On Sat, 23 Oct 2004, Uwe Doering wrote: > Igor Sysoev wrote: > > Here is more correct patch to fix the panic in 4.x reported in > > http://freebsd.rambler.ru/bsdmail/freebsd-hackers_2004/msg02732.html > > > > ------------------------- > > --- src/sys/kern/kern_event.c Sun Oct 10 12:17:55 2004 > > +++ src/sys/kern/kern_event.c Sun Oct 10 12:19:29 2004 > > @@ -794,7 +794,8 @@ > > while (kn != NULL) { > > kn0 = SLIST_NEXT(kn, kn_link); > > if (kq == kn->kn_kq) { > > - kn->kn_fop->f_detach(kn); > > + if (!(kn->kn_status & KN_DETACHED)) > > + kn->kn_fop->f_detach(kn); > > /* XXX non-fd release of kn->kn_ptr */ > > knote_free(kn); > > *knp = kn0; > > ------------------------- > > Your patch appears to be an excerpt from the fix to RELENG_5. May I > suggest a different approach for RELENG_4? My reasoning is that the > implementation of kevents differs between RELENG_4 and RELENG_5.
I agree with your patch. It is similar to my early patch, however, I think that is more correctly to check (kn->kn_status & KN_DETACHED) instead of !SLIST_EMPTY(&p->p_klist). > Also, it would probably be a good idea to fix RELENG_4 swiftly (and > possibly release a security advisory) because this flaw is certainly a > great DoS opportunity for maliciously minded shell users ... Yes. Igor Sysoev http://sysoev.ru/en/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"