Alfred Perlstein <[EMAIL PROTECTED]> writes:
> * Dag-Erling Smorgrav <[EMAIL PROTECTED]> [020318 08:23] wrote:
> > Alfred Perlstein <[EMAIL PROTECTED]> writes:
> > > I think you're right, I'm pretty sure the fix is basically moving
> > > the p->p_fd = NULL to after the closef will fix things [...]
> > There will still be a race...
> Are you sure? :)
Almost, though I think the window will be much smaller than it is now.
The only way I see of avoiding it alltogether is to protect p->p_fd
and its mutex with allproc_lock (IOW, destroy the table as the last
thing you do before zombifying the process)
> Btw, is there a way to easily reproduce this bug?
No, it's a race condition, which makes it hard to trigger on purpose.
The problem with your patch is that *every* place in the kernel that
calls FILEDESC_LOCK needs to first acquire the proc lock and check if
p->p_fd is NULL.
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message