Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Fix bug, don't release the reflock if we didn't tak...
details: https://anonhg.NetBSD.org/src/rev/b970a8ca685e
branches: trunk
changeset: 452349:b970a8ca685e
user: maxv <maxv%NetBSD.org@localhost>
date: Sat Jun 29 11:37:17 2019 +0000
description:
Fix bug, don't release the reflock if we didn't take it in the first place.
Looks like there are other locking issues in here.
Reported-by: syzbot+81d2c90809163ab1e13c%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/sys_ptrace_common.c | 17 ++++++++++++-----
1 files changed, 12 insertions(+), 5 deletions(-)
diffs (67 lines):
diff -r 0c9af853b0d3 -r b970a8ca685e sys/kern/sys_ptrace_common.c
--- a/sys/kern/sys_ptrace_common.c Sat Jun 29 11:13:23 2019 +0000
+++ b/sys/kern/sys_ptrace_common.c Sat Jun 29 11:37:17 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $ */
+/* $NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_ptrace.h"
@@ -367,8 +367,11 @@
}
static int
-ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p)
+ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p,
+ bool *locked)
{
+ *locked = false;
+
/*
* Grab a reference on the process to prevent it from execing or
* exiting.
@@ -376,6 +379,8 @@
if (!rw_tryenter(&t->p_reflock, RW_READER))
return EBUSY;
+ *locked = true;
+
/* Make sure we can operate on it. */
switch (req) {
case PT_TRACE_ME:
@@ -1045,6 +1050,7 @@
int error, write, tmp, pheld;
int signo = 0;
int resume_all;
+ bool locked;
error = 0;
/*
@@ -1060,7 +1066,7 @@
}
pheld = 1;
- if ((error = ptrace_allowed(l, req, t, p)) != 0)
+ if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0)
goto out;
if ((error = kauth_authorize_process(l->l_cred,
@@ -1427,7 +1433,8 @@
}
if (lt != NULL)
lwp_delref(lt);
- rw_exit(&t->p_reflock);
+ if (locked)
+ rw_exit(&t->p_reflock);
return error;
}
Home |
Main Index |
Thread Index |
Old Index