From: visa <visa@openbsd.org>
Date: Fri, 11 Jun 2021 04:29:54 +0000 (+0000)
Subject: Remember to lock kqueue mutex in filt_timermodify().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=baa47be053517f339a9949bc588adb7f2b62d079;p=openbsd

Remember to lock kqueue mutex in filt_timermodify().

Reported-by: syzbot+c2aba7645a218ce03027@syzkaller.appspotmail.com
---

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 27cf6eca9bd..48d3400613a 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_event.c,v 1.165 2021/06/10 15:10:56 visa Exp $	*/
+/*	$OpenBSD: kern_event.c,v 1.166 2021/06/11 04:29:54 visa Exp $	*/
 
 /*-
  * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
@@ -466,18 +466,18 @@ filt_timerdetach(struct knote *kn)
 int
 filt_timermodify(struct kevent *kev, struct knote *kn)
 {
+	struct kqueue *kq = kn->kn_kq;
 	struct timeout *to = kn->kn_hook;
-	int s;
 
 	/* Reset the timer. Any pending events are discarded. */
 
 	timeout_del_barrier(to);
 
-	s = splhigh();
+	mtx_enter(&kq->kq_lock);
 	if (kn->kn_status & KN_QUEUED)
 		knote_dequeue(kn);
 	kn->kn_status &= ~KN_ACTIVE;
-	splx(s);
+	mtx_leave(&kq->kq_lock);
 
 	kn->kn_data = 0;
 	knote_modify(kev, kn);