Close some holes with p->p_args by NULL'ing out the p->p_args pointer

while holding the proc lock, and by holding the pargs structure when accessing it from outside of the owner. Submitted by: Jonathan Mini <mini@haikugeek.com>
author: alfred <alfred@FreeBSD.org> 2002-03-31 10:33:12 +0000
committer: alfred <alfred@FreeBSD.org> 2002-03-31 10:33:12 +0000
commit: abeff55bde40353c261ed8d321536f7f4a03abc7 (patch)
tree: b144f5ea66e4d004f22d97e6595e1131f00e1ffb /sys/kern/kern_exit.c
parent: df30d6374fe92f59350770d63cd31f77979006da (diff)
download: FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.zip
FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 172fd10..7b409b4 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -503,6 +503,7 @@ wait1(td, uap, compat)
 {
 	register int nfound;
 	register struct proc *q, *p, *t;
+	struct pargs *pa;
 	int status, error;
 
 	mtx_lock(&Giant);
@@ -604,6 +605,8 @@ loop:
 			sx_xunlock(&proctree_lock);
 			PROC_LOCK(p);
 			p->p_xstat = 0;
+			pa = p->p_args;
+			p->p_args = NULL;
 			PROC_UNLOCK(p);
 			ruadd(&q->p_stats->p_cru, p->p_ru);
 			FREE(p->p_ru, M_ZOMBIE);
@@ -637,7 +640,7 @@ loop:
 			/*
 			 * Remove unused arguments
 			 */
-			pargs_drop(p->p_args);
+			pargs_drop(pa);
 
 			if (--p->p_procsig->ps_refcnt == 0) {
 				if (p->p_sigacts != &p->p_uarea->u_sigacts)
author	alfred <alfred@FreeBSD.org>	2002-03-31 10:33:12 +0000
committer	alfred <alfred@FreeBSD.org>	2002-03-31 10:33:12 +0000
commit	abeff55bde40353c261ed8d321536f7f4a03abc7 (patch)
tree	b144f5ea66e4d004f22d97e6595e1131f00e1ffb /sys/kern/kern_exit.c
parent	df30d6374fe92f59350770d63cd31f77979006da (diff)
download	FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.zip FreeBSD-src-abeff55bde40353c261ed8d321536f7f4a03abc7.tar.gz