svn commit: r249953 - stable/9/sys/kern

Fri Apr 26 21:07:28 UTC 2013

Author: jilles
Date: Fri Apr 26 21:07:27 2013
New Revision: 249953
URL: http://svnweb.freebsd.org/changeset/base/249953

Log:
  MFC r249233: mqueue,ksem,shm: Fix race condition with setting UF_EXCLOSE.
  
  POSIX mqueue, compatibility ksem and POSIX shm create a file descriptor that
  has close-on-exec set. However, they do this incorrectly, leaving a window
  where a thread may fork and exec while the flag has not been set yet. The
  race is easily reproduced on a multicore system with one thread doing
  shm_open and close and another thread doing posix_spawnp and waitpid.
  
  Set UF_EXCLOSE via falloc()'s flags argument instead. This also simplifies
  the code.

Modified:
  stable/9/sys/kern/uipc_mqueue.c
  stable/9/sys/kern/uipc_sem.c
  stable/9/sys/kern/uipc_shm.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/kern/uipc_mqueue.c
==============================================================================

--- stable/9/sys/kern/uipc_mqueue.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_mqueue.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -1977,7 +1977,7 @@ kern_kmq_open(struct thread *td, const c
 	if (len < 2  || path[0] != '/' || index(path + 1, '/') != NULL)
 		return (EINVAL);
 
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error)
 		return (error);
 
@@ -2032,10 +2032,6 @@ kern_kmq_open(struct thread *td, const c
 	finit(fp, flags & (FREAD | FWRITE | O_NONBLOCK), DTYPE_MQUEUE, pn,
 	    &mqueueops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	td->td_retval[0] = fd;
 	fdrop(fp, td);
 	return (0);

Modified: stable/9/sys/kern/uipc_sem.c
==============================================================================
--- stable/9/sys/kern/uipc_sem.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_sem.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -485,7 +485,7 @@ ksem_create(struct thread *td, const cha
 
 	fdp = td->td_proc->p_fd;
 	mode = (mode & ~fdp->fd_cmask) & ACCESSPERMS;
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error) {
 		if (name == NULL)
 			error = ENOSPC;
@@ -578,10 +578,6 @@ ksem_create(struct thread *td, const cha
 
 	finit(fp, FREAD | FWRITE, DTYPE_SEM, ks, &ksem_ops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	fdrop(fp, td);
 
 	return (0);

Modified: stable/9/sys/kern/uipc_shm.c
==============================================================================
--- stable/9/sys/kern/uipc_shm.c	Fri Apr 26 19:56:14 2013	(r249952)
+++ stable/9/sys/kern/uipc_shm.c	Fri Apr 26 21:07:27 2013	(r249953)
@@ -533,7 +533,7 @@ sys_shm_open(struct thread *td, struct s
 	fdp = td->td_proc->p_fd;
 	cmode = (uap->mode & ~fdp->fd_cmask) & ACCESSPERMS;
 
-	error = falloc(td, &fp, &fd, 0);
+	error = falloc(td, &fp, &fd, O_CLOEXEC);
 	if (error)
 		return (error);
 
@@ -628,10 +628,6 @@ sys_shm_open(struct thread *td, struct s
 
 	finit(fp, FFLAGS(uap->flags & O_ACCMODE), DTYPE_SHM, shmfd, &shm_ops);
 
-	FILEDESC_XLOCK(fdp);
-	if (fdp->fd_ofiles[fd] == fp)
-		fdp->fd_ofileflags[fd] |= UF_EXCLOSE;
-	FILEDESC_XUNLOCK(fdp);
 	td->td_retval[0] = fd;
 	fdrop(fp, td);
 
