From 6cbea71c828c3ff2fb612997fd1ec0cf66f17393 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sat, 14 Aug 2004 17:15:16 +0000 Subject: [PATCH] Cause pfind() not to return processes in the PRS_NEW state. As a result, threads consuming the result of pfind() will not need to check for a NULL credential pointer or other signs of an incompletely created process. However, this also means that pfind() cannot be used to test for the existence or find such a process. Annotate pfind() to indicate that this is the case. A review of curent consumers seems to indicate that this is not a problem for any of them. This closes a number of race conditions that could result in NULL pointer dereferences and related failure modes. Other related races continue to exist, especially during iteration of the allproc list without due caution. Discussed with: tjr, green --- sys/kern/kern_proc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 7177d050b253..b1445438877a 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -242,7 +242,10 @@ inferior(p) } /* - * Locate a process by number + * Locate a process by number; return only "live" processes -- i.e., neither + * zombies nor newly born but incompletely initialized processes. By not + * returning processes in the PRS_NEW state, we allow callers to avoid + * testing for that condition to avoid dereferencing p_ucred, et al. */ struct proc * pfind(pid) @@ -253,6 +256,10 @@ pfind(pid) sx_slock(&allproc_lock); LIST_FOREACH(p, PIDHASH(pid), p_hash) if (p->p_pid == pid) { + if (p->p_state == PRS_NEW) { + p = NULL; + break; + } PROC_LOCK(p); break; }