Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Add three KASSERTs, to detect refcount bugs.
details: https://anonhg.NetBSD.org/src/rev/7982079182cf
branches: trunk
changeset: 1009329:7982079182cf
user: maxv <maxv%NetBSD.org@localhost>
date: Mon Apr 20 16:32:03 2020 +0000
description:
Add three KASSERTs, to detect refcount bugs.
This narrows down an unknown bug in some place near, that has manifested
itself in various forms (use-after-frees, uninit accesses, page faults,
segmentation faults), all pointed out by syzbot.
The first KASSERT in fixjobc() fires when the bug is encountered.
diffstat:
sys/kern/kern_proc.c | 19 +++++++++++++------
1 files changed, 13 insertions(+), 6 deletions(-)
diffs (54 lines):
diff -r dbec2394e285 -r 7982079182cf sys/kern/kern_proc.c
--- a/sys/kern/kern_proc.c Mon Apr 20 16:12:28 2020 +0000
+++ b/sys/kern/kern_proc.c Mon Apr 20 16:32:03 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.244 2020/04/19 20:31:59 thorpej Exp $ */
+/* $NetBSD: kern_proc.c,v 1.245 2020/04/20 16:32:03 maxv Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008, 2020 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.244 2020/04/19 20:31:59 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.245 2020/04/20 16:32:03 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@@ -554,6 +554,7 @@
{
KASSERT(mutex_owned(proc_lock));
+ KASSERT(ss->s_count > 0);
/*
* We keep the pgrp with the same id as the session in order to
* stop a process being given the same pid. Since the pgrp holds
@@ -1181,8 +1182,11 @@
if (entering) {
pgrp->pg_jobc++;
p->p_lflag &= ~PL_ORPHANPG;
- } else if (--pgrp->pg_jobc == 0)
- orphanpg(pgrp);
+ } else {
+ KASSERT(pgrp->pg_jobc > 0);
+ if (--pgrp->pg_jobc == 0)
+ orphanpg(pgrp);
+ }
}
/*
@@ -1197,8 +1201,11 @@
if (entering) {
child->p_lflag &= ~PL_ORPHANPG;
hispgrp->pg_jobc++;
- } else if (--hispgrp->pg_jobc == 0)
- orphanpg(hispgrp);
+ } else {
+ KASSERT(hispgrp->pg_jobc > 0);
+ if (--hispgrp->pg_jobc == 0)
+ orphanpg(hispgrp);
+ }
}
}
}
Home |
Main Index |
Thread Index |
Old Index