From cfa04ad75ce990cccbd6b3681a2344d3ef7ffe71 Mon Sep 17 00:00:00 2001 From: kn Date: Wed, 19 Jan 2022 10:43:48 +0000 Subject: [PATCH] Grab the kernel lock in uvm_wxcheck() when aborting the process kern.wxabort=1 logs and kills programs after W^X violations. At least sigexit() -> coredump() as well as the non-atomic increment of ps_wxcounter require protection, so grab the big lock for the entire block. This is part of the effort to unlock mmap(2)'s MAP_ANON case. Feedback mvs claudio kettenis deraadt OK kettenis --- sys/uvm/uvm_mmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c index d721562cd5f..7956206d866 100644 --- a/sys/uvm/uvm_mmap.c +++ b/sys/uvm/uvm_mmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_mmap.c,v 1.168 2022/01/05 17:53:44 guenther Exp $ */ +/* $OpenBSD: uvm_mmap.c,v 1.169 2022/01/19 10:43:48 kn Exp $ */ /* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */ /* @@ -183,12 +183,14 @@ uvm_wxcheck(struct proc *p, char *call) return 0; if (uvm_wxabort) { + KERNEL_LOCK(); /* Report W^X failures */ if (pr->ps_wxcounter++ == 0) log(LOG_NOTICE, "%s(%d): %s W^X violation\n", pr->ps_comm, pr->ps_pid, call); /* Send uncatchable SIGABRT for coredump */ sigexit(p, SIGABRT); + KERNEL_UNLOCK(); } return ENOTSUP; -- 2.20.1