diff options
| author | Jilles Tjoelker <jilles@FreeBSD.org> | 2016-06-23 20:59:13 +0000 |
|---|---|---|
| committer | Jilles Tjoelker <jilles@FreeBSD.org> | 2016-06-23 20:59:13 +0000 |
| commit | 6ea906eec04bbc8b8d609f83227c5e6be4f0f48e (patch) | |
| tree | ac6a4f34df1ffbf9230348a27b546a12c26452e0 /sys/kern/uipc_shm.c | |
| parent | a02e196edd4a89d7c2582312d8e77c84f215487b (diff) | |
| download | src-6ea906eec04bbc8b8d609f83227c5e6be4f0f48e.tar.gz src-6ea906eec04bbc8b8d609f83227c5e6be4f0f48e.zip | |
posixshm: Fix lock leak when mac_posixshm_check_read rejects read.
While reading the code, I noticed that shm_read() returns without unlocking
foffset and rangelock if mac_posixshm_check_read() rejects the read.
Reviewed by: kib, jhb, rwatson
Approved by: re (gjb)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6927
Notes
Notes:
svn path=/head/; revision=302151
Diffstat (limited to 'sys/kern/uipc_shm.c')
| -rw-r--r-- | sys/kern/uipc_shm.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/kern/uipc_shm.c b/sys/kern/uipc_shm.c index 4503139bb2c4..1096a168f33a 100644 --- a/sys/kern/uipc_shm.c +++ b/sys/kern/uipc_shm.c @@ -295,14 +295,14 @@ shm_read(struct file *fp, struct uio *uio, struct ucred *active_cred, int error; shmfd = fp->f_data; - foffset_lock_uio(fp, uio, flags); - rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, - uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); #ifdef MAC error = mac_posixshm_check_read(active_cred, fp->f_cred, shmfd); if (error) return (error); #endif + foffset_lock_uio(fp, uio, flags); + rl_cookie = rangelock_rlock(&shmfd->shm_rl, uio->uio_offset, + uio->uio_offset + uio->uio_resid, &shmfd->shm_mtx); error = uiomove_object(shmfd->shm_object, shmfd->shm_size, uio); rangelock_unlock(&shmfd->shm_rl, rl_cookie, &shmfd->shm_mtx); foffset_unlock_uio(fp, uio, flags); |