diff options
author | kib <kib@FreeBSD.org> | 2010-12-02 12:44:51 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2010-12-02 12:44:51 +0000 |
commit | fa728dd4eada8c1f067e843700e82fcb855a0881 (patch) | |
tree | 603f3845b79baab5716aa0d9c119188c51cbf93d /sys/fs | |
parent | e6bd4821dc59cc0a8030842682b88e8513e69b52 (diff) | |
download | FreeBSD-src-fa728dd4eada8c1f067e843700e82fcb855a0881.zip FreeBSD-src-fa728dd4eada8c1f067e843700e82fcb855a0881.tar.gz |
For non-stopped threads, td_frame pointer is undefined. As a
consequence, fill_regs() and fill_fpregs() access random data, usually
on the thread kernel stack. Most often the td_frame points to the
previous frame saved by last kernel entry sequence, but this is not
guaranteed.
For /proc/<pid>/{regs,fpregs} read access, require the thread to be in
stopped state. Otherwise, return EBUSY as is done for write case.
Reported and tested by: pho
Approved by: des (procfs maintainer)
MFC after: 1 week
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/procfs/procfs_fpregs.c | 4 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_regs.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/sys/fs/procfs/procfs_fpregs.c b/sys/fs/procfs/procfs_fpregs.c index c35b066..541efed 100644 --- a/sys/fs/procfs/procfs_fpregs.c +++ b/sys/fs/procfs/procfs_fpregs.c @@ -97,6 +97,10 @@ procfs_doprocfpregs(PFS_FILL_ARGS) PROC_UNLOCK(p); return (EPERM); } + if (!P_SHOULDSTOP(p)) { + PROC_UNLOCK(p); + return (EBUSY); + } /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); diff --git a/sys/fs/procfs/procfs_regs.c b/sys/fs/procfs/procfs_regs.c index 5bf1c0a..605d1c6 100644 --- a/sys/fs/procfs/procfs_regs.c +++ b/sys/fs/procfs/procfs_regs.c @@ -97,6 +97,10 @@ procfs_doprocregs(PFS_FILL_ARGS) PROC_UNLOCK(p); return (EPERM); } + if (!P_SHOULDSTOP(p)) { + PROC_UNLOCK(p); + return (EBUSY); + } /* XXXKSE: */ td2 = FIRST_THREAD_IN_PROC(p); |