making crdup()/crcopy() safe??
Hi,
A recent NFS client crash:
http://glebius.int.ru/tmp/nfs_panic.jpg
appears to have happened because some field is
bogus when crfree() is called. I've asked Gleb
to disassemble crfree() for me, so I can try and
see exactly which field causes the crash, however...
Basically, the code:
newcred = crdup(cred);
- does read with newcred
crfree(newcred); <-- which crashes at 0x65 into
crfree()
Looking at crdup(), it calls crcopy(), which copies
4 pointers and then ref. counts them:
cr_uidinfo, cr_ruidinfo, cr_prison and cr_loginclass
It seems some lock should be held while crcopy() does this,
so that the pointers don't get deref'd during the copy/ref. count?
(Or is there some rule that guarantees these won't change. ie. No
no calls to change_euid() or similar.)
Is there such a lock and should crdup() use it?
Thanks in advance for any info, rick
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 6 篇):