Date: Tue, 30 Dec 2008 12:51:56 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186601 - head/sys/kern Message-ID: <200812301251.mBUCpuUk093863@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Tue Dec 30 12:51:56 2008 New Revision: 186601 URL: http://svn.freebsd.org/changeset/base/186601 Log: Clear the pointers to the file in the struct filedesc before file is closed in fdfree. Otherwise, sysctl_kern_proc_filedesc may dereference stale struct file * values. Reported and tested by: pho MFC after: 1 month Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c ============================================================================== --- head/sys/kern/kern_descrip.c Tue Dec 30 12:51:14 2008 (r186600) +++ head/sys/kern/kern_descrip.c Tue Dec 30 12:51:56 2008 (r186601) @@ -1703,14 +1703,16 @@ fdfree(struct thread *td) FILEDESC_XUNLOCK(fdp); if (i > 0) return; - /* - * We are the last reference to the structure, so we can - * safely assume it will not change out from under us. - */ + fpp = fdp->fd_ofiles; for (i = fdp->fd_lastfile; i-- >= 0; fpp++) { - if (*fpp) - (void) closef(*fpp, td); + if (*fpp) { + FILEDESC_XLOCK(fdp); + fp = *fpp; + *fpp = NULL; + FILEDESC_XUNLOCK(fdp); + (void) closef(fp, td); + } } FILEDESC_XLOCK(fdp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812301251.mBUCpuUk093863>