Date: Fri, 24 Jul 2015 01:09:34 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: Sergey Kandaurov <pluknet@gmail.com> Cc: Don Lewis <truckman@freebsd.org>, current <current@freebsd.org> Subject: Re: null pointer dereference panic in cap_rights_contains() on 11.0-CURRENT r285785 amd64 Message-ID: <20150723230934.GA12297@dft-labs.eu> In-Reply-To: <CAE-mSOJGF947byOMHW3H9ymybKKxsfysE9kBjTJq6G80oh6TSw@mail.gmail.com> References: <201507232224.t6NMOPuX010901@gw.catspoiler.org> <CAE-mSOJGF947byOMHW3H9ymybKKxsfysE9kBjTJq6G80oh6TSw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 24, 2015 at 02:07:17AM +0300, Sergey Kandaurov wrote: > On 24 July 2015 at 01:24, Don Lewis <truckman@freebsd.org> wrote: > > I just got this panic while using poudriere to build packages for > > FreeBSD 8.4 i386. > [..] > > db> bt > > Tracing pid 78211 tid 101405 td 0xfffff80139td29a0 > > cap_rights_contains() at cap_rights_contains+0x24/frame > > 0xfffffe005acc772d0 > > cap_check() at cap_check+0x15/frame 0xfffffe005acc7800 > > fget_unlocked() at fget_unlocked+0xca/frame 0xfffffe005acc7870 > > fget() at fget+0x2b/frame 0xfffffe005acc78a0 > > ksem_get at ksem_get+0x1e/frame 0xfffffe05acc78e0 > > sys_ksem_close() at sys_ksem_close+0x23/frame 0xfffffe005acc7920 > > ia32_syscall() at ia32_syscall+0x2a5/frame 0xfffffe005acc7a30 > > Xint0x00_syscall() at Xint0x00_syscall+0x95/frame 0xfffffe00acc7a30 > > --- syscall (400, FreeBSD ELF32, sys_ksem_close), rip = 0x2828676b, rsp > > = 0xffffc60c, rbp = 0xffffc628 --- > > > > > > Looks like this was missed after r284442. > > Index: kern/uipc_sem.c > =================================================================== > --- kern/uipc_sem.c (revision 285723) > +++ kern/uipc_sem.c (working copy) > @@ -651,12 +651,13 @@ > int > sys_ksem_close(struct thread *td, struct ksem_close_args *uap) > { > + cap_rights_t rights; > struct ksem *ks; > struct file *fp; > int error; > > /* No capability rights required to close a semaphore. */ > - error = ksem_get(td, uap->id, 0, &fp); > + error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp); > if (error) > return (error); > ks = fp->f_data; > @@ -872,12 +873,13 @@ > int > sys_ksem_destroy(struct thread *td, struct ksem_destroy_args *uap) > { > + cap_rights_t rights; > struct file *fp; > struct ksem *ks; > int error; > > /* No capability rights required to close a semaphore. */ > - error = ksem_get(td, uap->id, 0, &fp); > + error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp); > if (error) > return (error); > ks = fp->f_data; > > Correct, please commit. -- Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150723230934.GA12297>