[Bug 251915] TOCTOU race between tty_signal_sessleader() and killjobc()
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 17 19:51:50 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251915
--- Comment #7 from commit-hook at FreeBSD.org ---
A commit references this bug:
Author: kib
Date: Thu Dec 17 19:51:39 UTC 2020
New revision: 368735
URL: https://svnweb.freebsd.org/changeset/base/368735
Log:
Fix a race in tty_signal_sessleader() with unlocked read of s_leader.
Since we do not own the session lock, a parallel killjobc() might
reset s_leader to NULL after we checked it. Read s_leader only once
and ensure that compiler is not allowed to reload.
While there, make access to t_session somewhat more pretty by using
local variable.
PR: 251915
Submitted by: Jakub Piecuch <j.piecuch96 at gmail.com>
MFC after: 1 week
Changes:
head/sys/kern/tty.c
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list