]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 05a0acb) | patch
Fix cleanup race between unp_dispose and unp_gc
authorcem <cem@FreeBSD.org>
Tue, 14 Jul 2015 02:00:50 +0000 (02:00 +0000)
committercem <cem@FreeBSD.org>
Tue, 14 Jul 2015 02:00:50 +0000 (02:00 +0000)
commit576619e564618bca3675db57580d8e1f76bd2ac7
tree739399a2fae275099b377fb3967997e0a672d3b6tree | snapshot
parent05a0acba04631454bc202315fdcc3a3cd8119838commit | diff
Fix cleanup race between unp_dispose and unp_gc

unp_dispose and unp_gc could race to teardown the same mbuf chains, which
can lead to dereferencing freed filedesc pointers.

This patch adds an IGNORE_RIGHTS flag on unpcbs marking the unpcb's RIGHTS
as invalid/freed. The flag is protected by UNP_LIST_LOCK.

To serialize against unp_gc, unp_dispose needs the socket object. Change the
dom_dispose() KPI to take a socket object instead of an mbuf chain directly.

PR: 194264
Differential Revision: https://reviews.freebsd.org/D3044
Reviewed by: mjg (earlier version)
Approved by: markj (mentor)
Obtained from: mjg
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
sys/kern/uipc_socket.c diff | blob | history
sys/kern/uipc_usrreq.c diff | blob | history
sys/sys/domain.h diff | blob | history
sys/sys/unpcb.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.