Since revision 1.333 of kern_sig.c no longer uses P_WEXIT, the change

opened a race window which can cause memory leak in signal queue. Here we free memory for signal queue when process state is set to PRS_ZOMBIE.
2006-10-21 23:59:15 +00:00 · 2006-10-21 23:59:15 +00:00 · f71e748d89
commit f71e748d89
parent 478bf77471
1 changed files with 8 additions and 2 deletions
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@ -257,8 +257,6 @@ exit1(struct thread *td, int rv)
 		KASSERT(!timevalisset(&p->p_realtimer.it_value),
 		    ("realtime timer is still armed"));
 	}
-	sigqueue_flush(&p->p_sigqueue);
-	sigqueue_flush(&td->td_sigqueue);
 	PROC_UNLOCK(p);

 	/*
@ -511,6 +509,14 @@ exit1(struct thread *td, int rv)
 	PROC_LOCK(p->p_pptr);
 	sx_xunlock(&proctree_lock);

+	/*
+	 * The state PRS_ZOMBIE prevents other proesses from sending
+	 * signal to the process, to avoid memory leak, we free memory
+	 * for signal queue at the time when the state is set.
+	 */
+	sigqueue_flush(&p->p_sigqueue);
+	sigqueue_flush(&td->td_sigqueue);
+
 	/*
 	 * We have to wait until after acquiring all locks before
 	 * changing p_state.  We need to avoid all possible context