Subject: spec_poll vs. revoke
To: None <>
From: Jed Davis <>
List: tech-kern
Date: 08/22/2006 19:29:43
spec_poll() appears to have a race condition against revocation of the
device in question; I haven't been able to reproduce this in a useful
manner, but I've twice had a host panic because it dereferenced a null
v_specinfo due to someone's typing an EOF on the console (and even
managed to get a core one of those times).

I notice that spec_ioctl() was corrected for a similar problem in
r1.83 of spec_vnops.c.  So, is there any reason I shouldn't attempt to
apply a similar fix to spec_poll()?

(let ((C call-with-current-continuation)) (apply (lambda (x y) (x y)) (map
((lambda (r) ((C C) (lambda (s) (r (lambda l (apply (s s) l))))))  (lambda
(f) (lambda (l) (if (null? l) C (lambda (k) (display (car l)) ((f (cdr l))
(C k)))))))    '((#\J #\d #\D #\v #\s) (#\e #\space #\a #\i #\newline)))))