When a process has been waiting on a condition variable or mutex the

td_wmesg field in the thread structure points to the description string of the condition variable or mutex. If the condvar or the mutex had been initialized from a loadable module that was unloaded in the meantime, td_wmesg may now point to invalid memory. Retrieving the process table now may panic the kernel (or access junk). Setting the td_wmesg field to NULL after unblocking on the condvar/mutex prevents this panic. PR: kern/47408 Approved by: jake (mentor)
author: harti <harti@FreeBSD.org> 2003-02-27 08:43:27 +0000
committer: harti <harti@FreeBSD.org> 2003-02-27 08:43:27 +0000
commit: e30134bc39c76d57fc425b3168651ea303ae5a01 (patch)
tree: 12d9e0ee3309cfd691fd11a6d38283a0e1673603 /sys/kern/kern_condvar.c
parent: 87b92d30e16eef81ad163b42c9374255fd9b9760 (diff)
download: FreeBSD-src-e30134bc39c76d57fc425b3168651ea303ae5a01.zip
FreeBSD-src-e30134bc39c76d57fc425b3168651ea303ae5a01.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/kern/kern_condvar.c b/sys/kern/kern_condvar.c
index e943e3d..87c2840 100644
--- a/sys/kern/kern_condvar.c
+++ b/sys/kern/kern_condvar.c
@@ -535,6 +535,7 @@ cv_waitq_remove(struct thread *td)
 	if ((cvp = td->td_wchan) != NULL && td->td_flags & TDF_CVWAITQ) {
 		TAILQ_REMOVE(&cvp->cv_waitq, td, td_slpq);
 		td->td_flags &= ~TDF_CVWAITQ;
+		td->td_wmesg = NULL;
 		TD_CLR_ON_SLEEPQ(td);
 	}
 }
author	harti <harti@FreeBSD.org>	2003-02-27 08:43:27 +0000
committer	harti <harti@FreeBSD.org>	2003-02-27 08:43:27 +0000
commit	e30134bc39c76d57fc425b3168651ea303ae5a01 (patch)
tree	12d9e0ee3309cfd691fd11a6d38283a0e1673603 /sys/kern/kern_condvar.c
parent	87b92d30e16eef81ad163b42c9374255fd9b9760 (diff)
download	FreeBSD-src-e30134bc39c76d57fc425b3168651ea303ae5a01.zip FreeBSD-src-e30134bc39c76d57fc425b3168651ea303ae5a01.tar.gz