From 6c2f6ec6293a9f5b5caa441f379262a3c0510ec9 Mon Sep 17 00:00:00 2001 From: Brent Baccala Date: Wed, 9 Nov 2016 20:51:05 -1000 Subject: gsync: Avoid NULL pointer dereference * kern/gsync.c (gsync_wait, gsync_wake, gsync_requeue): Return immediately if task argument is TASK_NULL --- kern/gsync.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/kern/gsync.c b/kern/gsync.c index adb6e6e1..e70e1199 100644 --- a/kern/gsync.c +++ b/kern/gsync.c @@ -185,12 +185,13 @@ gsync_find_key (const struct list *entries, kern_return_t gsync_wait (task_t task, vm_offset_t addr, unsigned int lo, unsigned int hi, natural_t msec, int flags) { - struct gsync_waiter w; - int bucket = gsync_fill_key (task, addr, flags, &w.key); - if (unlikely (task != current_task())) /* Not implemented yet. */ return (KERN_FAILURE); + + struct gsync_waiter w; + int bucket = gsync_fill_key (task, addr, flags, &w.key); + if (unlikely (bucket < 0)) return (KERN_INVALID_ADDRESS); @@ -280,12 +281,13 @@ dequeue_waiter (struct list *nodep) kern_return_t gsync_wake (task_t task, vm_offset_t addr, unsigned int val, int flags) { - struct gsync_key key; - int bucket = gsync_fill_key (task, addr, flags, &key); - if (unlikely (task != current_task())) /* Not implemented yet. */ return (KERN_FAILURE); + + struct gsync_key key; + int bucket = gsync_fill_key (task, addr, flags, &key); + if (unlikely (bucket < 0)) return (KERN_INVALID_ADDRESS); @@ -330,13 +332,14 @@ kern_return_t gsync_wake (task_t task, kern_return_t gsync_requeue (task_t task, vm_offset_t src, vm_offset_t dst, boolean_t wake_one, int flags) { + if (unlikely (task != current_task())) + /* Not implemented yet. */ + return (KERN_FAILURE); + struct gsync_key src_k, dst_k; int src_bkt = gsync_fill_key (task, src, flags, &src_k); int dst_bkt = gsync_fill_key (task, dst, flags, &dst_k); - if (unlikely (task != current_task())) - /* Not implemented yet. */ - return (KERN_FAILURE); if ((src_bkt | dst_bkt) < 0) return (KERN_INVALID_ADDRESS); -- cgit v1.2.3