MFC r292440:

proc: fix a race which could result in dereference of bad p_pgrp pointer on fork During fork p_starcopy - p_endcopy area of a process is populated with bcopy with only proc lock held. Another forking thread can find such a process and proceed to access p_pgrp included in said area. Fix the problem by moving the field outside. It is being properly assigned later.
author: mjg <mjg@FreeBSD.org> 2016-01-07 12:08:15 +0000
committer: mjg <mjg@FreeBSD.org> 2016-01-07 12:08:15 +0000
commit: 04e384140c6e1dd10e5ea85cd99766317ae122f3 (patch)
tree: 1f78838f5f13799f28a5a7f35d1e497d4fd8b9d0 /sys/kern/kern_proc.c
parent: 513e9b690f5bb0abdec4b77b4ab0de8385608740 (diff)
download: FreeBSD-src-04e384140c6e1dd10e5ea85cd99766317ae122f3.zip
FreeBSD-src-04e384140c6e1dd10e5ea85cd99766317ae122f3.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index e051e3e..ac0152a 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -234,6 +234,7 @@ proc_init(void *mem, int size, int flags)
 	TAILQ_INIT(&p->p_threads);	     /* all threads in proc */
 	EVENTHANDLER_INVOKE(process_init, p);
 	p->p_stats = pstats_alloc();
+	p->p_pgrp = NULL;
 	SDT_PROBE3(proc, kernel, init, return, p, size, flags);
 	return (0);
 }
author	mjg <mjg@FreeBSD.org>	2016-01-07 12:08:15 +0000
committer	mjg <mjg@FreeBSD.org>	2016-01-07 12:08:15 +0000
commit	04e384140c6e1dd10e5ea85cd99766317ae122f3 (patch)
tree	1f78838f5f13799f28a5a7f35d1e497d4fd8b9d0 /sys/kern/kern_proc.c
parent	513e9b690f5bb0abdec4b77b4ab0de8385608740 (diff)
download	FreeBSD-src-04e384140c6e1dd10e5ea85cd99766317ae122f3.zip FreeBSD-src-04e384140c6e1dd10e5ea85cd99766317ae122f3.tar.gz