From: Paul Kranenburg Date: Fri, 4 Jun 1993 00:00:00 +0000 (+0000) Subject: Fix dangling pointer in lockf structure X-Git-Tag: FreeBSD-release/1.0~22 X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/commitdiff_plain/c12b7ecbdd39c6c85aeacaf16b286ec682152a74 Fix dangling pointer in lockf structure >The problem is a dangling pointer left in the lockf structure belonging to >the current lock holder. The offending process frees its lock structure >after breaking out of sleep() as a result of a signal. Possible fix: >scan the list of waiting locks to remove the lock that isn't going to be >used. Unfortunately, the fix that went with it was totally bogus. This one might do a better job: Date: Mon, 26 Apr 1993 17:05:01 GMT AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl) 386BSD-Patchkit: patch00169 --- diff --git a/usr/src/sys.386bsd/ufs/ufs_lockf.c b/usr/src/sys.386bsd/ufs/ufs_lockf.c index 5af4cd0cd4..66987a4cd7 100644 --- a/usr/src/sys.386bsd/ufs/ufs_lockf.c +++ b/usr/src/sys.386bsd/ufs/ufs_lockf.c @@ -34,6 +34,14 @@ * SUCH DAMAGE. * * @(#)ufs_lockf.c 7.7 (Berkeley) 7/2/91 + * + * PATCHES MAGIC LEVEL PATCH THAT GOT US HERE + * -------------------- ----- ---------------------- + * CURRENT PATCH LEVEL: 1 00169 + * -------------------- ----- ---------------------- + * + * 04 Jun 93 Paul Kranenburg Fix dangling pointer in lockf struct + * */ #include "param.h" @@ -155,6 +163,21 @@ lf_setlock(lock) } #endif /* LOCKF_DEBUG */ if (error = tsleep((caddr_t)lock, priority, lockstr, 0)) { + + /* Don't leave a dangling pointer in block list */ + if (lf_getblock(lock) == block) { + struct lockf **prev; + + /* Still there, find us on list */ + prev = &block->lf_block; + while ((block = block->lf_block) != NOLOCKF) { + if (block == lock) { + *prev = block->lf_block; + break; + } + prev = &block->lf_block; + } + } free(lock, M_LOCKF); return (error); }