Diffusion FreeBSD src repository - subversion rS167783

If vn_open() fails during kern_open(), don't fdrop() the new file object
rS167783Unpublished
Actions

Unpublished Commit · Learn More

No further details are available.

Description

If vn_open() fails during kern_open(), don't fdrop() the new file object
until after the call to fdclose(). This closes an obscure race that
could result in the later call to fdclose() actually closing a different
file descriptor if another thread close()'s the file descriptor being
opened before fdrop() is called, so the fdrop() in kern_open() frees the
file object, then the second thread (or a third) creates a new file
descriptor which reuses both the same index and the same file pointer
thus tricking fdclose() in the first thread into thinking that the
original file was still open.

MFC after: 1 week

Details

Provenance

jhb	Authored on

Parents

rS167782: Handle the case when a thread is blocked on a lockmgr lock with LK_DRAIN

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

head/

sys/

kern/

vfs_syscalls.c

rS167783

View Options

head/sys/kern/vfs_syscalls.c

If vn_open() fails during kern_open(), don't fdrop() the new file objectrS167783UnpublishedActions