Alfred Perlstein <[EMAIL PROTECTED]> writes:
> * Dag-Erling Smorgrav <[EMAIL PROTECTED]> [020318 08:23] wrote:
> > Alfred Perlstein <[EMAIL PROTECTED]> writes:
> > > I think you're right, I'm pretty sure the fix is basically moving
> > > the p->p_fd = NULL to after the closef will fix things [...]
> > There will still be a race...
> Are you sure? :)

Almost, though I think the window will be much smaller than it is now.
The only way I see of avoiding it alltogether is to protect p->p_fd
and its mutex with allproc_lock (IOW, destroy the table as the last
thing you do before zombifying the process)

> Btw, is there a way to easily reproduce this bug?

No, it's a race condition, which makes it hard to trigger on purpose.

The problem with your patch is that *every* place in the kernel that
calls FILEDESC_LOCK needs to first acquire the proc lock and check if
p->p_fd is NULL.

Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to