48fcd357c4
When a process is exiting, there is a narrow window where p_cred may be NULL while its threads are still executing. Specifically, the last thread to exit a process sets the process state to PRS_ZOMBIE with the proc spinlock held and then calls thread_exit(). thread_exit() drops the spin lock, permitting the process to be reaped and thus causing its cred struct to be released. However, the exiting thread may still cause DTrace probes to fire by calling sched_throw(), resulting in a double fault if such a probe enabling attempts to access the GID or UID DIF variables. The thread's cred reference is not susceptible to this race since it is not released until after the thread has exited. MFC after: 1 week |
||
|---|---|---|
| .. | ||
| boot/zfs | ||
| compat/opensolaris | ||
| contrib/opensolaris | ||
| dev | ||