HomeFreeBSD

Fix a file descriptor race I reintroduced when I split accept1() up into

Description

Fix a file descriptor race I reintroduced when I split accept1() up into
kern_accept() and accept1(). If another thread closed the new file
descriptor and the first thread later got an error trying to copyout the
socket address, then it would attempt to close the wrong file object. To
fix, add a struct file ** argument to kern_accept(). If it is non-NULL,
then on success kern_accept() will store a pointer to the new file object
there and not release any of the references. It is up to the calling code
to drop the references appropriately (including a call to fdclose() in case
of error to safely handle the aforementioned race). While I'm at it, go
ahead and fix the svr4 streams code to not leak the accept fd if it gets an
error trying to copyout the streams structures.

Details

Provenance
jhbAuthored on Jul 27 2006, 7:54 PM
Parents
rG00f18569054f: Add missing ptrace(2) system-call stops to various syscall()
Branches
Unknown
Tags
Unknown

Event Timeline