svn commit: r354629 - head/sys/kern
Mark Johnston
markj at FreeBSD.org
Mon Nov 11 20:44:31 UTC 2019
Author: markj
Date: Mon Nov 11 20:44:30 2019
New Revision: 354629
URL: https://svnweb.freebsd.org/changeset/base/354629
Log:
Fix handling of PIPE_EOF in the direct write path.
Suppose a writing thread has pinned its pages and gone to sleep with
pipe_map.cnt > 0. Suppose that the thread is woken up by a signal (so
error != 0) and the other end of the pipe has simultaneously been
closed. In this case, to satisfy the assertion about pipe_map.cnt in
pipe_destroy_write_buffer(), we must mark the buffer as empty.
Reported by: syzbot+5cce271bf2cb1b1e1876 at syzkaller.appspotmail.com
Reviewed by: kib
Tested by: pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22261
Modified:
head/sys/kern/sys_pipe.c
Modified: head/sys/kern/sys_pipe.c
==============================================================================
--- head/sys/kern/sys_pipe.c Mon Nov 11 19:54:08 2019 (r354628)
+++ head/sys/kern/sys_pipe.c Mon Nov 11 20:44:30 2019 (r354629)
@@ -970,15 +970,8 @@ retry:
goto error1;
}
- while (wpipe->pipe_map.cnt != 0) {
- if (wpipe->pipe_state & PIPE_EOF) {
- wpipe->pipe_map.cnt = 0;
- pipe_destroy_write_buffer(wpipe);
- pipeselwakeup(wpipe);
- pipeunlock(wpipe);
- error = EPIPE;
- goto error1;
- }
+ while (wpipe->pipe_map.cnt != 0 &&
+ (wpipe->pipe_state & PIPE_EOF) == 0) {
if (wpipe->pipe_state & PIPE_WANTR) {
wpipe->pipe_state &= ~PIPE_WANTR;
wakeup(wpipe);
@@ -993,12 +986,16 @@ retry:
break;
}
- if (wpipe->pipe_state & PIPE_EOF)
+ if ((wpipe->pipe_state & PIPE_EOF) != 0) {
+ wpipe->pipe_map.cnt = 0;
+ pipe_destroy_write_buffer(wpipe);
+ pipeselwakeup(wpipe);
error = EPIPE;
- if (error == EINTR || error == ERESTART)
+ } else if (error == EINTR || error == ERESTART) {
pipe_clone_write_buffer(wpipe);
- else
+ } else {
pipe_destroy_write_buffer(wpipe);
+ }
pipeunlock(wpipe);
KASSERT((wpipe->pipe_state & PIPE_DIRECTW) == 0,
("pipe %p leaked PIPE_DIRECTW", wpipe));
More information about the svn-src-all
mailing list