From 30b5b25bb25518f8e01439e2aa53f33c272ed3ef Mon Sep 17 00:00:00 2001 From: mvs Date: Mon, 11 Apr 2022 18:18:17 +0000 Subject: [PATCH] Keep `fdp' locked until we finish the second loop of unp_externalize(). This prevents descriptors from being closed concurrently on receiver side. ok bluhm@ claudio@ --- sys/kern/uipc_usrreq.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index a4538f2c805..c3c3d01bdac 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.163 2022/02/25 23:51:03 guenther Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.164 2022/04/11 18:18:17 mvs Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -953,7 +953,13 @@ restart: rp++; } - fdpunlock(fdp); + + /* + * Keep `fdp' locked to prevent concurrent close() of just + * inserted descriptors. Such descriptors could have the only + * `f_count' reference which is now shared between control + * message and `fdp'. + */ /* * Now that adding them has succeeded, update all of the @@ -972,6 +978,7 @@ restart: rw_exit_write(&unp_gc_lock); } } + fdpunlock(fdp); mtx_enter(&unp_rights_mtx); unp_rights -= nfds; -- 2.20.1