diff options
| author | Dmitry Chagin <dchagin@FreeBSD.org> | 2023-01-30 16:28:54 +0000 |
|---|---|---|
| committer | Dmitry Chagin <dchagin@FreeBSD.org> | 2023-02-06 19:06:31 +0000 |
| commit | 11ade1dffc8dbdcf2541b2f9b2da61a998ccafc7 (patch) | |
| tree | 419d06c68225b801784cdf8baf3615b4b2cf1d37 | |
| parent | d23a3b412955ec9c4505936ea0d98354802a35ce (diff) | |
| download | src-11ade1dffc8dbdcf2541b2f9b2da61a998ccafc7.tar.gz src-11ade1dffc8dbdcf2541b2f9b2da61a998ccafc7.zip | |
cpuset: Handle CPU_WHICH_TIDPID wherever cpuset_which() is called.
cpuset_which() resolves the argument pair which and id and returns references
to an appropriate resources. To avoid leaking resources or accessing unresolved
references to a resources handle new which CPU_WHICH_TIDPID wherever
cpuset_which() is called.
To avoid code duplication cpuset_which2() has been added.
Reported by: syzbot+331e8402e0f7347f0f2a@syzkaller.appspotmail.com
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D38272
MFC after: 2 weeks
(cherry picked from commit 2058f075b4afc543b8735599bea7278e37b2e9f9)
| -rw-r--r-- | sys/kern/kern_cpuset.c | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c index 1c8fa09cc224..dfc32d01295e 100644 --- a/sys/kern/kern_cpuset.c +++ b/sys/kern/kern_cpuset.c @@ -150,6 +150,8 @@ SYSCTL_UINT(_kern_sched, OID_AUTO, cpusetsizemin, cpuset_t *cpuset_root; cpuset_t cpuset_domain[MAXMEMDOM]; +static int cpuset_which2(cpuwhich_t *, id_t, struct proc **, struct thread **, + struct cpuset **); static int domainset_valid(const struct domainset *, const struct domainset *); /* @@ -989,6 +991,20 @@ cpuset_which(cpuwhich_t which, id_t id, struct proc **pp, struct thread **tdp, } static int +cpuset_which2(cpuwhich_t *which, id_t id, struct proc **pp, struct thread **tdp, + struct cpuset **setp) +{ + + if (*which == CPU_WHICH_TIDPID) { + if (id == -1 || id > PID_MAX) + *which = CPU_WHICH_TID; + else + *which = CPU_WHICH_PID; + } + return (cpuset_which(*which, id, pp, tdp, setp)); +} + +static int cpuset_testshadow(struct cpuset *set, const cpuset_t *mask, const struct domainset *domain) { @@ -1902,6 +1918,7 @@ kern_cpuset_getid(struct thread *td, cpulevel_t level, cpuwhich_t which, switch (which) { case CPU_WHICH_TID: case CPU_WHICH_PID: + case CPU_WHICH_TIDPID: thread_lock(ttd); set = cpuset_refbase(ttd->td_cpuset); thread_unlock(ttd); @@ -1963,7 +1980,7 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t level, cpuwhich_t which, error = cpuset_check_capabilities(td, level, which, id); if (error != 0) return (error); - error = cpuset_which(which, id, &p, &ttd, &set); + error = cpuset_which2(&which, id, &p, &ttd, &set); if (error != 0) return (error); switch (level) { @@ -2006,19 +2023,6 @@ kern_cpuset_getaffinity(struct thread *td, cpulevel_t level, cpuwhich_t which, thread_unlock(ttd); } break; - case CPU_WHICH_TIDPID: - if (id > PID_MAX || id == -1) { - thread_lock(ttd); - CPU_COPY(&ttd->td_cpuset->cs_mask, mask); - thread_unlock(ttd); - break; - } - FOREACH_THREAD_IN_PROC(p, ttd) { - thread_lock(ttd); - CPU_OR(mask, mask, &ttd->td_cpuset->cs_mask); - thread_unlock(ttd); - } - break; case CPU_WHICH_CPUSET: case CPU_WHICH_JAIL: CPU_COPY(&set->cs_mask, mask); @@ -2138,6 +2142,7 @@ kern_cpuset_setaffinity(struct thread *td, cpulevel_t level, cpuwhich_t which, switch (which) { case CPU_WHICH_TID: case CPU_WHICH_PID: + case CPU_WHICH_TIDPID: thread_lock(ttd); set = cpuset_ref(ttd->td_cpuset); thread_unlock(ttd); @@ -2283,7 +2288,7 @@ kern_cpuset_getdomain(struct thread *td, cpulevel_t level, cpuwhich_t which, return (error); mask = malloc(domainsetsize, M_TEMP, M_WAITOK | M_ZERO); bzero(&outset, sizeof(outset)); - error = cpuset_which(which, id, &p, &ttd, &set); + error = cpuset_which2(&which, id, &p, &ttd, &set); if (error) goto out; switch (level) { @@ -2475,6 +2480,7 @@ kern_cpuset_setdomain(struct thread *td, cpulevel_t level, cpuwhich_t which, switch (which) { case CPU_WHICH_TID: case CPU_WHICH_PID: + case CPU_WHICH_TIDPID: thread_lock(ttd); set = cpuset_ref(ttd->td_cpuset); thread_unlock(ttd); @@ -2506,6 +2512,13 @@ kern_cpuset_setdomain(struct thread *td, cpulevel_t level, cpuwhich_t which, case CPU_WHICH_PID: error = cpuset_setproc(id, NULL, NULL, &domain, false); break; + case CPU_WHICH_TIDPID: + if (id > PID_MAX || id == -1) + error = _cpuset_setthread(id, NULL, &domain); + else + error = cpuset_setproc(id, NULL, NULL, &domain, + false); + break; case CPU_WHICH_CPUSET: case CPU_WHICH_JAIL: error = cpuset_which(which, id, &p, &ttd, &set); |