In sysctl_kern_proc_auxv the process was released too early: we still

need to hold it when checking process sv_flags. MFC after: 2 weeks
author: trociny <trociny@FreeBSD.org> 2011-11-27 16:56:01 +0000
committer: trociny <trociny@FreeBSD.org> 2011-11-27 16:56:01 +0000
commit: c4d555a3170897e61aee7f924742bf2e4e05bffb (patch)
tree: f676c3c2c4ec62c7a9363049bb9e3bc05021c5c3 /sys/kern/kern_proc.c
parent: 7472e8c38c4980cec8ebd9ef37261864a0622ea9 (diff)
download: FreeBSD-src-c4d555a3170897e61aee7f924742bf2e4e05bffb.zip
FreeBSD-src-c4d555a3170897e61aee7f924742bf2e4e05bffb.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 35f13b9..c54908e 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -1768,7 +1768,7 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS)
 	int *name = (int*) arg1;
 	u_int namelen = arg2;
 	struct proc *p;
-	size_t vsize;
+	size_t vsize, size;
 	char **auxv;
 	int error;
 
@@ -1793,16 +1793,18 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS)
 	_PHOLD(p);
 	PROC_UNLOCK(p);
 	error = get_proc_vector(curthread, p, &auxv, &vsize, PROC_AUX);
-	PRELE(p);
 	if (error == 0) {
 #ifdef COMPAT_FREEBSD32
 		if (SV_PROC_FLAG(p, SV_ILP32) != 0)
-			error = SYSCTL_OUT(req, auxv, vsize *
-			    sizeof(Elf32_Auxinfo));
+			size = vsize * sizeof(Elf32_Auxinfo);
 		else
 #endif
-		error = SYSCTL_OUT(req, auxv, vsize * sizeof(Elf_Auxinfo));
+		size = vsize * sizeof(Elf_Auxinfo);
+		PRELE(p);
+		error = SYSCTL_OUT(req, auxv, size);
 		free(auxv, M_TEMP);
+	} else {
+		PRELE(p);
 	}
 	return (error);
 }
author	trociny <trociny@FreeBSD.org>	2011-11-27 16:56:01 +0000
committer	trociny <trociny@FreeBSD.org>	2011-11-27 16:56:01 +0000
commit	c4d555a3170897e61aee7f924742bf2e4e05bffb (patch)
tree	f676c3c2c4ec62c7a9363049bb9e3bc05021c5c3 /sys/kern/kern_proc.c
parent	7472e8c38c4980cec8ebd9ef37261864a0622ea9 (diff)
download	FreeBSD-src-c4d555a3170897e61aee7f924742bf2e4e05bffb.zip FreeBSD-src-c4d555a3170897e61aee7f924742bf2e4e05bffb.tar.gz