Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Fix bug, don't release the reflock if we didn't tak...



details:   https://anonhg.NetBSD.org/src/rev/fb1c4d9abcaf
branches:  trunk
changeset: 1000004:fb1c4d9abcaf
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sat Jun 29 11:37:17 2019 +0000

description:
Fix bug, don't release the reflock if we didn't take it in the first place.
Looks like there are other locking issues in here.

Reported-by: syzbot+81d2c90809163ab1e13c%syzkaller.appspotmail.com@localhost

diffstat:

 sys/kern/sys_ptrace_common.c |  17 ++++++++++++-----
 1 files changed, 12 insertions(+), 5 deletions(-)

diffs (67 lines):

diff -r ed025553e7b7 -r fb1c4d9abcaf sys/kern/sys_ptrace_common.c
--- a/sys/kern/sys_ptrace_common.c      Sat Jun 29 11:13:23 2019 +0000
+++ b/sys/kern/sys_ptrace_common.c      Sat Jun 29 11:37:17 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $  */
+/*     $NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $      */
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ptrace.h"
@@ -367,8 +367,11 @@
 }
 
 static int
-ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p)
+ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p,
+    bool *locked)
 {
+       *locked = false;
+
        /*
         * Grab a reference on the process to prevent it from execing or
         * exiting.
@@ -376,6 +379,8 @@
        if (!rw_tryenter(&t->p_reflock, RW_READER))
                return EBUSY;
 
+       *locked = true;
+
        /* Make sure we can operate on it. */
        switch (req) {
        case PT_TRACE_ME:
@@ -1045,6 +1050,7 @@
        int error, write, tmp, pheld;
        int signo = 0;
        int resume_all;
+       bool locked;
        error = 0;
 
        /*
@@ -1060,7 +1066,7 @@
        }
 
        pheld = 1;
-       if ((error = ptrace_allowed(l, req, t, p)) != 0)
+       if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0)
                goto out;
 
        if ((error = kauth_authorize_process(l->l_cred,
@@ -1427,7 +1433,8 @@
        }
        if (lt != NULL)
                lwp_delref(lt);
-       rw_exit(&t->p_reflock);
+       if (locked)
+               rw_exit(&t->p_reflock);
 
        return error;
 }



Home | Main Index | Thread Index | Old Index