Ben Wiederhake b066586355 Kernel: Fix race in waitid ...

This is similar to 28e1da344d
and 4dd4dd2f3c.

The crux is that wait verifies that the outvalue (siginfo* infop)
is writable *before* waiting, and writes to it *after* waiting.
In the meantime, a concurrent thread can make the output region
unwritable, e.g. by deallocating it.

2020-03-08 14:12:12 +01:00

152 KiB

Raw Blame History

View Raw