diff options
| author | jilles <jilles@FreeBSD.org> | 2016-06-23 20:59:13 +0000 |
|---|---|---|
| committer | jilles <jilles@FreeBSD.org> | 2016-06-23 20:59:13 +0000 |
| commit | 0c4cfbe0d1948b394b323eca8815a3970a65471d (patch) | |
| tree | ac6a4f34df1ffbf9230348a27b546a12c26452e0 /sys/kern | |
| parent | ab14b434c175ecf71563899622d311668779e65c (diff) | |
| download | FreeBSD-src-0c4cfbe0d1948b394b323eca8815a3970a65471d.zip FreeBSD-src-0c4cfbe0d1948b394b323eca8815a3970a65471d.tar.gz | |
posixshm: Fix lock leak when mac_posixshm_check_read rejects read.
While reading the code, I noticed that shm_read() returns without unlocking
foffset and rangelock if mac_posixshm_check_read() rejects the read.
Reviewed by: kib, jhb, rwatson
Approved by: re (gjb)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6927
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/uipc_shm.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/kern/uipc_shm.c b/sys/kern/uipc_shm.c index 4503139..1096a16 100644 --- a/sys/kern/uipc_shm.c +++ b/sys/kern/uipc_shm.c @@ -295,14 +295,14 @@ shm_read(struct file *fp, struct uio *uio, struct ucred *active_cred, int error; shmfd = fp->f_data; - foffset_lock_uio(fp, uio, flags); - rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, - uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); #ifdef MAC error = mac_posixshm_check_read(active_cred, fp->f_cred, shmfd); if (error) return (error); #endif + foffset_lock_uio(fp, uio, flags); + rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, + uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); error = uiomove_object(shmfd->shm_object, shmfd->shm_size, uio); rangelock_unlock(&shmfd->shm_rl, rl_cookie, &shmfd->shm_mtx); foffset_unlock_uio(fp, uio, flags); |
