Cause pfind() not to return processes in the PRS_NEW state. As a result,

threads consuming the result of pfind() will not need to check for a NULL credential pointer or other signs of an incompletely created process. However, this also means that pfind() cannot be used to test for the existence or find such a process. Annotate pfind() to indicate that this is the case. A review of curent consumers seems to indicate that this is not a problem for any of them. This closes a number of race conditions that could result in NULL pointer dereferences and related failure modes. Other related races continue to exist, especially during iteration of the allproc list without due caution. Discussed with: tjr, green
svn path=/head/; revision=133722
2004-08-14 17:15:16 +00:00 · 2004-08-14 17:15:16 +00:00 · 6cbea71c82 · 2020-12-20 02:59:44 +00:00
commit 6cbea71c82
parent f13a7951e1
1 changed files with 8 additions and 1 deletions
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@ -242,7 +242,10 @@ inferior(p)
 }

 /*
- * Locate a process by number
+ * Locate a process by number; return only "live" processes -- i.e., neither
+ * zombies nor newly born but incompletely initialized processes.  By not
+ * returning processes in the PRS_NEW state, we allow callers to avoid
+ * testing for that condition to avoid dereferencing p_ucred, et al.
 */
 struct proc *
 pfind(pid)
@ -253,6 +256,10 @@ pfind(pid)
 	sx_slock(&allproc_lock);
 	LIST_FOREACH(p, PIDHASH(pid), p_hash)
 		if (p->p_pid == pid) {
+			if (p->p_state == PRS_NEW) {
+				p = NULL;
+				break;
+			}
 			PROC_LOCK(p);
 			break;
 		}