[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RPC to self with rendez-vous leading to duplicate port destroy

From: Samuel Thibault
Subject: Re: RPC to self with rendez-vous leading to duplicate port destroy
Date: Mon, 14 Mar 2011 22:49:36 +0100
User-agent: Mutt/1.5.12-2006-07-14

> On Mar 13, 2011 5:44 PM, "Samuel Thibault" <samuel.thibault@gnu.org> wrote:
> > - diskfs_S_dir_lookup is called, which for some reason ends up calling
> > - fshelp_fetch_root(), which calls
> > - reauth(), which calls
> > - mach_reply_port() to get a rendez-vous port, and then issues
> > - io_reauthenticate() with that port on ext2fs itself (since it's the
> > root of the system), thus triggering a call to:
> >   - diskfs_S_io_reauthenticate() in another thread. There, the
> > rendez-vous port is thus the same as the reply port obtained above,
> > with the *same name*.
> > - reauth() destroys the rendez-vous port (and thus the name!)
> >   - a bit later, diskfs_S_io_reauthenticate has finished its work,
> > and deallocates its rendez-vous port. But the name doesn't exist any
> > more. Bad.
> I think the second call to reauth should use a second, newly-created,
> rendezvous port. Why doesn't it?

There is only one reauth here, it's ext2fs itself reauthenticating an
fd to itself, to be used by fshelp_fetch_root for some setuid program
execution. Thus the same name since it's the same port, which is wanted
precisely since that's a rendez-vous port.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]