From 12be4f565e734d46aedb19ce9af30b3b3ea2210a Mon Sep 17 00:00:00 2001 From: bluhm Date: Fri, 1 Mar 2024 14:15:01 +0000 Subject: [PATCH] Protect pool_get() with kernel lock in sys_ypconnect(). Pool namei_pool is initialized with IPL_NONE as filesystem always runs with kernel lock. So pool_get() needs kernel lock also in sys_ypconnect(). OK kn@ deraadt@ --- sys/kern/uipc_syscalls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index c57950af2ea..97690f8db5b 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.217 2024/02/03 22:50:09 mvs Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.218 2024/03/01 14:15:01 bluhm Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -1560,12 +1560,12 @@ sys_ypconnect(struct proc *p, void *v, register_t *retval) if (p->p_p->ps_flags & PS_CHROOT) return EACCES; + KERNEL_LOCK(); name = pool_get(&namei_pool, PR_WAITOK); snprintf(name, MAXPATHLEN, "/var/yp/binding/%s.2", domainname); NDINIT(&nid, 0, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, name, p); nid.ni_pledge = PLEDGE_RPATH; - KERNEL_LOCK(); error = namei(&nid); pool_put(&namei_pool, name); if (error) -- 2.20.1