diff options
| author | dillon <dillon@FreeBSD.org> | 2000-11-18 21:01:04 +0000 |
|---|---|---|
| committer | dillon <dillon@FreeBSD.org> | 2000-11-18 21:01:04 +0000 |
| commit | 15a44d16ca10bf52da55462560c345940cd19b38 (patch) | |
| tree | 8d59044fc11c59a31ff7d5eb596055dcd4bfa68c /sys/nfs | |
| parent | fd59970ee1df44d623fb078d21e32c352d64b79f (diff) | |
| download | FreeBSD-src-15a44d16ca10bf52da55462560c345940cd19b38.zip FreeBSD-src-15a44d16ca10bf52da55462560c345940cd19b38.tar.gz | |
This patchset fixes a large number of file descriptor race conditions.
Pre-rfork code assumed inherent locking of a process's file descriptor
array. However, with the advent of rfork() the file descriptor table
could be shared between processes. This patch closes over a dozen
serious race conditions related to one thread manipulating the table
(e.g. closing or dup()ing a descriptor) while another is blocked in
an open(), close(), fcntl(), read(), write(), etc...
PR: kern/11629
Discussed with: Alexander Viro <viro@math.psu.edu>
Diffstat (limited to 'sys/nfs')
| -rw-r--r-- | sys/nfs/nfs_syscalls.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/nfs/nfs_syscalls.c b/sys/nfs/nfs_syscalls.c index 1e0162f..83cc56b 100644 --- a/sys/nfs/nfs_syscalls.c +++ b/sys/nfs/nfs_syscalls.c @@ -194,7 +194,7 @@ nfssvc(p, uap) error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg)); if (error) return (error); - error = getsock(p->p_fd, nfsdarg.sock, &fp); + error = holdsock(p->p_fd, nfsdarg.sock, &fp); if (error) return (error); /* @@ -205,10 +205,13 @@ nfssvc(p, uap) else { error = getsockaddr(&nam, nfsdarg.name, nfsdarg.namelen); - if (error) + if (error) { + fdrop(fp, p); return (error); + } } error = nfssvc_addsock(fp, nam, p); + fdrop(fp, p); } else { error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd)); if (error) |
