git: kernel - Fix rare ucred race
Matthew Dillon
dillon at crater.dragonflybsd.org
Wed Jun 18 12:02:38 PDT 2014
commit 24207b1ee46484aeffdfac2916da94579c862327
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Wed Jun 18 11:47:45 2014 -0700
kernel - Fix rare ucred race
* In a threaded program if one thread is modifying the ucred, e.g.
changing the uid or gid or something like that, and another thread
enters a system call at the same time, the second thread can wind
up trying to hold a stale ucred kfree()'d by the first thread.
* Very rare race on top of a ~2-instruction window.
* Fix the problem by obtaining proc->p_spin when updating the per-thread
ucred cache (td->td_ucred) from p->p_ucred, as well as when replacing
p_ucred.
These fixes do NOT impose any critical-path overhead. For the case where
a thread already has the current p_ucred cached on entry to a system call,
absolutely nothing needs to be done.
Reported-by: joris (Joris Giovannangeli)
Summary of changes:
sys/kern/kern_exec.c | 4 +-
sys/kern/kern_jail.c | 5 +-
sys/kern/kern_prot.c | 107 +++++++++++++++++++++++++++-------------
sys/platform/pc32/i386/trap.c | 3 ++
sys/platform/pc64/x86_64/trap.c | 8 +++
sys/sys/ucred.h | 1 +
6 files changed, 91 insertions(+), 37 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/24207b1ee46484aeffdfac2916da94579c862327
--
DragonFly BSD source repository
More information about the Commits
mailing list