From a95b726fd8d97c0b59c0b49cc8e93c1a8f605c8f Mon Sep 17 00:00:00 2001 From: Tom Date: Wed, 7 Jul 2021 10:29:19 -0600 Subject: [PATCH] Kernel: Fix race causing modifying a Process to fail with a panic The ProtectedDataMutationScope cannot blindly assume that there is only exactly one thread at a time that may want to unprotect the Process. Most of the time the big lock guaranteed this, but there are some cases such as finalization (among others) where this is not necessarily guaranteed. This fixes random panics due to access violations when the ProtectedDataMutationScope protects the Process instance while another is still modifying it. Fixes #8512 --- Kernel/Process.cpp | 8 ++++++-- Kernel/Process.h | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index 10a2c0ee19..b7c5c7808a 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -205,12 +205,16 @@ RefPtr Process::create_kernel_process(RefPtr& first_thread, Str void Process::protect_data() { - MM.set_page_writable_direct(VirtualAddress { this }, false); + m_protected_data_refs.unref([&]() { + MM.set_page_writable_direct(VirtualAddress { this }, false); + }); } void Process::unprotect_data() { - MM.set_page_writable_direct(VirtualAddress { this }, true); + m_protected_data_refs.ref([&]() { + MM.set_page_writable_direct(VirtualAddress { this }, true); + }); } RefPtr Process::create(RefPtr& first_thread, const String& name, uid_t uid, gid_t gid, ProcessID ppid, bool is_kernel_process, RefPtr cwd, RefPtr executable, TTY* tty, Process* fork_parent) diff --git a/Kernel/Process.h b/Kernel/Process.h index 7caca888bd..4a90db4fc2 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -569,6 +570,7 @@ private: RefPtr m_pg; + AtomicEdgeAction m_protected_data_refs; void protect_data(); void unprotect_data();