svn commit: r359133 - head/sys/kern
Mark Johnston
markj at FreeBSD.org
Thu Mar 19 15:40:07 UTC 2020
Author: markj
Date: Thu Mar 19 15:40:05 2020
New Revision: 359133
URL: https://svnweb.freebsd.org/changeset/base/359133
Log:
kern_dup(): Call filecaps_free_prep() in a write section.
filecaps_free_prep() bzeros the capabilities structure and we need to be
careful to synchronize with unlocked readers, which expect a consistent
rights structure.
Reviewed by: kib, mjg
Reported by: syzbot+5f30b507f91ddedded21 at syzkaller.appspotmail.com
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24120
Modified:
head/sys/kern/kern_descrip.c
Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c Thu Mar 19 15:39:45 2020 (r359132)
+++ head/sys/kern/kern_descrip.c Thu Mar 19 15:40:05 2020 (r359133)
@@ -968,7 +968,6 @@ kern_dup(struct thread *td, u_int mode, int flags, int
newfde = &fdp->fd_ofiles[new];
delfp = newfde->fde_file;
- oioctls = filecaps_free_prep(&newfde->fde_caps);
nioctls = filecaps_copy_prep(&oldfde->fde_caps);
/*
@@ -977,6 +976,7 @@ kern_dup(struct thread *td, u_int mode, int flags, int
#ifdef CAPABILITIES
seqc_write_begin(&newfde->fde_seqc);
#endif
+ oioctls = filecaps_free_prep(&newfde->fde_caps);
memcpy(newfde, oldfde, fde_change_size);
filecaps_copy_finish(&oldfde->fde_caps, &newfde->fde_caps,
nioctls);
More information about the svn-src-all
mailing list