git: d5eae57088f5 - main - sysctl: Make sysctl_ctx_free() a bit safer
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 02 May 2024 20:01:00 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=d5eae57088f5eec5df49fea8e8623521f596db68
commit d5eae57088f5eec5df49fea8e8623521f596db68
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-05-01 11:57:56 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-05-02 19:42:28 +0000
sysctl: Make sysctl_ctx_free() a bit safer
Clear the list before returning so that sysctl_ctx_free() can be called
more than once on the same list without side effects. This simplifies
error handling in drivers; previously, drivers would have to be careful
to call sysctl_ctx_free() at most once to avoid a use-after-free.
While here, use TAILQ_FOREACH_SAFE in the loop which unregisters OIDs.
Reviewed by: thj, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45041
---
sys/kern/kern_sysctl.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index f714f78cf4da..e139d9c39181 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -651,17 +651,15 @@ sysctl_ctx_free(struct sysctl_ctx_list *clist)
return(EBUSY);
}
/* Now really delete the entries */
- e = TAILQ_FIRST(clist);
- while (e != NULL) {
- e1 = TAILQ_NEXT(e, link);
+ TAILQ_FOREACH_SAFE(e, clist, link, e1) {
error = sysctl_remove_oid_locked(e->entry, 1, 0);
if (error)
panic("sysctl_remove_oid: corrupt tree, entry: %s",
e->entry->oid_name);
free(e, M_SYSCTLOID);
- e = e1;
}
SYSCTL_WUNLOCK();
+ TAILQ_INIT(clist);
return (error);
}