From: Roy Marples Date: Fri, 2 Sep 2022 11:54:25 +0000 (+0100) Subject: privsep: Don't find processes we just asked to stop X-Git-Tag: v10.0.0~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce13b79d78df81de388b2448d4edce4f3e16c66a;p=thirdparty%2Fdhcpcd.git privsep: Don't find processes we just asked to stop We could rebind a lease, get a NAK and enter DISCOVER. We need to restart the BPF in the middle as the BPF filter could change. As such, add a started flag to each privsep process and when searching for a process by id only find started ones. If we ask them to stop then the started flag is removed. Fixes errors about writing to stopping processes an unknown processes exiting. --- diff --git a/src/privsep.c b/src/privsep.c index f08b4028..5a437ae3 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -408,6 +408,7 @@ ps_startprocess(struct ps_process *psp, return -1; } #endif + psp->psp_started = true; return pid; } @@ -481,6 +482,7 @@ ps_startprocess(struct ps_process *psp, if (flags & PSF_DROPPRIVS) ps_dropprivs(ctx); + psp->psp_started = true; return 0; errexit: @@ -509,6 +511,8 @@ ps_stopprocess(struct ps_process *psp) if (psp == NULL) return 0; + psp->psp_started = false; + #ifdef PRIVSEP_DEBUG logdebugx("%s: me=%d pid=%d fd=%d %s", __func__, getpid(), psp->psp_pid, psp->psp_fd, psp->psp_name); @@ -1164,6 +1168,8 @@ ps_findprocess(struct dhcpcd_ctx *ctx, struct ps_id *psid) struct ps_process *psp; TAILQ_FOREACH(psp, &ctx->ps_processes, next) { + if (!(psp->psp_started)) + continue; if (memcmp(&psp->psp_id, psid, sizeof(psp->psp_id)) == 0) return psp; } diff --git a/src/privsep.h b/src/privsep.h index 856848e0..2f0304a7 100644 --- a/src/privsep.h +++ b/src/privsep.h @@ -169,6 +169,7 @@ struct ps_msg { }; struct bpf; + struct ps_process { TAILQ_ENTRY(ps_process) next; struct dhcpcd_ctx *psp_ctx; @@ -181,6 +182,7 @@ struct ps_process { char psp_name[PSP_NAMESIZE]; uint16_t psp_proto; const char *psp_protostr; + bool psp_started; #ifdef INET int (*psp_filter)(const struct bpf *, const struct in_addr *);