Diffusion FreeBSD src repository - subversion rS285522

Fix cleanup race between unp_dispose and unp_gc
rS285522
Actions

Description

Fix cleanup race between unp_dispose and unp_gc

unp_dispose and unp_gc could race to teardown the same mbuf chains, which
can lead to dereferencing freed filedesc pointers.

This patch adds an IGNORE_RIGHTS flag on unpcbs marking the unpcb's RIGHTS
as invalid/freed. The flag is protected by UNP_LIST_LOCK.

To serialize against unp_gc, unp_dispose needs the socket object. Change the
dom_dispose() KPI to take a socket object instead of an mbuf chain directly.

PR: 194264
Differential Revision: https://reviews.freebsd.org/D3044
Reviewed by: mjg (earlier version)
Approved by: markj (mentor)
Obtained from: mjg
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division

Details

Provenance

cem	Authored on

Reviewer

mjg

Differential Revision

D3044: PR 194264: Fix race between unp_dispose and unp_gc

Parents

rS285521: Document r281708, psm(4) enhancements.

Branches

Unknown

Tags

Unknown

Event Timeline

cem committed rS285522: Fix cleanup race between unp_dispose and unp_gc.Jul 14 2015, 2:00 AM

I dont see this patch in stable 10. Is there a reason this diff was not committed to stable 10 ? I am having a conflict when I try to merge https://reviews.freebsd.org/rS303855 to stable 10 ?