From e30134bc39c76d57fc425b3168651ea303ae5a01 Mon Sep 17 00:00:00 2001 From: harti Date: Thu, 27 Feb 2003 08:43:27 +0000 Subject: When a process has been waiting on a condition variable or mutex the td_wmesg field in the thread structure points to the description string of the condition variable or mutex. If the condvar or the mutex had been initialized from a loadable module that was unloaded in the meantime, td_wmesg may now point to invalid memory. Retrieving the process table now may panic the kernel (or access junk). Setting the td_wmesg field to NULL after unblocking on the condvar/mutex prevents this panic. PR: kern/47408 Approved by: jake (mentor) --- sys/kern/kern_synch.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sys/kern/kern_synch.c') diff --git a/sys/kern/kern_synch.c b/sys/kern/kern_synch.c index 2a89dde..c626f7a 100644 --- a/sys/kern/kern_synch.c +++ b/sys/kern/kern_synch.c @@ -330,6 +330,7 @@ endtsleep(arg) TAILQ_REMOVE(&slpque[LOOKUP(td->td_wchan)], td, td_slpq); TD_CLR_ON_SLEEPQ(td); td->td_flags |= TDF_TIMEOUT; + td->td_wmesg = NULL; } else { td->td_flags |= TDF_TIMOFAIL; } @@ -374,6 +375,7 @@ unsleep(struct thread *td) if (TD_ON_SLEEPQ(td)) { TAILQ_REMOVE(&slpque[LOOKUP(td->td_wchan)], td, td_slpq); TD_CLR_ON_SLEEPQ(td); + td->td_wmesg = NULL; } mtx_unlock_spin(&sched_lock); } -- cgit v1.1