[Bug 272151] panic: use-after-free tty race condition

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272151] panic: use-after-free tty race condition"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 22 Jun 2023 17:13:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272151

Kyle Evans <kevans@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dchagin@FreeBSD.org,
                   |                            |kevans@freebsd.org,
                   |                            |markj@FreeBSD.org

--- Comment #1 from Kyle Evans <kevans@freebsd.org> ---
I guess the implication is that we're hitting
https://cgit.freebsd.org/src/tree/sys/kern/kern_event.c#n1732 with a NULL
kn->kn_knlist, in which case the previous kn_list_lock() was effectively a nop
and we're not meeting the invariant described in kqueue(9):

     The knlist_*() family of functions are for managing knotes associated
     with an object.  A knlist is not required, but is commonly used.  If
     used, the knlist must be initialized with either knlist_init() or
     knlist_init_mtx().  The knlist structure may be embedded into the object
     structure.  *The lock will be held over f_event calls.*

Maybe dchagin@ or markj@ can comment a little further on this one.

-- 
You are receiving this mail because:
You are the assignee for the bug.