Changeset 07d4271 in mainline for kernel/generic/src/proc/program.c

Timestamp:

2024-01-25T16:22:55Z (12 months ago)

Author:

Jiří Zárevúcky <zarevucky.jiri@…>

Branches:

master

Children:

f8b69a1e

Parents:

1a1e124

git-author:

Jiří Zárevúcky <zarevucky.jiri@…> (2024-01-25 15:56:31)

git-committer:

Jiří Zárevúcky <zarevucky.jiri@…> (2024-01-25 16:22:55)

Message:

Fix some unsound task reference manipulation and locking

In some operations that take task ID as an argument,
there's a possibility of the task being destroyed mid-operation
and a subsequent use-after-free situation.
As a general solution, task_find_by_id() is reimplemented to
check for this situation and always return a valid strong reference.
The callers then only need to handle the reference itself, and
don't need to concern themselves with tasks_lock.

File:

• kernel/generic/src/proc/program.c (modified) (2 diffs)

kernel/generic/src/proc/program.c

@@ -99 +99 @@
         if (!area) {
                 free(kernel_uarg);
-                task_destroy(prg->task);
+                task_release(prg->task);
                 prg->task = NULL;
                 return ENOMEM;
@@ -119 +119 @@
                 free(kernel_uarg);
                 as_area_destroy(as, virt);
-                task_destroy(prg->task);
+                task_release(prg->task);
                 prg->task = NULL;
                 return ELIMIT;