Date: Sat, 08 Nov 2008 16:39:54 +0200 From: Alexander Motin <mav@FreeBSD.org> To: Attilio Rao <attilio@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r184762 - head/sys/netgraph Message-ID: <4915A4BA.6090701@FreeBSD.org> In-Reply-To: <3bbf2fe10811080513x2b8bd201gcf24562360374494@mail.gmail.com> References: <200811080625.mA86Pvhw003486@svn.freebsd.org> <3bbf2fe10811080513x2b8bd201gcf24562360374494@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Attilio Rao wrote: > 2008/11/8, Alexander Motin <mav@freebsd.org>: >> @@ -262,8 +264,14 @@ ngt_rcvmsg(node_p node, item_p item, hoo >> case NGM_TTY_SET_TTY: >> if (sc->tp != NULL) >> return (EBUSY); >> - error = ttyhook_register(&sc->tp, td, *(int *)msg->data, >> + >> + p = pfind(((int *)msg->data)[0]); >> + if (p == NULL) >> + return (ESRCH); >> + td = FIRST_THREAD_IN_PROC(p); >> + error = ttyhook_register(&sc->tp, td, ((int *)msg->data)[1], >> &ngt_hook, sc); >> + PROC_UNLOCK(p); >> if (error != 0) >> return (error); >> break; > > The threads iterator in strcut proc should be proc_slock protected, so > you need to grab/release it around FIRST_THREAD_IN_PROC(). thread_find() also asserts process locked, but then it traverses/dereferences/returns threads without any additional locking. -- Alexander Motin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4915A4BA.6090701>