Date: Tue, 25 Mar 2014 23:30:36 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r263755 - head/sys/kern Message-ID: <201403252330.s2PNUaei052956@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Tue Mar 25 23:30:35 2014 New Revision: 263755 URL: http://svnweb.freebsd.org/changeset/base/263755 Log: Document a known problem with handling the process intended to receive SIGIO in /dev/devctl. Suggested by: adrian MFC after: 6 days Modified: head/sys/kern/subr_bus.c Modified: head/sys/kern/subr_bus.c ============================================================================== --- head/sys/kern/subr_bus.c Tue Mar 25 23:19:45 2014 (r263754) +++ head/sys/kern/subr_bus.c Tue Mar 25 23:30:35 2014 (r263755) @@ -490,6 +490,21 @@ devioctl(struct cdev *dev, u_long cmd, c devsoftc.nonblock = 0; return (0); case FIOASYNC: + /* + * FIXME: + * Since this is a simple assignment there is no guarantee that + * devsoftc.async_proc consumers will get a valid pointer. + * + * Example scenario where things break (processes A and B): + * 1. A opens devctl + * 2. A sends fd to B + * 3. B sets itself as async_proc + * 4. B exits + * + * However, normally this requires root privileges and the only + * in-tree consumer does not behave in a dangerous way so the + * issue is not critical. + */ if (*(int*)data) devsoftc.async_proc = td->td_proc; else @@ -575,6 +590,7 @@ devctl_queue_data_f(char *data, int flag cv_broadcast(&devsoftc.cv); mtx_unlock(&devsoftc.mtx); selwakeup(&devsoftc.sel); + /* XXX see a comment in devioctl */ p = devsoftc.async_proc; if (p != NULL) { PROC_LOCK(p);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403252330.s2PNUaei052956>