Module Name: src
Committed By: maxv
Date: Thu Dec 27 07:56:43 UTC 2018
Modified Files:
src/sys/kern: uipc_domain.c
Log Message:
Fix apparent race.
We're doing a LIST_FOREACH, but unlock filelist_lock in the middle of the
loop and drop the reference to fp. We then read fp->...le_next, but it
may have been freed by another thread.
This is difficult to trigger and observe, probably only KASAN can see
problems of this kind.
Switch to LIST_FOREACH_SAFE, and re-fetch np after re-locking.
May fix PR/53674.
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 src/sys/kern/uipc_domain.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
