In an SMP environment post-Giant it is no longer safe to blindly

dereference the struct sigio pointer without any locking. Change fgetown() to take a reference to the pointer instead of a copy of the pointer and call SIGIO_LOCK() before copying the pointer and dereferencing it. Reviewed by: rwatson
author: truckman <truckman@FreeBSD.org> 2002-10-03 02:13:00 +0000
committer: truckman <truckman@FreeBSD.org> 2002-10-03 02:13:00 +0000
commit: da2757cbc5b4e67753f56890f45f5f687cc298ae (patch)
tree: a99f59036961904f8470031c60cd1319fed1c7b9 /sys/kern/uipc_syscalls.c
parent: d86ebf792e644b705a6451c5a934d6fa545b3086 (diff)
download: FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.zip
FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 93e8615..24ee646 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -247,6 +247,7 @@ accept1(td, uap, compat)
 	struct socket *head, *so;
 	int fd;
 	u_int fflag;
+	pid_t pgid;
 
 	mtx_lock(&Giant);
 	fdp = td->td_proc->p_fd;
@@ -324,8 +325,9 @@ accept1(td, uap, compat)
 
 	so->so_state &= ~SS_COMP;
 	so->so_head = NULL;
-	if (head->so_sigio != NULL)
-		fsetown(fgetown(head->so_sigio), &so->so_sigio);
+	pgid = fgetown(&head->so_sigio);
+	if (pgid != 0)
+		fsetown(pgid, &so->so_sigio);
 
 	FILE_LOCK(nfp);
 	soref(so);			/* file descriptor reference */
author	truckman <truckman@FreeBSD.org>	2002-10-03 02:13:00 +0000
committer	truckman <truckman@FreeBSD.org>	2002-10-03 02:13:00 +0000
commit	da2757cbc5b4e67753f56890f45f5f687cc298ae (patch)
tree	a99f59036961904f8470031c60cd1319fed1c7b9 /sys/kern/uipc_syscalls.c
parent	d86ebf792e644b705a6451c5a934d6fa545b3086 (diff)
download	FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.zip FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.tar.gz