diff options
| author |   guenther <guenther@openbsd.org> | 2008-10-14 18:27:29 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2008-10-14 18:27:29 +0000 |
| commit | 2e81cdb6cc15fd5647d615ece428d108f532fd67 (patch) | |
| tree | 01cfcfc00531f949e6b201486a246e4bbc88c188 /sys/kern/kern_exit.c | |
| parent | use #define ROQUIET here; no binary change. ok dtucker@ (diff) | |
| download | wireguard-openbsd-2e81cdb6cc15fd5647d615ece428d108f532fd67.tar.xz wireguard-openbsd-2e81cdb6cc15fd5647d615ece428d108f532fd67.zip | |
Back-in; problems were apparently elsewhere.
Put a reference count in struct process to prevent use-after-free
if the main thread reaches the reaper ahead of some other thread
in the process. Use the reference count to update the user process
count correctly when changin real uid.
"please re-commit before something else nasty comes in" deraadt@
Diffstat (limited to 'sys/kern/kern_exit.c')
| -rw-r--r-- | sys/kern/kern_exit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 2c81bc73348..ee45596f495 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exit.c,v 1.75 2008/10/10 14:35:06 deraadt Exp $ */ +/* $OpenBSD: kern_exit.c,v 1.76 2008/10/14 18:27:29 guenther Exp $ */ /* $NetBSD: kern_exit.c,v 1.39 1996/04/22 01:38:25 christos Exp $ */ /* @@ -590,7 +590,7 @@ proc_zap(struct proc *p) * Remove us from our process list, possibly killing the process * in the process (pun intended). */ - if ((p->p_flag & P_THREAD) == 0) { + if (--p->p_p->ps_refcnt == 0) { KASSERT(TAILQ_EMPTY(&p->p_p->ps_threads)); limfree(p->p_p->ps_limit); if (--p->p_p->ps_cred->p_refcnt == 0) { |