Subject: spec_poll vs. revoke
To: None <>
From: Jed Davis <>
List: tech-kern
Date: 08/22/2006 19:29:43
spec_poll() appears to have a race condition against revocation of the
device in question; I haven't been able to reproduce this in a useful
manner, but I've twice had a host panic because it dereferenced a null
v_specinfo due to someone's typing an EOF on the console (and even
managed to get a core one of those times).

I notice that spec_ioctl() was corrected for a similar problem in
r1.83 of spec_vnops.c.  So, is there any reason I shouldn't attempt to
apply a similar fix to spec_poll()?

