Since revision 1.333 of kern_sig.c no longer uses P_WEXIT, the change

opened a race window which can cause memory leak in signal queue. Here we free memory for signal queue when process state is set to PRS_ZOMBIE.
author: davidxu <davidxu@FreeBSD.org> 2006-10-21 23:59:15 +0000
committer: davidxu <davidxu@FreeBSD.org> 2006-10-21 23:59:15 +0000
commit: df9c81e66591e79ffef395a199aaf592dbcb767f (patch)
tree: 2eee58308d72921e49c711f34b362cacc7faa71a /sys/kern/kern_exit.c
parent: 28e979171a910b478a8b7cce9fd4a27c1f9b8ff4 (diff)
download: FreeBSD-src-df9c81e66591e79ffef395a199aaf592dbcb767f.zip
FreeBSD-src-df9c81e66591e79ffef395a199aaf592dbcb767f.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 5b937b4..c857413 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -257,8 +257,6 @@ retry:
 		KASSERT(!timevalisset(&p->p_realtimer.it_value),
 		    ("realtime timer is still armed"));
 	}
-	sigqueue_flush(&p->p_sigqueue);
-	sigqueue_flush(&td->td_sigqueue);
 	PROC_UNLOCK(p);
 
 	/*
@@ -512,6 +510,14 @@ retry:
 	sx_xunlock(&proctree_lock);
 
 	/*
+	 * The state PRS_ZOMBIE prevents other proesses from sending
+	 * signal to the process, to avoid memory leak, we free memory
+	 * for signal queue at the time when the state is set.
+	 */
+	sigqueue_flush(&p->p_sigqueue);
+	sigqueue_flush(&td->td_sigqueue);
+
+	/*
 	 * We have to wait until after acquiring all locks before
 	 * changing p_state.  We need to avoid all possible context
 	 * switches (including ones from blocking on a mutex) while
author	davidxu <davidxu@FreeBSD.org>	2006-10-21 23:59:15 +0000
committer	davidxu <davidxu@FreeBSD.org>	2006-10-21 23:59:15 +0000
commit	df9c81e66591e79ffef395a199aaf592dbcb767f (patch)
tree	2eee58308d72921e49c711f34b362cacc7faa71a /sys/kern/kern_exit.c
parent	28e979171a910b478a8b7cce9fd4a27c1f9b8ff4 (diff)
download	FreeBSD-src-df9c81e66591e79ffef395a199aaf592dbcb767f.zip FreeBSD-src-df9c81e66591e79ffef395a199aaf592dbcb767f.tar.gz