From abeff55bde40353c261ed8d321536f7f4a03abc7 Mon Sep 17 00:00:00 2001
From: alfred <alfred@FreeBSD.org>
Date: Sun, 31 Mar 2002 10:33:12 +0000
Subject: Close some holes with p->p_args by NULL'ing out the p->p_args pointer
 while holding the proc lock, and by holding the pargs structure when
 accessing it from outside of the owner.

Submitted by: Jonathan Mini <mini@haikugeek.com>
---
 sys/kern/kern_exit.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys/kern/kern_exit.c')

diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 172fd10..7b409b4 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -503,6 +503,7 @@ wait1(td, uap, compat)
 {
 	register int nfound;
 	register struct proc *q, *p, *t;
+	struct pargs *pa;
 	int status, error;
 
 	mtx_lock(&Giant);
@@ -604,6 +605,8 @@ loop:
 			sx_xunlock(&proctree_lock);
 			PROC_LOCK(p);
 			p->p_xstat = 0;
+			pa = p->p_args;
+			p->p_args = NULL;
 			PROC_UNLOCK(p);
 			ruadd(&q->p_stats->p_cru, p->p_ru);
 			FREE(p->p_ru, M_ZOMBIE);
@@ -637,7 +640,7 @@ loop:
 			/*
 			 * Remove unused arguments
 			 */
-			pargs_drop(p->p_args);
+			pargs_drop(pa);
 
 			if (--p->p_procsig->ps_refcnt == 0) {
 				if (p->p_sigacts != &p->p_uarea->u_sigacts)
-- 
cgit v1.1