summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authoranton <anton@cvs.openbsd.org>2020-10-10 07:07:47 +0000
committeranton <anton@cvs.openbsd.org>2020-10-10 07:07:47 +0000
commitcb9b1be14607aa3cd5f9c3f7114fa4fcf84c3555 (patch)
tree9596bc996078b632565b615345c46fc3e380bcd5 /sys
parent527b4a64a9a706189639ba08c20fd18fd6e8a978 (diff)
Clear the kcov device for the current thread before freeing the same
kcov device. Prevents a use-after-free, note I've never seen this one in practice.
Diffstat (limited to 'sys')
-rw-r--r--sys/dev/kcov.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/dev/kcov.c b/sys/dev/kcov.c
index 39d7d863337..8e9822b4533 100644
--- a/sys/dev/kcov.c
+++ b/sys/dev/kcov.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kcov.c,v 1.35 2020/10/04 18:49:22 anton Exp $ */
+/* $OpenBSD: kcov.c,v 1.36 2020/10/10 07:07:46 anton Exp $ */
/*
* Copyright (c) 2018 Anton Lindqvist <anton@openbsd.org>
@@ -436,14 +436,15 @@ kcov_exit(struct proc *p)
}
if (kd->kd_state == KCOV_STATE_DYING) {
+ p->p_kd = NULL;
kd_free(kd);
} else {
kd->kd_state = KCOV_STATE_READY;
kd->kd_mode = KCOV_MODE_NONE;
if (kd->kd_kr != NULL)
kr_barrier(kd->kd_kr);
+ p->p_kd = NULL;
}
- p->p_kd = NULL;
mtx_leave(&kcov_mtx);
}