artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e9312b) | patch
Backout priterator() for walking allprocess list.
authorbluhm <bluhm@openbsd.org>
Fri, 19 Jan 2024 01:43:26 +0000 (01:43 +0000)
committerbluhm <bluhm@openbsd.org>
Fri, 19 Jan 2024 01:43:26 +0000 (01:43 +0000)
commit470ec98d6191876804c57e039a48bac46057aec8
tree0fc7adee86871daa86f4b0d7591e2e19dffbb1datree | snapshot
parent7e9312b93097159da43dcd18a9378f899e76e8e2commit | diff
Backout priterator() for walking allprocess list.

This approach does not work as LIST_NEXT() of a removed element
does not return NULL.  I causes a crash in syzcaller and triggers
kernel diagnostic assertion "vp->v_uvcount == 0" in sys/kern/kern_unveil.c
line 845 during reboot.  Unfortunately the backout brings back the
race in fill_file() and fstat(1) may crash the kernel.

Reported-by: syzbot+54fba1c004d7383d5e85@syzkaller.appspotmail.com
sys/kern/kern_exit.c diff | blob | history
sys/kern/kern_fork.c diff | blob | history
sys/kern/kern_proc.c diff | blob | history
sys/kern/kern_sysctl.c diff | blob | history
sys/sys/proc.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim