caprevoke: Fix a buggy vm_cheri_assert_consistent_clg() call

vm_cheri_assert_consistent_clg() must be called with the VM map lock held. Also make sure to only call it after the epoch is closed, i.e., we have set the revocation state to CHERI_REVOKE_ST_NONE.
CTSRD-CHERI · Sep 13, 2024 · 6afefbc · 6afefbc
1 parent 903f7a6
commit 6afefbc
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/sys/kern/kern_cheri_revoke.c b/sys/kern/kern_cheri_revoke.c
@@ -724,7 +724,6 @@ kern_cheri_revoke(struct thread *td, int flags,
 
 	/* OK, that's that.  Where do we stand now? */
 	if (res == KERN_SUCCESS && myst == CHERI_REVOKE_ST_CLOSING) {
-		vm_cheri_assert_consistent_clg(&vm->vm_map);
 		/* Signal the end of this revocation epoch */
 		epoch++;
 		crepochs.dequeue = epoch;
@@ -736,6 +735,8 @@ kern_cheri_revoke(struct thread *td, int flags,
 
 	vm_map_lock(vmm);
 	cheri_revoke_st_set(&vmm->vm_cheri_revoke_st, epoch, myst);
+	if (res == KERN_SUCCESS)
+		vm_cheri_assert_consistent_clg(&vm->vm_map);
 #ifdef CHERI_CAPREVOKE_STATS
 	if (flags & CHERI_REVOKE_TAKE_STATS) {
 		sx_xlock(&vmm->vm_cheri_revoke_stats_sx);