d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For non-stopped threads, td_frame pointer is undefined. As a

Browse Source 
consequence, fill_regs() and fill_fpregs() access random data, usually
on the thread kernel stack. Most often the td_frame points to the
previous frame saved by last kernel entry sequence, but this is not
guaranteed.

For /proc/<pid>/{regs,fpregs} read access, require the thread to be in
stopped state. Otherwise, return EBUSY as is done for write case.

Reported and tested by:	pho
Approved by:	des (procfs maintainer)
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2010-12-02 12:44:51 +00:00
parent d74edf7f5d
commit 847e02e941
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/fs/procfs/procfs_fpregs.c
View File

@ -97,6 +97,10 @@ procfs_doprocfpregs(PFS_FILL_ARGS)
PROC_UNLOCK(p);
return (EPERM);
}
if (!P_SHOULDSTOP(p)) {
PROC_UNLOCK(p);
return (EBUSY);
}
/* XXXKSE: */
td2 = FIRST_THREAD_IN_PROC(p);

4
sys/fs/procfs/procfs_regs.c
View File

@ -97,6 +97,10 @@ procfs_doprocregs(PFS_FILL_ARGS)
PROC_UNLOCK(p);
return (EPERM);
}
if (!P_SHOULDSTOP(p)) {
PROC_UNLOCK(p);
return (EBUSY);
}
/* XXXKSE: */
td2 = FIRST_THREAD_IN_PROC(p);