9ns: make kstrdup() actually atomic
authorBarret Rhoden <brho@cs.berkeley.edu>
Thu, 2 May 2019 02:23:15 +0000 (22:23 -0400)
committerBarret Rhoden <brho@cs.berkeley.edu>
Thu, 2 May 2019 02:23:15 +0000 (22:23 -0400)
The specific case that triggered this was multiple mounts on
 #cons/sysname.  Mount does a dev->write, which led to racy calls to
kstrdup on the global sysname.

Reported-by: syzbot+75a997a9a55827b3871d@syzkaller.appspotmail.com
Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
kern/src/ns/chan.c

index 0012d72..af83d1b 100644 (file)
@@ -118,8 +118,8 @@ void kstrdup(char **p, char *s)
                        panic("kstrdup: no memory");
        }
        memmove(t, s, n);
                        panic("kstrdup: no memory");
        }
        memmove(t, s, n);
-       prev = *p;
-       *p = t;
+
+       prev = atomic_swap_ptr((void**)p, t);
        kfree(prev);
 }
 
        kfree(prev);
 }