Date: Thu, 19 Mar 2020 15:40:06 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359133 - head/sys/kern Message-ID: <202003191540.02JFe6xP082192@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Thu Mar 19 15:40:05 2020 New Revision: 359133 URL: https://svnweb.freebsd.org/changeset/base/359133 Log: kern_dup(): Call filecaps_free_prep() in a write section. filecaps_free_prep() bzeros the capabilities structure and we need to be careful to synchronize with unlocked readers, which expect a consistent rights structure. Reviewed by: kib, mjg Reported by: syzbot+5f30b507f91ddedded21@syzkaller.appspotmail.com MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D24120 Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c ============================================================================== --- head/sys/kern/kern_descrip.c Thu Mar 19 15:39:45 2020 (r359132) +++ head/sys/kern/kern_descrip.c Thu Mar 19 15:40:05 2020 (r359133) @@ -968,7 +968,6 @@ kern_dup(struct thread *td, u_int mode, int flags, int newfde = &fdp->fd_ofiles[new]; delfp = newfde->fde_file; - oioctls = filecaps_free_prep(&newfde->fde_caps); nioctls = filecaps_copy_prep(&oldfde->fde_caps); /* @@ -977,6 +976,7 @@ kern_dup(struct thread *td, u_int mode, int flags, int #ifdef CAPABILITIES seqc_write_begin(&newfde->fde_seqc); #endif + oioctls = filecaps_free_prep(&newfde->fde_caps); memcpy(newfde, oldfde, fde_change_size); filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps, nioctls);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003191540.02JFe6xP082192>