From 42074003ca31dea9589012fe3e235e4ddec5be1f Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Sun, 29 Dec 2013 07:48:19 +0100
Subject: kernel: dont call pprint() while holding up->debug qlock

pprint() might block or even (maliciously) call into
devproc write which will corrupt the qlock chain on attempt
to qlock up->debug again.
---
 sys/src/9/kw/syscall.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'sys/src/9/kw/syscall.c')

diff --git a/sys/src/9/kw/syscall.c b/sys/src/9/kw/syscall.c
index 4853cfd83..7cf9e20c7 100644
--- a/sys/src/9/kw/syscall.c
+++ b/sys/src/9/kw/syscall.c
@@ -80,16 +80,12 @@ noted(Ureg* cur, uintptr arg0)
 		cur->sp = PTR2UINT(nf);
 		break;
 	default:
-		pprint("unknown noted arg %#p\n", arg0);
 		up->lastnote.flag = NDebug;
 		/*FALLTHROUGH*/
 	case NDFLT:
-		if(up->lastnote.flag == NDebug){ 
-			qunlock(&up->debug);
+		qunlock(&up->debug);
+		if(up->lastnote.flag == NDebug)
 			pprint("suicide: %s\n", up->lastnote.msg);
-		}
-		else
-			qunlock(&up->debug);
 		pexit(up->lastnote.msg, up->lastnote.flag != NDebug);
 	}
 }
@@ -127,9 +123,9 @@ notify(Ureg* ureg)
 	}
 
 	if(n->flag != NUser && (up->notified || up->notify == 0)){
+		qunlock(&up->debug);
 		if(n->flag == NDebug)
 			pprint("suicide: %s\n", n->msg);
-		qunlock(&up->debug);
 		pexit(n->msg, n->flag != NDebug);
 	}
 
@@ -144,8 +140,8 @@ notify(Ureg* ureg)
 		pexit(n->msg, n->flag != NDebug);
 	}
 	if(!okaddr(PTR2UINT(up->notify), 1, 0)){
-		pprint("suicide: notify function address %#p\n", up->notify);
 		qunlock(&up->debug);
+		pprint("suicide: notify function address %#p\n", up->notify);
 		pexit("Suicide", 0);
 	}
 
-- 
cgit v1.2.3