CVS commit: src/sys/kern

Wed, 02 Jun 2021 18:00:25 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Thu Jun  3 01:00:15 UTC 2021

Modified Files:
        src/sys/kern: kern_ksyms.c

Log Message:
ksyms(4): Fix race in ksymsread iteration.

TAILQ_NEXT(ksyms_last_snapshot) might change while we are iterating,
but ksyms_last_snapshot itself cannot, so invert the loop structure.

Discussed with rin@.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/sys/kern/kern_ksyms.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_ksyms.c
diff -u src/sys/kern/kern_ksyms.c:1.94 src/sys/kern/kern_ksyms.c:1.95
--- src/sys/kern/kern_ksyms.c:1.94	Wed Jun  2 15:43:33 2021
+++ src/sys/kern/kern_ksyms.c	Thu Jun  3 01:00:15 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_ksyms.c,v 1.94 2021/06/02 15:43:33 rin Exp $	*/
+/*	$NetBSD: kern_ksyms.c,v 1.95 2021/06/03 01:00:15 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -73,7 +73,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.94 2021/06/02 15:43:33 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.95 2021/06/03 01:00:15 riastradh Exp $");
 
 #if defined(_KERNEL) && defined(_KERNEL_OPT)
 #include "opt_copy_symtab.h"
@@ -1087,7 +1087,7 @@ ksymsread(dev_t dev, struct uio *uio, in
 	 */
 	filepos = sizeof(struct ksyms_hdr);
 	for (st = TAILQ_FIRST(&ksyms_symtabs);
-	     st != TAILQ_NEXT(ksyms_last_snapshot, sd_queue);
+	     ;
 	     st = TAILQ_NEXT(st, sd_queue)) {
 		if (__predict_false(st->sd_gone))
 			continue;
@@ -1101,6 +1101,8 @@ ksymsread(dev_t dev, struct uio *uio, in
 				return error;
 		}
 		filepos += st->sd_symsize;
+		if (st == ksyms_last_snapshot)
+			break;
 	}
 
 	/*
@@ -1109,7 +1111,7 @@ ksymsread(dev_t dev, struct uio *uio, in
 	KASSERT(filepos <= sizeof(struct ksyms_hdr) +
 	    ksyms_hdr.kh_shdr[SYMTAB].sh_size);
 	for (st = TAILQ_FIRST(&ksyms_symtabs);
-	     st != TAILQ_NEXT(ksyms_last_snapshot, sd_queue);
+	     ;
 	     st = TAILQ_NEXT(st, sd_queue)) {
 		if (__predict_false(st->sd_gone))
 			continue;
@@ -1123,6 +1125,8 @@ ksymsread(dev_t dev, struct uio *uio, in
 				return error;
 		}
 		filepos += st->sd_strsize;
+		if (st == ksyms_last_snapshot)
+			break;
 	}
 
 	/*

Reply via email to