'm misreading the code).
I suggest obtainng ref to fp and passing it down in all cases.
--
Mateusz Guzik <mjguzik gmail.com>
More information about the svn-src-head
mailing list