CVSROOT: /cvs
Module name: src
Changes by: mb...@cvs.openbsd.org 2022/09/28 07:21:13
Modified files:
sys/kern : sysv_sem.c
Log message:
Fix memory corruptions with sysv semaphores due to sleeps in copyin,
copyout and malloc. During a sleep another thread could delete the
semaphore (and possibly allocate another one at the same location
with different permissions) which would lead to an invalid access
after wake up. Therefore check the semaphore pointer, the sequence,
the permissions and some values in seminfo after each sleep.
OK bluhm@
Reported-by: syzbot+60ba811fe2e8a6b0f...@syzkaller.appspotmail.com
