Date: Wed, 23 Jul 2008 08:45:25 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_fork.c Message-ID: <200807230845.m6N8jYg0046017@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2008-07-23 08:45:25 UTC
FreeBSD src repository
Modified files:
sys/kern kern_fork.c
Log:
SVN rev 180738 on 2008-07-23 08:45:25Z by kib
Do the pargs_hold() on the copy of the pointer to the p_args of the
child process immediately after bulk bcopy() without dropping the
process lock.
Since process is not single-threaded when forking, dropping and
reacquiring the lock allows an other thread to change the process title
of the parent in between, and results in hold being done on the invalid
pointer. The problem manifested itself as the double free of the old
p_args.
Reported by: kris
Reviewed by: jhb
MFC after: 1 week
Revision Changes Path
1.295 +1 -1 src/sys/kern/kern_fork.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807230845.m6N8jYg0046017>