CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2025/02/10 09:45:46
Modified files:
sys/sys : proc.h
sys/kern : kern_event.c kern_pledge.c
sys/dev/vmm : vmm.c
Log message:
A syzkaller report was diagnosed by semarie, and found a namei-related
sleeping system call which was re-inspecting p->p_p->ps_pledge in one thread,
after another thread had reduced the promises by calling pledge(), with
promises which would have prevented that syscall from being called in
the first place. This inconsistant promise view is dangerous. So let's
change pledge semantics a tiny bit: We copy the per-process p_p->ps_pledge
value to per-thread p_pledge at invocation of each system call, so that the
configuration is stable.
This method avoids increasing the cost of pledge checks.
ok claudio kettenis semarie
