svn commit: r293314 - in stable/10/sys: kern sys
Mateusz Guzik
mjg at FreeBSD.org
Thu Jan 7 12:08:17 UTC 2016
Author: mjg
Date: Thu Jan 7 12:08:15 2016
New Revision: 293314
URL: https://svnweb.freebsd.org/changeset/base/293314
Log:
MFC r292440:
proc: fix a race which could result in dereference of bad p_pgrp pointer on
fork
During fork p_starcopy - p_endcopy area of a process is populated with bcopy
with only proc lock held. Another forking thread can find such a process and
proceed to access p_pgrp included in said area.
Fix the problem by moving the field outside. It is being properly assigned
later.
Modified:
stable/10/sys/kern/kern_proc.c
stable/10/sys/sys/proc.h
Modified: stable/10/sys/kern/kern_proc.c
==============================================================================
--- stable/10/sys/kern/kern_proc.c Thu Jan 7 11:54:20 2016 (r293313)
+++ stable/10/sys/kern/kern_proc.c Thu Jan 7 12:08:15 2016 (r293314)
@@ -234,6 +234,7 @@ proc_init(void *mem, int size, int flags
TAILQ_INIT(&p->p_threads); /* all threads in proc */
EVENTHANDLER_INVOKE(process_init, p);
p->p_stats = pstats_alloc();
+ p->p_pgrp = NULL;
SDT_PROBE3(proc, kernel, init, return, p, size, flags);
return (0);
}
Modified: stable/10/sys/sys/proc.h
==============================================================================
--- stable/10/sys/sys/proc.h Thu Jan 7 11:54:20 2016 (r293313)
+++ stable/10/sys/sys/proc.h Thu Jan 7 12:08:15 2016 (r293314)
@@ -558,7 +558,7 @@ struct proc {
int p_osrel; /* (x) osreldate for the
binary (from ELF note, if any) */
char p_comm[MAXCOMLEN + 1]; /* (b) Process name. */
- struct pgrp *p_pgrp; /* (c + e) Pointer to process group. */
+ void *p_pad0;
struct sysentvec *p_sysent; /* (b) Syscall dispatch info. */
struct pargs *p_args; /* (c) Process arguments. */
rlim_t p_cpulimit; /* (c) Current CPU limit in seconds. */
@@ -604,6 +604,7 @@ struct proc {
pid_t p_reapsubtree; /* (e) Pid of the direct child of the
reaper which spawned
our subtree. */
+ struct pgrp *p_pgrp; /* (c + e) Pointer to process group. */
};
#define p_session p_pgrp->pg_session
More information about the svn-src-stable-10
mailing list