diff options
author | kib <kib@FreeBSD.org> | 2008-12-30 12:51:56 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2008-12-30 12:51:56 +0000 |
commit | 2349a65923842226ae7c1ed630f1d87991af065f (patch) | |
tree | 7135e4581cdd1907c670846ab78199621dd7bc4e /sys/kern | |
parent | c81ec4dc0cecf45dc086334679db54d433ea478d (diff) | |
download | FreeBSD-src-2349a65923842226ae7c1ed630f1d87991af065f.zip FreeBSD-src-2349a65923842226ae7c1ed630f1d87991af065f.tar.gz |
Clear the pointers to the file in the struct filedesc before file is closed
in fdfree. Otherwise, sysctl_kern_proc_filedesc may dereference stale
struct file * values.
Reported and tested by: pho
MFC after: 1 month
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_descrip.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index c981411..648d27e 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1703,14 +1703,16 @@ fdfree(struct thread *td) FILEDESC_XUNLOCK(fdp); if (i > 0) return; - /* - * We are the last reference to the structure, so we can - * safely assume it will not change out from under us. - */ + fpp = fdp->fd_ofiles; for (i = fdp->fd_lastfile; i-- >= 0; fpp++) { - if (*fpp) - (void) closef(*fpp, td); + if (*fpp) { + FILEDESC_XLOCK(fdp); + fp = *fpp; + *fpp = NULL; + FILEDESC_XUNLOCK(fdp); + (void) closef(fp, td); + } } FILEDESC_XLOCK(fdp); |