From c4d555a3170897e61aee7f924742bf2e4e05bffb Mon Sep 17 00:00:00 2001
From: trociny <trociny@FreeBSD.org>
Date: Sun, 27 Nov 2011 16:56:01 +0000
Subject: In sysctl_kern_proc_auxv the process was released too early: we still
 need to hold it when checking process sv_flags.

MFC after:	2 weeks
---
 sys/kern/kern_proc.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'sys/kern/kern_proc.c')

diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 35f13b9..c54908e 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -1768,7 +1768,7 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS)
 	int *name = (int*) arg1;
 	u_int namelen = arg2;
 	struct proc *p;
-	size_t vsize;
+	size_t vsize, size;
 	char **auxv;
 	int error;
 
@@ -1793,16 +1793,18 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS)
 	_PHOLD(p);
 	PROC_UNLOCK(p);
 	error = get_proc_vector(curthread, p, &auxv, &vsize, PROC_AUX);
-	PRELE(p);
 	if (error == 0) {
 #ifdef COMPAT_FREEBSD32
 		if (SV_PROC_FLAG(p, SV_ILP32) != 0)
-			error = SYSCTL_OUT(req, auxv, vsize *
-			    sizeof(Elf32_Auxinfo));
+			size = vsize * sizeof(Elf32_Auxinfo);
 		else
 #endif
-		error = SYSCTL_OUT(req, auxv, vsize * sizeof(Elf_Auxinfo));
+		size = vsize * sizeof(Elf_Auxinfo);
+		PRELE(p);
+		error = SYSCTL_OUT(req, auxv, size);
 		free(auxv, M_TEMP);
+	} else {
+		PRELE(p);
 	}
 	return (error);
 }
-- 
cgit v1.1