Date: Sat, 21 Mar 2015 04:39:34 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r280312 - head/sys/kern Message-ID: <201503210439.t2L4dYfl069022@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Sat Mar 21 04:39:33 2015 New Revision: 280312 URL: https://svnweb.freebsd.org/changeset/base/280312 Log: coredump: protect corefilename access with a lock Previously format string traversal could happen while the string itself was being modified. Use allproc_lock as coredumping is a rare operation and as such we don't have to create a dedicated lock. Submitted by: Tiwei Bie <btw mail.ustc.edu.cn> Reviewed by: kib X-Additional: JuniorJobs project Modified: head/sys/kern/kern_sig.c Modified: head/sys/kern/kern_sig.c ============================================================================== --- head/sys/kern/kern_sig.c Sat Mar 21 03:54:11 2015 (r280311) +++ head/sys/kern/kern_sig.c Sat Mar 21 04:39:33 2015 (r280312) @@ -3089,9 +3089,28 @@ SYSCTL_INT(_kern, OID_AUTO, compress_use static int compress_user_cores = 0; #endif +/* + * Protect the access to corefilename[] by allproc_lock. + */ +#define corefilename_lock allproc_lock + static char corefilename[MAXPATHLEN] = {"%N.core"}; -SYSCTL_STRING(_kern, OID_AUTO, corefile, CTLFLAG_RWTUN, corefilename, - sizeof(corefilename), "Process corefile name format string"); + +static int +sysctl_kern_corefile(SYSCTL_HANDLER_ARGS) +{ + int error; + + sx_xlock(&corefilename_lock); + error = sysctl_handle_string(oidp, corefilename, sizeof(corefilename), + req); + sx_xunlock(&corefilename_lock); + + return (error); +} +SYSCTL_PROC(_kern, OID_AUTO, corefile, CTLTYPE_STRING | CTLFLAG_RWTUN | + CTLFLAG_MPSAFE, 0, 0, sysctl_kern_corefile, "A", + "Process corefile name format string"); /* * corefile_open(comm, uid, pid, td, compress, vpp, namep) @@ -3120,6 +3139,7 @@ corefile_open(const char *comm, uid_t ui name = malloc(MAXPATHLEN, M_TEMP, M_WAITOK | M_ZERO); indexpos = -1; (void)sbuf_new(&sb, name, MAXPATHLEN, SBUF_FIXEDLEN); + sx_slock(&corefilename_lock); for (i = 0; format[i] != '\0'; i++) { switch (format[i]) { case '%': /* Format character */ @@ -3162,6 +3182,7 @@ corefile_open(const char *comm, uid_t ui break; } } + sx_sunlock(&corefilename_lock); free(hostname, M_TEMP); if (compress) sbuf_printf(&sb, GZ_SUFFIX);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503210439.t2L4dYfl069022>