I posted this problem to freebsd-net (http://lists.freebsd.org/pipermail/freebsd-net/2008-January/016392.html) but did not receive a response.
>How-To-Repeat:
This program will trigger a panic on a WITNESS-enabled system:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
int main(void)
{
int s;
struct sockaddr_un un;
s = socket(PF_LOCAL, SOCK_STREAM, 0);
if (s == -1)
{
perror("socket");
exit(1);
}
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
if ((connect(s, (struct sockaddr *)&un, 2)) == -1)
{
perror("connect");
exit(1);
}
return 0;
}
>Fix:
I believe this patch will fix the problem, but unfortunately I do not
have time to test it. Could someone please try this out? Instead of
this approach, it may be possible to move the unlocking to after the
early returns are done, but I have not analyzed what impact this would
have.
Index: uipc_usrreq.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.210
diff -u -p -r1.210 uipc_usrreq.c
--- uipc_usrreq.c 1 Jan 2008 01:46:42 -0000 1.210
+++ uipc_usrreq.c 3 Jan 2008 02:53:51 -0000
@@ -1129,13 +1129,16 @@ unp_connect(struct socket *so, struct so
KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
- if (len <= 0)
+ if (len <= 0) {
+ UNP_GLOBAL_WLOCK();
return (EINVAL);
+ }
strlcpy(buf, soun->sun_path, len + 1);
UNP_PCB_LOCK(unp);
if (unp->unp_flags & UNP_CONNECTING) {
UNP_PCB_UNLOCK(unp);
+ UNP_GLOBAL_WLOCK();
return (EALREADY);
}
unp->unp_flags |= UNP_CONNECTING;
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebs...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
Responsible-Changed-From-To: freebsd-bugs->rwatson
Responsible-Changed-By: kris
Responsible-Changed-When: Fri Jan 18 18:44:15 UTC 2008
Responsible-Changed-Why:
Assign to maintainer
http://www.freebsd.org/cgi/query-pr.cgi?pr=119778