The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=a845480cc122f45cebc5fbbe43de6b1c096d852b
commit a845480cc122f45cebc5fbbe43de6b1c096d852b Author: Konstantin Belousov <[email protected]> AuthorDate: 2026-06-06 16:52:20 +0000 Commit: Konstantin Belousov <[email protected]> CommitDate: 2026-06-06 20:00:30 +0000 procctl(): do not allow the process to exit inside kern_procctl_single() Requested and reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D57491 --- sys/kern/kern_procctl.c | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c index b1539c5cec4f..57ca5665d453 100644 --- a/sys/kern/kern_procctl.c +++ b/sys/kern/kern_procctl.c @@ -765,19 +765,15 @@ aslr_status(struct thread *td, struct proc *p, void *data) d = PROC_ASLR_FORCE_DISABLE; break; } - if ((p->p_flag & P_WEXIT) == 0) { - _PHOLD(p); - PROC_UNLOCK(p); - vm = vmspace_acquire_ref(p); - if (vm != NULL) { - if ((vm->vm_map.flags & MAP_ASLR) != 0) - d |= PROC_ASLR_ACTIVE; - vmspace_free(vm); - } - PROC_LOCK(p); - _PRELE(p); + PROC_UNLOCK(p); + vm = vmspace_acquire_ref(p); + if (vm != NULL) { + if ((vm->vm_map.flags & MAP_ASLR) != 0) + d |= PROC_ASLR_ACTIVE; + vmspace_free(vm); } *(int *)data = d; + PROC_LOCK(p); return (0); } @@ -844,14 +840,11 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data) int state; PROC_LOCK_ASSERT(p, MA_OWNED); - if ((p->p_flag & P_WEXIT) != 0) - return (ESRCH); state = *(int *)data; switch (state) { case PROC_WX_MAPPINGS_PERMIT: p->p_flag2 |= P2_WXORX_DISABLE; - _PHOLD(p); PROC_UNLOCK(p); vm = vmspace_acquire_ref(p); if (vm != NULL) { @@ -862,7 +855,6 @@ wxmap_ctl(struct thread *td, struct proc *p, void *data) vmspace_free(vm); } PROC_LOCK(p); - _PRELE(p); break; case PROC_WX_MAPPINGS_DISALLOW_EXEC: p->p_flag2 |= P2_WXORX_ENABLE_EXEC; @@ -881,15 +873,12 @@ wxmap_status(struct thread *td, struct proc *p, void *data) int d; PROC_LOCK_ASSERT(p, MA_OWNED); - if ((p->p_flag & P_WEXIT) != 0) - return (ESRCH); d = 0; if ((p->p_flag2 & P2_WXORX_DISABLE) != 0) d |= PROC_WX_MAPPINGS_PERMIT; if ((p->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) d |= PROC_WX_MAPPINGS_DISALLOW_EXEC; - _PHOLD(p); PROC_UNLOCK(p); vm = vmspace_acquire_ref(p); if (vm != NULL) { @@ -897,9 +886,8 @@ wxmap_status(struct thread *td, struct proc *p, void *data) d |= PROC_WXORX_ENFORCE; vmspace_free(vm); } - PROC_LOCK(p); - _PRELE(p); *(int *)data = d; + PROC_LOCK(p); return (0); } @@ -1175,9 +1163,15 @@ sys_procctl(struct thread *td, struct procctl_args *uap) static int kern_procctl_single(struct thread *td, struct proc *p, int com, void *data) { + int error; PROC_LOCK_ASSERT(p, MA_OWNED); - return (procctl_cmds_info[com].exec(td, p, data)); + if ((p->p_flag & P_WEXIT) != 0) + return (ESRCH); + _PHOLD(p); + error = procctl_cmds_info[com].exec(td, p, data); + _PRELE(p); + return (error); } int
