svn commit: r263962 - stable/10/sys/kern
Mateusz Guzik
mjg at FreeBSD.org
Mon Mar 31 02:44:44 UTC 2014
Author: mjg
Date: Mon Mar 31 02:44:43 2014
New Revision: 263962
URL: http://svnweb.freebsd.org/changeset/base/263962
Log:
MFC r263755:
Document a known problem with handling the process intended to receive
SIGIO in /dev/devctl.
Modified:
stable/10/sys/kern/subr_bus.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/kern/subr_bus.c
==============================================================================
--- stable/10/sys/kern/subr_bus.c Mon Mar 31 02:30:55 2014 (r263961)
+++ stable/10/sys/kern/subr_bus.c Mon Mar 31 02:44:43 2014 (r263962)
@@ -497,6 +497,21 @@ devioctl(struct cdev *dev, u_long cmd, c
devsoftc.nonblock = 0;
return (0);
case FIOASYNC:
+ /*
+ * FIXME:
+ * Since this is a simple assignment there is no guarantee that
+ * devsoftc.async_proc consumers will get a valid pointer.
+ *
+ * Example scenario where things break (processes A and B):
+ * 1. A opens devctl
+ * 2. A sends fd to B
+ * 3. B sets itself as async_proc
+ * 4. B exits
+ *
+ * However, normally this requires root privileges and the only
+ * in-tree consumer does not behave in a dangerous way so the
+ * issue is not critical.
+ */
if (*(int*)data)
devsoftc.async_proc = td->td_proc;
else
@@ -582,6 +597,7 @@ devctl_queue_data_f(char *data, int flag
cv_broadcast(&devsoftc.cv);
mtx_unlock(&devsoftc.mtx);
selwakeup(&devsoftc.sel);
+ /* XXX see a comment in devioctl */
p = devsoftc.async_proc;
if (p != NULL) {
PROC_LOCK(p);
More information about the svn-src-all
mailing list