Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-doc
 Path: blob/main/website/static/security/patches/EN-14:06/exec-9.2.patch
18096 views
1
Index: sys/kern/kern_exec.c

2
===================================================================

3
--- sys/kern/kern_exec.c	(revision 266979)

4
+++ sys/kern/kern_exec.c	(working copy)

5
@@ -280,6 +280,7 @@ kern_execve(td, args, mac_p)

6
 	struct mac *mac_p;

7
 {

8
 	struct proc *p = td->td_proc;

9
+	struct vmspace *oldvmspace;

10
 	int error;

11
 

12
 	AUDIT_ARG_ARGV(args->begin_argv, args->argc,

13
@@ -296,6 +297,8 @@ kern_execve(td, args, mac_p)

14
 		PROC_UNLOCK(p);

15
 	}

16
 

17
+	KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));

18
+	oldvmspace = td->td_proc->p_vmspace;

19
 	error = do_execve(td, args, mac_p);

20
 

21
 	if (p->p_flag & P_HADTHREADS) {

22
@@ -310,6 +313,12 @@ kern_execve(td, args, mac_p)

23
 			thread_single_end();

24
 		PROC_UNLOCK(p);

25
 	}

26
+	if ((td->td_pflags & TDP_EXECVMSPC) != 0) {

27
+		KASSERT(td->td_proc->p_vmspace != oldvmspace,

28
+		    ("oldvmspace still used"));

29
+		vmspace_free(oldvmspace);

30
+		td->td_pflags &= ~TDP_EXECVMSPC;

31
+	}

32
 

33
 	return (error);

34
 }

35
Index: sys/sys/proc.h

36
===================================================================

37
--- sys/sys/proc.h	(revision 266979)

38
+++ sys/sys/proc.h	(working copy)

39
@@ -977,4 +977,5 @@ curthread_pflags_restore(int save)

40
 

41
 #endif	/* _KERNEL */

42
 

43
+#define	TDP_EXECVMSPC	0x40000000 /* Execve destroyed old vmspace */

44
 #endif	/* !_SYS_PROC_H_ */

45
Index: sys/vm/vm_map.c

46
===================================================================

47
--- sys/vm/vm_map.c	(revision 266979)

48
+++ sys/vm/vm_map.c	(working copy)

49
@@ -3669,6 +3669,8 @@ vmspace_exec(struct proc *p, vm_offset_t minuser,

50
 	struct vmspace *oldvmspace = p->p_vmspace;

51
 	struct vmspace *newvmspace;

52
 

53
+	KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,

54
+	    ("vmspace_exec recursed"));

55
 	newvmspace = vmspace_alloc(minuser, maxuser);

56
 	if (newvmspace == NULL)

57
 		return (ENOMEM);

58
@@ -3685,7 +3687,7 @@ vmspace_exec(struct proc *p, vm_offset_t minuser,

59
 	PROC_VMSPACE_UNLOCK(p);

60
 	if (p == curthread->td_proc)

61
 		pmap_activate(curthread);

62
-	vmspace_free(oldvmspace);

63
+	curthread->td_pflags |= TDP_EXECVMSPC;

64
 	return (0);

65
 }

66
 

67


68