From df9c81e66591e79ffef395a199aaf592dbcb767f Mon Sep 17 00:00:00 2001
From: davidxu <davidxu@FreeBSD.org>
Date: Sat, 21 Oct 2006 23:59:15 +0000
Subject: Since revision 1.333 of kern_sig.c no longer uses P_WEXIT, the change
 opened a race window which can cause memory leak in signal queue. Here we
 free memory for signal queue when process state is set to PRS_ZOMBIE.

---
 sys/kern/kern_exit.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'sys/kern/kern_exit.c')

diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 5b937b4..c857413 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -257,8 +257,6 @@ retry:
 		KASSERT(!timevalisset(&p->p_realtimer.it_value),
 		    ("realtime timer is still armed"));
 	}
-	sigqueue_flush(&p->p_sigqueue);
-	sigqueue_flush(&td->td_sigqueue);
 	PROC_UNLOCK(p);
 
 	/*
@@ -512,6 +510,14 @@ retry:
 	sx_xunlock(&proctree_lock);
 
 	/*
+	 * The state PRS_ZOMBIE prevents other proesses from sending
+	 * signal to the process, to avoid memory leak, we free memory
+	 * for signal queue at the time when the state is set.
+	 */
+	sigqueue_flush(&p->p_sigqueue);
+	sigqueue_flush(&td->td_sigqueue);
+
+	/*
 	 * We have to wait until after acquiring all locks before
 	 * changing p_state.  We need to avoid all possible context
 	 * switches (including ones from blocking on a mutex) while
-- 
cgit v1.1