File 0190-2189391-fix-fork-race-in-getProcess.patch of Package sblim-sfcb
From ab68a4ef1edb2d2ee4a8e2361c5762e01f62b898 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Thu, 23 Oct 2008 15:07:26 +0200
Subject: [PATCH] fix fork() race in getProcess
This line
(*proc)->pid = info->pid = fork();
presents a race condition, since both processes (parent and child)
inherit the 'info' and the '*proc' pointers.
So depending who runs first, (*proc)->pid and info->pid either set
to 0 (child proc last) or to the childs pid (parent proc last).
With the fix, only the parent (tracking children) writes to shared data structs.
---
providerDrv.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/providerDrv.c b/providerDrv.c
index 0ffc920..ad04bfe 100644
--- a/providerDrv.c
+++ b/providerDrv.c
@@ -555,6 +555,7 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc)
for (i = 0; i < provProcMax; i++) {
if (provProc[i].pid == 0) {
+ pid_t pid;
*proc = provProc + i;
providerSockets=sPairs[(*proc)->id];
@@ -565,14 +566,14 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc)
info->proc = *proc;
info->next = NULL;
- (*proc)->pid = info->pid = fork();
+ pid = fork();
- if (info->pid < 0) {
+ if (pid < 0) {
perror("provider fork");
_SFCB_ABORT();
}
- if (info->pid == 0) {
+ if (pid == 0) { /* child */
currentProc=getpid();
setSignal(SIGCHLD, SIG_DFL,0);
@@ -590,8 +591,6 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc)
getInode(providerSockets.receive)));
processName=info->providerName;
providerProcess=1;
- info->proc=*proc;
- info->pid=currentProc;
semSetValue(sfcbSem,PROV_GUARD((*proc)->id),0);
semSetValue(sfcbSem,PROV_INUSE((*proc)->id),0);
@@ -606,6 +605,7 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc)
else {
info->startSeq=++seq;
+ info->pid = (*proc)->pid = pid;
}
_SFCB_TRACE(1,("--- Fork provider OK %s %d %d", info->providerName,
info->pid, i));
--
1.6.0.2
