[src/netbsd-8]: src/sys/kern Pull up following revision(s) (requested by pgoy...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1c6408737157
branches:  netbsd-8
changeset: 852707:1c6408737157
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Jan 07 11:59:48 2020 +0000

description:
Pull up following revision(s) (requested by pgoyette in ticket #1482):

        sys/kern/kern_ksyms.c: revision 1.88 (patch)

When reading from /dev/ksyms we need to skip over entries that have
been marked as sd_gone.  Otherwise we might try to uiomove() data from
memory that has been unmapped, resulting in EFAULT.

XXX This (along with other pre-existing checks st->sd_gone) is still
racy, but it's an improvement over current code.  Ideally we would
make a complete copy of the symbol table when we open /dev/ksyms so
we could ignore any changes that occur.

ad@ says "good enough for now"

XXX Pullup to -9 and -8

diffstat:

 sys/kern/kern_ksyms.c |  12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diffs (56 lines):

diff -r dc2d4391696a -r 1c6408737157 sys/kern/kern_ksyms.c
--- a/sys/kern/kern_ksyms.c     Sun Jan 05 15:12:40 2020 +0000
+++ b/sys/kern/kern_ksyms.c     Tue Jan 07 11:59:48 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_ksyms.c,v 1.84 2016/07/07 06:55:43 msaitoh Exp $  */
+/*     $NetBSD: kern_ksyms.c,v 1.84.10.1 2020/01/07 11:59:48 martin Exp $      */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -73,7 +73,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.84 2016/07/07 06:55:43 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.84.10.1 2020/01/07 11:59:48 martin Exp $");
 
 #if defined(_KERNEL) && defined(_KERNEL_OPT)
 #include "opt_copy_symtab.h"
@@ -754,9 +754,9 @@
                if (strcmp(name, st->sd_name) != 0)
                        continue;
                st->sd_gone = true;
+               ksyms_sizes_calc();
                if (!ksyms_isopen) {
                        TAILQ_REMOVE(&ksyms_symtabs, st, sd_queue);
-                       ksyms_sizes_calc();
                        kmem_free(st, sizeof(*st));
                }
                break;
@@ -843,6 +843,8 @@
 
        ksyms_symsz = ksyms_strsz = 0;
        TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
+               if (__predict_false(st->sd_gone))
+                       continue;
                delta = ksyms_strsz - st->sd_usroffset;
                if (delta != 0) {
                        for (i = 0; i < st->sd_symsize/sizeof(Elf_Sym); i++)
@@ -1019,6 +1021,8 @@
         */
        filepos = sizeof(struct ksyms_hdr);
        TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
+               if (__predict_false(st->sd_gone))
+                       continue;
                if (uio->uio_resid == 0)
                        return 0;
                if (uio->uio_offset <= st->sd_symsize + filepos) {
@@ -1037,6 +1041,8 @@
        KASSERT(filepos == sizeof(struct ksyms_hdr) +
            ksyms_hdr.kh_shdr[SYMTAB].sh_size);
        TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
+               if (__predict_false(st->sd_gone))
+                       continue;
                if (uio->uio_resid == 0)
                        return 0;
                if (uio->uio_offset <= st->sd_strsize + filepos) {