git: kernel - Fix rare ucred race

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Jun 18 12:02:38 PDT 2014


commit 24207b1ee46484aeffdfac2916da94579c862327
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Jun 18 11:47:45 2014 -0700

    kernel - Fix rare ucred race
    
    * In a threaded program if one thread is modifying the ucred, e.g.
      changing the uid or gid or something like that, and another thread
      enters a system call at the same time, the second thread can wind
      up trying to hold a stale ucred kfree()'d by the first thread.
    
    * Very rare race on top of a ~2-instruction window.
    
    * Fix the problem by obtaining proc->p_spin when updating the per-thread
      ucred cache (td->td_ucred) from p->p_ucred, as well as when replacing
      p_ucred.
    
      These fixes do NOT impose any critical-path overhead.  For the case where
      a thread already has the current p_ucred cached on entry to a system call,
      absolutely nothing needs to be done.
    
    Reported-by: joris (Joris Giovannangeli)

Summary of changes:
 sys/kern/kern_exec.c            |   4 +-
 sys/kern/kern_jail.c            |   5 +-
 sys/kern/kern_prot.c            | 107 +++++++++++++++++++++++++++-------------
 sys/platform/pc32/i386/trap.c   |   3 ++
 sys/platform/pc64/x86_64/trap.c |   8 +++
 sys/sys/ucred.h                 |   1 +
 6 files changed, 91 insertions(+), 37 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/24207b1ee46484aeffdfac2916da94579c862327


-- 
DragonFly BSD source repository


More information about the Commits mailing list