Protect proc struct (p_args and p_comm) when doing procfs IO that pulls

data from it. Submitted by: Jonathan Mini <mini@haikugeek.com>
2002-03-29 19:12:40 +00:00 · 2002-03-29 19:12:40 +00:00 · 3fad1fa6c0
commit 3fad1fa6c0
parent de718acaf1
2 changed files with 34 additions and 22 deletions
--- a/sys/compat/linprocfs/linprocfs.c
+++ b/sys/compat/linprocfs/linprocfs.c
@ -672,17 +672,23 @@ linprocfs_doproccmdline(PFS_FILL_ARGS)
 	 * Linux behaviour is to return zero-length in this case.
 	 */

-	if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) {
-		sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length);
-	} else if (p != td->td_proc) {
-		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
-	} else {
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
-		if (error)
-			return (error);
-		for (i = 0; i < pstr.ps_nargvstr; i++) {
-			sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
-			sbuf_printf(sb, "%c", '\0');
+	if (ps_argsopen || !p_cansee(td->td_proc, p)) {
+		PROC_LOCK(p);
+		if (p->p_args) {
+			sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length);
+			PROC_UNLOCK(p);
+		} else if (p != td->td_proc) {
+			sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
+			PROC_UNLOCK(p);
+		} else {
+			PROC_UNLOCK(p);
+			error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+			if (error)
+				return (error);
+			for (i = 0; i < pstr.ps_nargvstr; i++) {
+				sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
+				sbuf_printf(sb, "%c", '\0');
+			}
 		}
 	}

--- a/sys/fs/procfs/procfs_status.c
+++ b/sys/fs/procfs/procfs_status.c
@ -181,17 +181,23 @@ procfs_doproccmdline(PFS_FILL_ARGS)
 	 * Linux behaviour is to return zero-length in this case.
 	 */

-	if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) {
-		sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length);
-	} else if (p != td->td_proc) {
-		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
-	} else {
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
-		if (error)
-			return (error);
-		for (i = 0; i < pstr.ps_nargvstr; i++) {
-			sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
-			sbuf_printf(sb, "%c", '\0');
+	if (ps_argsopen || !p_cansee(td->td_proc, p)) {
+		PROC_LOCK(p);
+		if (p->p_args) {
+			sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length);
+			PROC_UNLOCK(p);
+		} else if (p != td->td_proc) {
+			sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
+			PROC_UNLOCK(p);
+		} else {
+			PROC_UNLOCK(p);
+			error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+			if (error)
+				return (error);
+			for (i = 0; i < pstr.ps_nargvstr; i++) {
+				sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
+				sbuf_printf(sb, "%c", '\0');
+			}
 		}
 	}