From owner-svn-src-stable-11@freebsd.org Wed Sep 30 02:28:48 2020 Return-Path: Delivered-To: svn-src-stable-11@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B04D3F89AE; Wed, 30 Sep 2020 02:28:48 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C1Kv40L9Tz4Yvy; Wed, 30 Sep 2020 02:28:48 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E2EEE18556; Wed, 30 Sep 2020 02:28:47 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 08U2SlFN001208; Wed, 30 Sep 2020 02:28:47 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 08U2Sk8w001202; Wed, 30 Sep 2020 02:28:46 GMT (envelope-from kib@FreeBSD.org) Message-Id: <202009300228.08U2Sk8w001202@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Wed, 30 Sep 2020 02:28:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r366281 - in stable/11/sys: compat/cloudabi compat/freebsd32 compat/linux kern sys X-SVN-Group: stable-11 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: in stable/11/sys: compat/cloudabi compat/freebsd32 compat/linux kern sys X-SVN-Commit-Revision: 366281 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 02:28:48 -0000 Author: kib Date: Wed Sep 30 02:28:46 2020 New Revision: 366281 URL: https://svnweb.freebsd.org/changeset/base/366281 Log: MFC r366085, r366113: Do not leak oldvmspace if image activation failed Modified: stable/11/sys/compat/cloudabi/cloudabi_proc.c stable/11/sys/compat/freebsd32/freebsd32_misc.c stable/11/sys/compat/linux/linux_emul.c stable/11/sys/kern/kern_exec.c stable/11/sys/sys/imgact.h stable/11/sys/sys/syscallsubr.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/compat/cloudabi/cloudabi_proc.c ============================================================================== --- stable/11/sys/compat/cloudabi/cloudabi_proc.c Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/compat/cloudabi/cloudabi_proc.c Wed Sep 30 02:28:46 2020 (r366281) @@ -57,7 +57,7 @@ cloudabi_sys_proc_exec(struct thread *td, uap->fds, uap->fds_len); if (error == 0) { args.fd = uap->fd; - error = kern_execve(td, &args, NULL); + error = kern_execve(td, &args, NULL, oldvmspace); } post_execve(td, error, oldvmspace); return (error); Modified: stable/11/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- stable/11/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/compat/freebsd32/freebsd32_misc.c Wed Sep 30 02:28:46 2020 (r366281) @@ -428,7 +428,7 @@ freebsd32_execve(struct thread *td, struct freebsd32_e error = freebsd32_exec_copyin_args(&eargs, uap->fname, UIO_USERSPACE, uap->argv, uap->envv); if (error == 0) - error = kern_execve(td, &eargs, NULL); + error = kern_execve(td, &eargs, NULL, oldvmspace); post_execve(td, error, oldvmspace); return (error); } @@ -447,7 +447,7 @@ freebsd32_fexecve(struct thread *td, struct freebsd32_ uap->argv, uap->envv); if (error == 0) { eargs.fd = uap->fd; - error = kern_execve(td, &eargs, NULL); + error = kern_execve(td, &eargs, NULL, oldvmspace); } post_execve(td, error, oldvmspace); return (error); Modified: stable/11/sys/compat/linux/linux_emul.c ============================================================================== --- stable/11/sys/compat/linux/linux_emul.c Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/compat/linux/linux_emul.c Wed Sep 30 02:28:46 2020 (r366281) @@ -226,7 +226,7 @@ linux_common_execve(struct thread *td, struct image_ar if (error != 0) return (error); - error = kern_execve(td, eargs, NULL); + error = kern_execve(td, eargs, NULL, oldvmspace); post_execve(td, error, oldvmspace); if (error != 0) return (error); Modified: stable/11/sys/kern/kern_exec.c ============================================================================== --- stable/11/sys/kern/kern_exec.c Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/kern/kern_exec.c Wed Sep 30 02:28:46 2020 (r366281) @@ -117,7 +117,7 @@ static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS) static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS); static int sysctl_kern_stackprot(SYSCTL_HANDLER_ARGS); static int do_execve(struct thread *td, struct image_args *args, - struct mac *mac_p); + struct mac *mac_p, struct vmspace *oldvmspace); /* XXX This should be vm_size_t. */ SYSCTL_PROC(_kern, KERN_PS_STRINGS, ps_strings, CTLTYPE_ULONG|CTLFLAG_RD| @@ -220,7 +220,7 @@ sys_execve(struct thread *td, struct execve_args *uap) error = exec_copyin_args(&args, uap->fname, UIO_USERSPACE, uap->argv, uap->envv); if (error == 0) - error = kern_execve(td, &args, NULL); + error = kern_execve(td, &args, NULL, oldvmspace); post_execve(td, error, oldvmspace); return (error); } @@ -246,7 +246,7 @@ sys_fexecve(struct thread *td, struct fexecve_args *ua uap->argv, uap->envv); if (error == 0) { args.fd = uap->fd; - error = kern_execve(td, &args, NULL); + error = kern_execve(td, &args, NULL, oldvmspace); } post_execve(td, error, oldvmspace); return (error); @@ -275,7 +275,7 @@ sys___mac_execve(struct thread *td, struct __mac_execv error = exec_copyin_args(&args, uap->fname, UIO_USERSPACE, uap->argv, uap->envv); if (error == 0) - error = kern_execve(td, &args, uap->mac_p); + error = kern_execve(td, &args, uap->mac_p, oldvmspace); post_execve(td, error, oldvmspace); return (error); #else @@ -323,30 +323,26 @@ post_execve(struct thread *td, int error, struct vmspa thread_single_end(p, SINGLE_BOUNDARY); PROC_UNLOCK(p); } - if ((td->td_pflags & TDP_EXECVMSPC) != 0) { - KASSERT(p->p_vmspace != oldvmspace, - ("oldvmspace still used")); - vmspace_free(oldvmspace); - td->td_pflags &= ~TDP_EXECVMSPC; - } + exec_cleanup(td, oldvmspace); } /* - * XXX: kern_execve has the astonishing property of not always returning to + * kern_execve() has the astonishing property of not always returning to * the caller. If sufficiently bad things happen during the call to * do_execve(), it can end up calling exit1(); as a result, callers must * avoid doing anything which they might need to undo (e.g., allocating * memory). */ int -kern_execve(struct thread *td, struct image_args *args, struct mac *mac_p) +kern_execve(struct thread *td, struct image_args *args, struct mac *mac_p, + struct vmspace *oldvmspace) { AUDIT_ARG_ARGV(args->begin_argv, args->argc, args->begin_envv - args->begin_argv); AUDIT_ARG_ENVV(args->begin_envv, args->envc, args->endp - args->begin_envv); - return (do_execve(td, args, mac_p)); + return (do_execve(td, args, mac_p, oldvmspace)); } /* @@ -354,7 +350,8 @@ kern_execve(struct thread *td, struct image_args *args * userspace pointers from the passed thread. */ static int -do_execve(struct thread *td, struct image_args *args, struct mac *mac_p) +do_execve(struct thread *td, struct image_args *args, struct mac *mac_p, + struct vmspace *oldvmspace) { struct proc *p = td->td_proc; struct nameidata nd; @@ -966,6 +963,7 @@ exec_fail: if (error && imgp->vmspace_destroyed) { /* sorry, no more process anymore. exit gracefully */ + exec_cleanup(td, oldvmspace); exit1(td, 0, SIGABRT); /* NOT REACHED */ } @@ -976,6 +974,17 @@ exec_fail: #endif return (error); +} + +void +exec_cleanup(struct thread *td, struct vmspace *oldvmspace) +{ + if ((td->td_pflags & TDP_EXECVMSPC) != 0) { + KASSERT(td->td_proc->p_vmspace != oldvmspace, + ("oldvmspace still used")); + vmspace_free(oldvmspace); + td->td_pflags &= ~TDP_EXECVMSPC; + } } int Modified: stable/11/sys/sys/imgact.h ============================================================================== --- stable/11/sys/sys/imgact.h Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/sys/imgact.h Wed Sep 30 02:28:46 2020 (r366281) @@ -97,6 +97,7 @@ struct vmspace; int exec_alloc_args(struct image_args *); int exec_check_permissions(struct image_params *); +void exec_cleanup(struct thread *td, struct vmspace *); register_t *exec_copyout_strings(struct image_params *); void exec_free_args(struct image_args *); int exec_new_vmspace(struct image_params *, struct sysentvec *); Modified: stable/11/sys/sys/syscallsubr.h ============================================================================== --- stable/11/sys/sys/syscallsubr.h Wed Sep 30 02:25:05 2020 (r366280) +++ stable/11/sys/sys/syscallsubr.h Wed Sep 30 02:28:46 2020 (r366281) @@ -59,6 +59,7 @@ struct stat; struct thr_param; struct sched_param; struct __wrusage; +struct vmspace; typedef int (*mmap_check_fp_fn)(struct file *, int, int, int); @@ -103,7 +104,7 @@ int kern_cpuset_setid(struct thread *td, cpuwhich_t wh id_t id, cpusetid_t setid); int kern_dup(struct thread *td, u_int mode, int flags, int old, int new); int kern_execve(struct thread *td, struct image_args *args, - struct mac *mac_p); + struct mac *mac_p, struct vmspace *oldvmspace); int kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg, mode_t mode, int flag); int kern_fchownat(struct thread *td, int fd, char *path,