Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern psref(9): Make use-after-free panic message more ob...
details: https://anonhg.NetBSD.org/src/rev/2eee52a3474b
branches: trunk
changeset: 1021509:2eee52a3474b
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Jun 02 09:23:32 2021 +0000
description:
psref(9): Make use-after-free panic message more obvious.
Previously it would almost always manifest as
mismatched psref target class: 0x0 (ref) != 0x... (expected)
and now it will manifest as
psref target already destroyed: 0x...
diffstat:
sys/kern/subr_psref.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diffs (48 lines):
diff -r 9fded4ea3cb8 -r 2eee52a3474b sys/kern/subr_psref.c
--- a/sys/kern/subr_psref.c Wed Jun 02 08:46:16 2021 +0000
+++ b/sys/kern/subr_psref.c Wed Jun 02 09:23:32 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_psref.c,v 1.13 2019/05/17 03:34:26 ozaki-r Exp $ */
+/* $NetBSD: subr_psref.c,v 1.14 2021/06/02 09:23:32 riastradh Exp $ */
/*-
* Copyright (c) 2016 The NetBSD Foundation, Inc.
@@ -64,7 +64,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_psref.c,v 1.13 2019/05/17 03:34:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_psref.c,v 1.14 2021/06/02 09:23:32 riastradh Exp $");
#include <sys/types.h>
#include <sys/condvar.h>
@@ -293,11 +293,11 @@
"passive references are CPU-local,"
" but preemption is enabled and the caller is not"
" in a softint or CPU-bound LWP");
+ KASSERTMSG(!target->prt_draining, "psref target already destroyed: %p",
+ target);
KASSERTMSG((target->prt_class == class),
"mismatched psref target class: %p (ref) != %p (expected)",
target->prt_class, class);
- KASSERTMSG(!target->prt_draining, "psref target already destroyed: %p",
- target);
/* Block interrupts and acquire the current CPU's reference list. */
s = splraiseipl(class->prc_iplcookie);
@@ -516,13 +516,13 @@
ASSERT_SLEEPABLE();
+ KASSERTMSG(!target->prt_draining, "psref target already destroyed: %p",
+ target);
KASSERTMSG((target->prt_class == class),
"mismatched psref target class: %p (ref) != %p (expected)",
target->prt_class, class);
/* Request psref_release to notify us when done. */
- KASSERTMSG(!target->prt_draining, "psref target already destroyed: %p",
- target);
target->prt_draining = true;
/* Wait until there are no more references on any CPU. */
Home |
Main Index |
Thread Index |
Old Index