diff options
| author | truckman <truckman@FreeBSD.org> | 2002-10-03 02:13:00 +0000 |
|---|---|---|
| committer | truckman <truckman@FreeBSD.org> | 2002-10-03 02:13:00 +0000 |
| commit | da2757cbc5b4e67753f56890f45f5f687cc298ae (patch) | |
| tree | a99f59036961904f8470031c60cd1319fed1c7b9 /sys/kern | |
| parent | d86ebf792e644b705a6451c5a934d6fa545b3086 (diff) | |
| download | FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.zip FreeBSD-src-da2757cbc5b4e67753f56890f45f5f687cc298ae.tar.gz | |
In an SMP environment post-Giant it is no longer safe to blindly
dereference the struct sigio pointer without any locking. Change
fgetown() to take a reference to the pointer instead of a copy of the
pointer and call SIGIO_LOCK() before copying the pointer and
dereferencing it.
Reviewed by: rwatson
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_descrip.c | 11 | ||||
| -rw-r--r-- | sys/kern/subr_log.c | 4 | ||||
| -rw-r--r-- | sys/kern/sys_pipe.c | 4 | ||||
| -rw-r--r-- | sys/kern/sys_socket.c | 4 | ||||
| -rw-r--r-- | sys/kern/tty.c | 2 | ||||
| -rw-r--r-- | sys/kern/uipc_syscalls.c | 6 |
6 files changed, 19 insertions, 12 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 6b22f55..b464caf 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -775,10 +775,15 @@ fail: * This is common code for FIOGETOWN ioctl called by fcntl(fd, F_GETOWN, arg). */ pid_t -fgetown(sigio) - struct sigio *sigio; +fgetown(sigiop) + struct sigio **sigiop; { - return (sigio != NULL ? sigio->sio_pgid : 0); + pid_t pgid; + + SIGIO_LOCK(); + pgid = (*sigiop != NULL) ? (*sigiop)->sio_pgid : 0; + SIGIO_UNLOCK(); + return (pgid); } /* diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index 0198557..4caa153 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -239,7 +239,7 @@ logioctl(dev_t dev, u_long com, caddr_t data, int flag, struct thread *td) return (fsetown(*(int *)data, &logsoftc.sc_sigio)); case FIOGETOWN: - *(int *)data = fgetown(logsoftc.sc_sigio); + *(int *)data = fgetown(&logsoftc.sc_sigio); break; /* This is deprecated, FIOSETOWN should be used instead. */ @@ -248,7 +248,7 @@ logioctl(dev_t dev, u_long com, caddr_t data, int flag, struct thread *td) /* This is deprecated, FIOGETOWN should be used instead */ case TIOCGPGRP: - *(int *)data = -fgetown(logsoftc.sc_sigio); + *(int *)data = -fgetown(&logsoftc.sc_sigio); break; default: diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c index 0931262..7acaf9d 100644 --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -1204,7 +1204,7 @@ pipe_ioctl(fp, cmd, data, active_cred, td) case FIOGETOWN: PIPE_UNLOCK(mpipe); - *(int *)data = fgetown(mpipe->pipe_sigio); + *(int *)data = fgetown(&mpipe->pipe_sigio); return (0); /* This is deprecated, FIOSETOWN should be used instead. */ @@ -1215,7 +1215,7 @@ pipe_ioctl(fp, cmd, data, active_cred, td) /* This is deprecated, FIOGETOWN should be used instead. */ case TIOCGPGRP: PIPE_UNLOCK(mpipe); - *(int *)data = -fgetown(mpipe->pipe_sigio); + *(int *)data = -fgetown(&mpipe->pipe_sigio); return (0); } diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index b4a9442..46e8384 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -131,14 +131,14 @@ soo_ioctl(fp, cmd, data, active_cred, td) return (fsetown(*(int *)data, &so->so_sigio)); case FIOGETOWN: - *(int *)data = fgetown(so->so_sigio); + *(int *)data = fgetown(&so->so_sigio); return (0); case SIOCSPGRP: return (fsetown(-(*(int *)data), &so->so_sigio)); case SIOCGPGRP: - *(int *)data = -fgetown(so->so_sigio); + *(int *)data = -fgetown(&so->so_sigio); return (0); case SIOCATMARK: diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 717b123..e749020 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -827,7 +827,7 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag) case FIOGETOWN: if (tp->t_session != NULL && !isctty(p, tp)) return (ENOTTY); - *(int *)data = fgetown(tp->t_sigio); + *(int *)data = fgetown(&tp->t_sigio); break; case TIOCEXCL: /* set exclusive use of tty */ diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 93e8615..24ee646 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -247,6 +247,7 @@ accept1(td, uap, compat) struct socket *head, *so; int fd; u_int fflag; + pid_t pgid; mtx_lock(&Giant); fdp = td->td_proc->p_fd; @@ -324,8 +325,9 @@ accept1(td, uap, compat) so->so_state &= ~SS_COMP; so->so_head = NULL; - if (head->so_sigio != NULL) - fsetown(fgetown(head->so_sigio), &so->so_sigio); + pgid = fgetown(&head->so_sigio); + if (pgid != 0) + fsetown(pgid, &so->so_sigio); FILE_LOCK(nfp); soref(so); /* file descriptor reference */ |
