Date: Sat, 23 Oct 2004 20:55:58 +0400 (MSD) From: Igor Sysoev <is@rambler-co.ru> To: Uwe Doering <gemini@geminix.org> Cc: freebsd-stable@freebsd.org Subject: Re: panic caused by EVFILT_SIGNAL detaching in rfork()ed thread Message-ID: <20041023204914.S6546@is.park.rambler.ru> In-Reply-To: <417A6347.8090207@geminix.org> References: <20041023003246.Y91215@is.park.rambler.ru> <417A6347.8090207@geminix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Oct 2004, Uwe Doering wrote: > Igor Sysoev wrote: > > Here is more correct patch to fix the panic in 4.x reported in > > http://freebsd.rambler.ru/bsdmail/freebsd-hackers_2004/msg02732.html > > > > ------------------------- > > --- src/sys/kern/kern_event.c Sun Oct 10 12:17:55 2004 > > +++ src/sys/kern/kern_event.c Sun Oct 10 12:19:29 2004 > > @@ -794,7 +794,8 @@ > > while (kn != NULL) { > > kn0 = SLIST_NEXT(kn, kn_link); > > if (kq == kn->kn_kq) { > > - kn->kn_fop->f_detach(kn); > > + if (!(kn->kn_status & KN_DETACHED)) > > + kn->kn_fop->f_detach(kn); > > /* XXX non-fd release of kn->kn_ptr */ > > knote_free(kn); > > *knp = kn0; > > ------------------------- > > Your patch appears to be an excerpt from the fix to RELENG_5. May I > suggest a different approach for RELENG_4? My reasoning is that the > implementation of kevents differs between RELENG_4 and RELENG_5. I agree with your patch. It is similar to my early patch, however, I think that is more correctly to check (kn->kn_status & KN_DETACHED) instead of !SLIST_EMPTY(&p->p_klist). > Also, it would probably be a good idea to fix RELENG_4 swiftly (and > possibly release a security advisory) because this flaw is certainly a > great DoS opportunity for maliciously minded shell users ... Yes. Igor Sysoev http://sysoev.ru/en/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041023204914.S6546>