git: 6a572920f251 - main - kern_procctl(PROC_WX_MAPPINGS_PERMIT): ensure stability of the target vmspace

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sun, 21 Jun 2026 11:48:10 UTC

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=6a572920f251ac8ac6a80a55d4d039736ea7dd65

commit 6a572920f251ac8ac6a80a55d4d039736ea7dd65
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-15 13:32:47 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-21 11:46:53 +0000

    kern_procctl(PROC_WX_MAPPINGS_PERMIT): ensure stability of the target vmspace
    
    Reviewed by:    markj
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D57497
---
 sys/kern/kern_procctl.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c
index c8d14aa2f2f6..581b24f21d3c 100644
--- a/sys/kern/kern_procctl.c
+++ b/sys/kern/kern_procctl.c
@@ -40,6 +40,7 @@
 #include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/procctl.h>
+#include <sys/ptrace.h>
 #include <sys/sx.h>
 #include <sys/syscallsubr.h>
 #include <sys/sysproto.h>
@@ -877,22 +878,27 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data)
 {
 	struct vmspace *vm;
 	vm_map_t map;
-	int state;
+	int error, state;
 
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 	state = *(int *)data;
+	error = 0;
 
 	switch (state) {
 	case PROC_WX_MAPPINGS_PERMIT:
-		p->p_flag2 |= P2_WXORX_DISABLE;
 		PROC_UNLOCK(p);
-		vm = vmspace_acquire_ref(p);
-		if (vm != NULL) {
+		error = proc_vmspace_ref(td, p, PRVM_BLOCK_EXEC |
+		    PRVM_CHECK_DEBUG, &vm);
+		if (error == 0) {
 			map = &vm->vm_map;
 			vm_map_lock(map);
 			map->flags &= ~MAP_WXORX;
 			vm_map_unlock(map);
-			vmspace_free(vm);
+			PROC_LOCK(p);
+			p->p_flag2 |= P2_WXORX_DISABLE;
+			PROC_UNLOCK(p);
+			proc_vmspace_unref(td, p, PRVM_BLOCK_EXEC |
+			    PRVM_CHECK_DEBUG, vm);
 		}
 		PROC_LOCK(p);
 		break;
@@ -900,10 +906,11 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data)
 		p->p_flag2 |= P2_WXORX_ENABLE_EXEC;
 		break;
 	default:
-		return (EINVAL);
+		error = EINVAL;
+		break;
 	}
 
-	return (0);
+	return (error);
 }
 
 static int