CVS commit: src/sys/kern

Sat, 29 Jun 2019 04:37:53 -0700 

Module Name:    src
Committed By:   maxv
Date:           Sat Jun 29 11:37:17 UTC 2019

Modified Files:
        src/sys/kern: sys_ptrace_common.c

Log Message:
Fix bug, don't release the reflock if we didn't take it in the first place.
Looks like there are other locking issues in here.

Reported-by: syzbot+81d2c90809163ab1e...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sys/kern/sys_ptrace_common.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/sys_ptrace_common.c
diff -u src/sys/kern/sys_ptrace_common.c:1.56 src/sys/kern/sys_ptrace_common.c:1.57
--- src/sys/kern/sys_ptrace_common.c:1.56	Mon Jun 24 20:29:41 2019
+++ src/sys/kern/sys_ptrace_common.c	Sat Jun 29 11:37:17 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $	*/
+/*	$NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.56 2019/06/24 20:29:41 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.57 2019/06/29 11:37:17 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ptrace.h"
@@ -367,8 +367,11 @@ ptrace_find(struct lwp *l, int req, pid_
 }
 
 static int
-ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p)
+ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p,
+    bool *locked)
 {
+	*locked = false;
+
 	/*
 	 * Grab a reference on the process to prevent it from execing or
 	 * exiting.
@@ -376,6 +379,8 @@ ptrace_allowed(struct lwp *l, int req, s
 	if (!rw_tryenter(&t->p_reflock, RW_READER))
 		return EBUSY;
 
+	*locked = true;
+
 	/* Make sure we can operate on it. */
 	switch (req) {
 	case PT_TRACE_ME:
@@ -1045,6 +1050,7 @@ do_ptrace(struct ptrace_methods *ptm, st
 	int error, write, tmp, pheld;
 	int signo = 0;
 	int resume_all;
+	bool locked;
 	error = 0;
 
 	/*
@@ -1060,7 +1066,7 @@ do_ptrace(struct ptrace_methods *ptm, st
 	}
 
 	pheld = 1;
-	if ((error = ptrace_allowed(l, req, t, p)) != 0)
+	if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0)
 		goto out;
 
 	if ((error = kauth_authorize_process(l->l_cred,
@@ -1427,7 +1433,8 @@ out:
 	}
 	if (lt != NULL)
 		lwp_delref(lt);
-	rw_exit(&t->p_reflock);
+	if (locked)
+		rw_exit(&t->p_reflock);
 
 	return error;
 }

Reply via email to