Also lock the map in the execve-driven calls to uvm_map_check_copyin_add()

ok kettenis

diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c
index 620cece..71fb9fe 100644 (file)
--- a/sys/uvm/uvm_map.c
+++ b/sys/uvm/uvm_map.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uvm_map.c,v 1.311 2023/02/13 14:51:49 deraadt Exp $   */
+/*     $OpenBSD: uvm_map.c,v 1.312 2023/02/13 14:52:55 deraadt Exp $   */
 /*     $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */
 
 /*
@@ -4244,6 +4244,7 @@ check_copyin_add(struct vm_map *map, vaddr_t start, vaddr_t end)
        if (PMAP_CHECK_COPYIN == 0 ||
            map->check_copyin_count >= UVM_MAP_CHECK_COPYIN_MAX)
                return;
+       vm_map_assert_wrlock(map);
        map->check_copyin[map->check_copyin_count].start = start;
        map->check_copyin[map->check_copyin_count].end = end;
        membar_producer();
@@ -4265,7 +4266,9 @@ uvm_map_check_copyin_add(struct vm_map *map, vaddr_t start, vaddr_t end)
        end = MIN(end, map->max_offset);
        if (start >= end)
                return 0;
+       vm_map_lock(map);
        check_copyin_add(map, start, end);
+       vm_map_unlock(map);
        return (0);
 }
 #endif /* PMAP_CHECK_COPYIN */