Date: Sat, 13 Jun 2026 01:03:50 +0000 From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: a4ceed16a794 - stable/15 - procctl(): do not allow the process to exit inside kern_procctl_single() Message-ID: <6a2cac76.2072a.631e14b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=a4ceed16a79490b44cc1a8a1add5dabc0930279a commit a4ceed16a79490b44cc1a8a1add5dabc0930279a Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2026-06-06 16:52:20 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2026-06-13 00:58:34 +0000 procctl(): do not allow the process to exit inside kern_procctl_single() (cherry picked from commit a845480cc122f45cebc5fbbe43de6b1c096d852b) --- sys/kern/kern_procctl.c | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c index b1539c5cec4f..57ca5665d453 100644 --- a/sys/kern/kern_procctl.c +++ b/sys/kern/kern_procctl.c @@ -765,19 +765,15 @@ aslr_status(struct thread *td, struct proc *p, void *data) d = PROC_ASLR_FORCE_DISABLE; break; } - if ((p->p_flag & P_WEXIT) == 0) { - _PHOLD(p); - PROC_UNLOCK(p); - vm = vmspace_acquire_ref(p); - if (vm != NULL) { - if ((vm->vm_map.flags & MAP_ASLR) != 0) - d |= PROC_ASLR_ACTIVE; - vmspace_free(vm); - } - PROC_LOCK(p); - _PRELE(p); + PROC_UNLOCK(p); + vm = vmspace_acquire_ref(p); + if (vm != NULL) { + if ((vm->vm_map.flags & MAP_ASLR) != 0) + d |= PROC_ASLR_ACTIVE; + vmspace_free(vm); } *(int *)data = d; + PROC_LOCK(p); return (0); } @@ -844,14 +840,11 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data) int state; PROC_LOCK_ASSERT(p, MA_OWNED); - if ((p->p_flag & P_WEXIT) != 0) - return (ESRCH); state = *(int *)data; switch (state) { case PROC_WX_MAPPINGS_PERMIT: p->p_flag2 |= P2_WXORX_DISABLE; - _PHOLD(p); PROC_UNLOCK(p); vm = vmspace_acquire_ref(p); if (vm != NULL) { @@ -862,7 +855,6 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data) vmspace_free(vm); } PROC_LOCK(p); - _PRELE(p); break; case PROC_WX_MAPPINGS_DISALLOW_EXEC: p->p_flag2 |= P2_WXORX_ENABLE_EXEC; @@ -881,15 +873,12 @@ wxmap_status(struct thread *td, struct proc *p, void *data) int d; PROC_LOCK_ASSERT(p, MA_OWNED); - if ((p->p_flag & P_WEXIT) != 0) - return (ESRCH); d = 0; if ((p->p_flag2 & P2_WXORX_DISABLE) != 0) d |= PROC_WX_MAPPINGS_PERMIT; if ((p->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) d |= PROC_WX_MAPPINGS_DISALLOW_EXEC; - _PHOLD(p); PROC_UNLOCK(p); vm = vmspace_acquire_ref(p); if (vm != NULL) { @@ -897,9 +886,8 @@ wxmap_status(struct thread *td, struct proc *p, void *data) d |= PROC_WXORX_ENFORCE; vmspace_free(vm); } - PROC_LOCK(p); - _PRELE(p); *(int *)data = d; + PROC_LOCK(p); return (0); } @@ -1175,9 +1163,15 @@ sys_procctl(struct thread *td, struct procctl_args *uap) static int kern_procctl_single(struct thread *td, struct proc *p, int com, void *data) { + int error; PROC_LOCK_ASSERT(p, MA_OWNED); - return (procctl_cmds_info[com].exec(td, p, data)); + if ((p->p_flag & P_WEXIT) != 0) + return (ESRCH); + _PHOLD(p); + error = procctl_cmds_info[com].exec(td, p, data); + _PRELE(p); + return (error); } inthome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2cac76.2072a.631e14b>