PR: 277240, 277329 Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
Details
Details
- Reviewers
pjd kib - Commits
- rGf3195cc08ccc: kern: fix panic with disabled ttys
rGa3ec3054762f: kern: fix panic with disabled ttys
rG814761540eb9: kern: fix panic with disabled ttys
rGa60220bbb551: kern: fix panic with disabled ttys
rG8d22744f5be1: kern: fix panic with disabled ttys
rG975d7730828a: kern: fix panic with disabled ttys
Diff Detail
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
Just a note, this is still racy.
I originally had just (p = tp->t_session->s_leader) != NULL but then copied the example from tty_signal_sessleader. To make sure I understand correctly there's not a unique problem with my use but rather this pattern in general?
Comment Actions
The session is not locked, so leader might be changed under us. It should not cause kernel memory corruption, since struct proc is type-stable, but in principle results in accessing tp after the test result is potentially invalid outright or invalidated after the check.