Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Sep 2014 11:47:07 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Gleb Smirnoff <glebius@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r270999 - head/sys/kern
Message-ID:  <20140903084707.GH2737@kib.kiev.ua>
In-Reply-To: <201409030814.s838E7A2084257@svn.freebsd.org>
References:  <201409030814.s838E7A2084257@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--wfk8K8yAAOQoLncY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 03, 2014 at 08:14:07AM +0000, Gleb Smirnoff wrote:
> Author: glebius
> Date: Wed Sep  3 08:14:07 2014
> New Revision: 270999
> URL: http://svnweb.freebsd.org/changeset/base/270999
>=20
> Log:
>   Fix dereference after NULL check.
>  =20
>   CID:		1234607
>   Sponsored by:	Nginx, Inc.
>=20
> Modified:
>   head/sys/kern/kern_proc.c
>=20
> Modified: head/sys/kern/kern_proc.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/kern/kern_proc.c	Wed Sep  3 08:13:46 2014	(r270998)
> +++ head/sys/kern/kern_proc.c	Wed Sep  3 08:14:07 2014	(r270999)
> @@ -921,10 +921,11 @@ fill_kinfo_proc_only(struct proc *p, str
>  	kp->ki_xstat =3D p->p_xstat;
>  	kp->ki_acflag =3D p->p_acflag;
>  	kp->ki_lock =3D p->p_lock;
> -	if (p->p_pptr)
> +	if (p->p_pptr) {
>  		kp->ki_ppid =3D proc_realparent(p)->p_pid;
> -	if (p->p_flag & P_TRACED)
> -		kp->ki_tracer =3D p->p_pptr->p_pid;
> +		if (p->p_flag & P_TRACED)
> +			kp->ki_tracer =3D p->p_pptr->p_pid;
> +	}
>  }

If P_TRACED is set, p_pptr must be non-NULL.  Or in reverse, only kernel
process (pid 0) may have p_pptr as NULL, and it cannot be traced.
Previous code contained assertion (triggered by paging hardware) that
p_pptr is not NULL if P_TRACED is set.

It is Coverity which cannot deduce the invariant.  I do not expect any
analyzer to be able to make the implication, though.

--wfk8K8yAAOQoLncY
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUBtWLAAoJEJDCuSvBvK1BEpQP/RYW3XUszfAXBpDM7cojLBUR
EAqN90D5uDWvBmDzjqQof804RfgV9hCNshBol9mzIlUQxxRvQo+006LTQ73Mc0aK
XTOeALw49fh4AV3BdG54cnUeVpDgpzz2iojU5C+bPf2kzYDaLJDgNd10FyIsyRGR
5d2soMOA+rAW5m9SVPNnwVsZdRX8/dXsX9gESIqF2bT71Kfl7aURxFdE6qDCYtr8
oHaT4Qf3HlzzIj+eaSPRgqs6Te11NsD8h3VluSQyX3SDcRGPfIc3oYJg+MDsfTZq
pRxDAqym1n0aD5UUu32sk93XUEt9hl1BVa4YstcCq5+8PBuCmd3Pker5sSiEOQwd
4s6knIjCM8QOukXUX00sn+iCIFYlFSFTOlbXhXc112gYbDO1nLOBPoI3Y4US4yuC
UJlSOd9eQvPYvZtzx6/NIXNnWUUFc9qeU2TLXkjmSerd5lNTWt57Ix56EcZH8kPW
j/1avXWU+vIaysxKnhZRwWpztJ6g1k25qQufBJmQHmqF0CR84YsUQ7Piz3ImP5j6
9wkXX0PY89bohmVsqzNftOBF4HpxZrKpQVK5gd/l7ujZ2bhTWLzEqOo+vwLgmM7H
wQwaR0A8NE3Je528Mmme1TpzN6ZPgQ1d9Ge0K7MW8q8rj5BOvmvEDMCv5caI4yKn
aV5rPuq4zKLVDbSlhmwG
=HzmX
-----END PGP SIGNATURE-----

--wfk8K8yAAOQoLncY--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140903084707.GH2737>