From 0b0de914575054557688d9b4a499a30cdd6c762d Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 13 Feb 2023 14:52:55 +0000
Subject: [PATCH] Also lock the map in the execve-driven calls to
 uvm_map_check_copyin_add() ok kettenis

---
 sys/uvm/uvm_map.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c
index 620cece4f56..71fb9feaeed 100644
--- a/sys/uvm/uvm_map.c
+++ b/sys/uvm/uvm_map.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvm_map.c,v 1.311 2023/02/13 14:51:49 deraadt Exp $	*/
+/*	$OpenBSD: uvm_map.c,v 1.312 2023/02/13 14:52:55 deraadt Exp $	*/
 /*	$NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $	*/
 
 /*
@@ -4244,6 +4244,7 @@ check_copyin_add(struct vm_map *map, vaddr_t start, vaddr_t end)
 	if (PMAP_CHECK_COPYIN == 0 ||
 	    map->check_copyin_count >= UVM_MAP_CHECK_COPYIN_MAX)
 		return;
+	vm_map_assert_wrlock(map);
 	map->check_copyin[map->check_copyin_count].start = start;
 	map->check_copyin[map->check_copyin_count].end = end;
 	membar_producer();
@@ -4265,7 +4266,9 @@ uvm_map_check_copyin_add(struct vm_map *map, vaddr_t start, vaddr_t end)
 	end = MIN(end, map->max_offset);
 	if (start >= end)
 		return 0;
+	vm_map_lock(map);
 	check_copyin_add(map, start, end);
+	vm_map_unlock(map);
 	return (0);
 }
 #endif /* PMAP_CHECK_COPYIN */
-- 
2.20.1