netbsd-bugs: kern/32495: locking panic in fd

Subject: kern/32495: locking panic in fd_unused
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <g.mcgarry@ieee.org>
List: netbsd-bugs
Date: 01/11/2006 04:15:01

>Number:         32495
>Category:       kern
>Synopsis:       locking panic in fd_unused
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 11 04:15:01 +0000 2006
>Originator:     Gregory McGarry
>Release:        -current
>Organization:
>Environment:
>Description:
fd_unused() requires the file descriptor table to be locked on entry, but isn't always the case.

>How-To-Repeat:
Allocate MAXFILES file descriptors and watch a LOCKDEBUG kernel panic.
>Fix:
Index: kern_descrip.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_descrip.c,v
retrieving revision 1.139
diff -u -r1.139 kern_descrip.c
--- kern_descrip.c      24 Dec 2005 19:12:23 -0000      1.139
+++ kern_descrip.c      11 Jan 2006 04:09:54 -0000
@@ -991,7 +991,9 @@
        if (nfiles >= maxfiles) {
                tablefull("file", "increase kern.maxfiles or MAXFILES");
                simple_unlock(&filelist_slock);
+               simple_lock(&p->p_fd->fd_slock);
                fd_unused(p->p_fd, i);
+               simple_unlock(&p->p_fd->fd_slock);
                pool_put(&file_pool, fp);
                return (ENFILE);
        }