Edit

IABSD.fr/src/sys/dev/vmm

Branch :

  • Show log

    Commit

  • Author : deraadt
    Date : 2025-02-10 16:45:46
    Hash : e68d79e3
    Message : A syzkaller report was diagnosed by semarie, and found a namei-related sleeping system call which was re-inspecting p->p_p->ps_pledge in one thread, after another thread had reduced the promises by calling pledge(), with promises which would have prevented that syscall from being called in the first place. This inconsistant promise view is dangerous. So let's change pledge semantics a tiny bit: We copy the per-process p_p->ps_pledge value to per-thread p_pledge at invocation of each system call, so that the configuration is stable. This method avoids increasing the cost of pledge checks. ok claudio kettenis semarie