Alfred Perlstein <[EMAIL PROTECTED]> writes: > * Dag-Erling Smorgrav <[EMAIL PROTECTED]> [020318 08:23] wrote: > > Alfred Perlstein <[EMAIL PROTECTED]> writes: > > > I think you're right, I'm pretty sure the fix is basically moving > > > the p->p_fd = NULL to after the closef will fix things [...] > > There will still be a race... > Are you sure? :)
Almost, though I think the window will be much smaller than it is now. The only way I see of avoiding it alltogether is to protect p->p_fd and its mutex with allproc_lock (IOW, destroy the table as the last thing you do before zombifying the process) > Btw, is there a way to easily reproduce this bug? No, it's a race condition, which makes it hard to trigger on purpose. The problem with your patch is that *every* place in the kernel that calls FILEDESC_LOCK needs to first acquire the proc lock and check if p->p_fd is NULL. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message