Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Add three KASSERTs, to detect refcount bugs.



details:   https://anonhg.NetBSD.org/src/rev/0030a33b55fc
branches:  trunk
changeset: 971294:0030a33b55fc
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Apr 20 16:32:03 2020 +0000

description:
Add three KASSERTs, to detect refcount bugs.

This narrows down an unknown bug in some place near, that has manifested
itself in various forms (use-after-frees, uninit accesses, page faults,
segmentation faults), all pointed out by syzbot.

The first KASSERT in fixjobc() fires when the bug is encountered.

diffstat:

 sys/kern/kern_proc.c |  19 +++++++++++++------
 1 files changed, 13 insertions(+), 6 deletions(-)

diffs (54 lines):

diff -r 1a32ba7fe16f -r 0030a33b55fc sys/kern/kern_proc.c
--- a/sys/kern/kern_proc.c      Mon Apr 20 16:12:28 2020 +0000
+++ b/sys/kern/kern_proc.c      Mon Apr 20 16:32:03 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_proc.c,v 1.244 2020/04/19 20:31:59 thorpej Exp $  */
+/*     $NetBSD: kern_proc.c,v 1.245 2020/04/20 16:32:03 maxv Exp $     */
 
 /*-
  * Copyright (c) 1999, 2006, 2007, 2008, 2020 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.244 2020/04/19 20:31:59 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.245 2020/04/20 16:32:03 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_kstack.h"
@@ -554,6 +554,7 @@
 {
 
        KASSERT(mutex_owned(proc_lock));
+       KASSERT(ss->s_count > 0);
        /*
         * We keep the pgrp with the same id as the session in order to
         * stop a process being given the same pid.  Since the pgrp holds
@@ -1181,8 +1182,11 @@
                if (entering) {
                        pgrp->pg_jobc++;
                        p->p_lflag &= ~PL_ORPHANPG;
-               } else if (--pgrp->pg_jobc == 0)
-                       orphanpg(pgrp);
+               } else {
+                       KASSERT(pgrp->pg_jobc > 0);
+                       if (--pgrp->pg_jobc == 0)
+                               orphanpg(pgrp);
+               }
        }
 
        /*
@@ -1197,8 +1201,11 @@
                        if (entering) {
                                child->p_lflag &= ~PL_ORPHANPG;
                                hispgrp->pg_jobc++;
-                       } else if (--hispgrp->pg_jobc == 0)
-                               orphanpg(hispgrp);
+                       } else {
+                               KASSERT(hispgrp->pg_jobc > 0);
+                               if (--hispgrp->pg_jobc == 0)
+                                       orphanpg(hispgrp);
+                       }
                }
        }
 }



Home | Main Index | Thread Index | Old Index