diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2010-12-02 12:44:51 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2010-12-02 12:44:51 +0000 |
| commit | 847e02e941ca172e7697284f6b28d9bebf4e9254 (patch) | |
| tree | 603f3845b79baab5716aa0d9c119188c51cbf93d /sys/fs/procfs | |
| parent | d74edf7f5de6b47beb49a516eb5b14f748a54aa7 (diff) | |
| download | src-847e02e941ca172e7697284f6b28d9bebf4e9254.tar.gz src-847e02e941ca172e7697284f6b28d9bebf4e9254.zip | |
For non-stopped threads, td_frame pointer is undefined. As a
consequence, fill_regs() and fill_fpregs() access random data, usually
on the thread kernel stack. Most often the td_frame points to the
previous frame saved by last kernel entry sequence, but this is not
guaranteed.
For /proc/<pid>/{regs,fpregs} read access, require the thread to be in
stopped state. Otherwise, return EBUSY as is done for write case.
Reported and tested by: pho
Approved by: des (procfs maintainer)
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=216120
Diffstat (limited to 'sys/fs/procfs')
| -rw-r--r-- | sys/fs/procfs/procfs_fpregs.c | 4 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_regs.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/sys/fs/procfs/procfs_fpregs.c b/sys/fs/procfs/procfs_fpregs.c index c35b0660f1ad..541efed6b3bb 100644 --- a/sys/fs/procfs/procfs_fpregs.c +++ b/sys/fs/procfs/procfs_fpregs.c @@ -97,6 +97,10 @@ procfs_doprocfpregs(PFS_FILL_ARGS) PROC_UNLOCK(p); return (EPERM); } + if (!P_SHOULDSTOP(p)) { + PROC_UNLOCK(p); + return (EBUSY); + } /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); diff --git a/sys/fs/procfs/procfs_regs.c b/sys/fs/procfs/procfs_regs.c index 5bf1c0ac7f9f..605d1c64de4a 100644 --- a/sys/fs/procfs/procfs_regs.c +++ b/sys/fs/procfs/procfs_regs.c @@ -97,6 +97,10 @@ procfs_doprocregs(PFS_FILL_ARGS) PROC_UNLOCK(p); return (EPERM); } + if (!P_SHOULDSTOP(p)) { + PROC_UNLOCK(p); + return (EBUSY); + } /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); |