Grab the kernel lock in uvm_wxcheck() when aborting the process

kern.wxabort=1 logs and kills programs after W^X violations.
At least sigexit() -> coredump() as well as the non-atomic increment of
ps_wxcounter require protection, so grab the big lock for the entire block.

This is part of the effort to unlock mmap(2)'s MAP_ANON case.

Feedback mvs claudio kettenis deraadt
OK kettenis

diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c
index d721562..7956206 100644 (file)
--- a/sys/uvm/uvm_mmap.c
+++ b/sys/uvm/uvm_mmap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uvm_mmap.c,v 1.168 2022/01/05 17:53:44 guenther Exp $ */
+/*     $OpenBSD: uvm_mmap.c,v 1.169 2022/01/19 10:43:48 kn Exp $       */
 /*     $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $        */
 
 /*
@@ -183,12 +183,14 @@ uvm_wxcheck(struct proc *p, char *call)
                return 0;
 
        if (uvm_wxabort) {
+               KERNEL_LOCK();
                /* Report W^X failures */
                if (pr->ps_wxcounter++ == 0)
                        log(LOG_NOTICE, "%s(%d): %s W^X violation\n",
                            pr->ps_comm, pr->ps_pid, call);
                /* Send uncatchable SIGABRT for coredump */
                sigexit(p, SIGABRT);
+               KERNEL_UNLOCK();
        }
 
        return ENOTSUP;