From f218ac5087c7697321d3866d68c037cc88b0b005 Mon Sep 17 00:00:00 2001 From: Mateusz Guzik Date: Wed, 21 Nov 2018 22:25:05 +0000 Subject: [PATCH] uipc_usrreq: fix inode number assignment The code was incrementing a global variable in an unsafe manner. Two different threads stating two different sockets could have resulted in the same inode numbers assigned to both. Creation is protected with a global lock, move the assigment there. Since inode numbers are 64-bit now drop the check for overflows. Sponsored by: The FreeBSD Foundation --- sys/kern/uipc_usrreq.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 24557b510270..b8baf89d9ae1 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -530,6 +530,7 @@ uipc_attach(struct socket *so, int proto, struct thread *td) UNP_LINK_WLOCK(); unp->unp_gencnt = ++unp_gencnt; + unp->unp_ino = ++unp_ino; unp_count++; switch (so->so_type) { case SOCK_STREAM: @@ -1302,12 +1303,8 @@ uipc_sense(struct socket *so, struct stat *sb) KASSERT(unp != NULL, ("uipc_sense: unp == NULL")); sb->st_blksize = so->so_snd.sb_hiwat; - UNP_PCB_LOCK(unp); sb->st_dev = NODEV; - if (unp->unp_ino == 0) - unp->unp_ino = (++unp_ino == 0) ? ++unp_ino : unp_ino; sb->st_ino = unp->unp_ino; - UNP_PCB_UNLOCK(unp); return (0); }