MFC rev. 1.198 of sys/kern/sys_pipe.c,
rev. 1.30 of sys/sys/pipe.h
AKA r179243.
Another problem caused by the knlist_cleardel() potentially dropping
PIPE_MTX().
Since the pipe_present is cleared before (potentially) sleeping, the
second thread may enter the pipeclose() for the reciprocal pipe end.
The test at the end of the pipeclose() for the pipe_present == 0 would
succeed, allowing the second thread to free the pipe memory. First
threads then accesses the freed memory after being woken up.
Properly track the closing state of the pipe in the pipe_present.
Introduce the intermediate state that marks the pipe as mostly
dismantled but might be sleeping waiting for the knote list to be
cleared. Free the pipe pair memory only when both ends pass that point.
projects / FreeBSD / FreeBSD.git / commit