null pointer dereference panic in cap_rights_contains() on 11.0-CURRENT r285785 amd64
Mateusz Guzik
mjguzik at gmail.com
Thu Jul 23 23:09:40 UTC 2015
On Fri, Jul 24, 2015 at 02:07:17AM +0300, Sergey Kandaurov wrote:
> On 24 July 2015 at 01:24, Don Lewis <truckman at freebsd.org> wrote:
> > I just got this panic while using poudriere to build packages for
> > FreeBSD 8.4 i386.
> [..]
> > db> bt
> > Tracing pid 78211 tid 101405 td 0xfffff80139td29a0
> > cap_rights_contains() at cap_rights_contains+0x24/frame
> > 0xfffffe005acc772d0
> > cap_check() at cap_check+0x15/frame 0xfffffe005acc7800
> > fget_unlocked() at fget_unlocked+0xca/frame 0xfffffe005acc7870
> > fget() at fget+0x2b/frame 0xfffffe005acc78a0
> > ksem_get at ksem_get+0x1e/frame 0xfffffe05acc78e0
> > sys_ksem_close() at sys_ksem_close+0x23/frame 0xfffffe005acc7920
> > ia32_syscall() at ia32_syscall+0x2a5/frame 0xfffffe005acc7a30
> > Xint0x00_syscall() at Xint0x00_syscall+0x95/frame 0xfffffe00acc7a30
> > --- syscall (400, FreeBSD ELF32, sys_ksem_close), rip = 0x2828676b, rsp
> > = 0xffffc60c, rbp = 0xffffc628 ---
> >
> >
>
> Looks like this was missed after r284442.
>
> Index: kern/uipc_sem.c
> ===================================================================
> --- kern/uipc_sem.c (revision 285723)
> +++ kern/uipc_sem.c (working copy)
> @@ -651,12 +651,13 @@
> int
> sys_ksem_close(struct thread *td, struct ksem_close_args *uap)
> {
> + cap_rights_t rights;
> struct ksem *ks;
> struct file *fp;
> int error;
>
> /* No capability rights required to close a semaphore. */
> - error = ksem_get(td, uap->id, 0, &fp);
> + error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp);
> if (error)
> return (error);
> ks = fp->f_data;
> @@ -872,12 +873,13 @@
> int
> sys_ksem_destroy(struct thread *td, struct ksem_destroy_args *uap)
> {
> + cap_rights_t rights;
> struct file *fp;
> struct ksem *ks;
> int error;
>
> /* No capability rights required to close a semaphore. */
> - error = ksem_get(td, uap->id, 0, &fp);
> + error = ksem_get(td, uap->id, cap_rights_init(&rights), &fp);
> if (error)
> return (error);
> ks = fp->f_data;
>
>
Correct, please commit.
--
Mateusz Guzik <mjguzik gmail.com>
More information about the freebsd-current
mailing list