CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2024/01/18 18:43:27
Modified files:
sys/kern : kern_exit.c kern_fork.c kern_proc.c
kern_sysctl.c
sys/sys : proc.h
Log message:
Backout priterator() for walking allprocess list.
This approach does not work as LIST_NEXT() of a removed element
does not return NULL. I causes a crash in syzcaller and triggers
kernel diagnostic assertion "vp->v_uvcount == 0" in sys/kern/kern_unveil.c
line 845 during reboot. Unfortunately the backout brings back the
race in fill_file() and fstat(1) may crash the kernel.
Reported-by: syzbot+54fba1c004d7383d5...@syzkaller.appspotmail.com
