The branch main has been updated by jamie:
URL:
https://cgit.FreeBSD.org/src/commit/?id=195cd6ae2481dd5ad555ed65c226b6f20908d66a
commit 195cd6ae2481dd5ad555ed65c226b6f20908d66a
Author: Jamie Gritton <ja...@freebsd.org>
AuthorDate: 2021-01-22 18:56:24 +0000
Commit: Jamie Gritton <ja...@freebsd.org>
CommitDate: 2021-01-22 18:56:24 +0000
jail: fix dangling reference bug from 6754ae2572eb
The change to use refcounts for pr_uref was mishandled in
prison_proc_free, so killing a jail's last process could add
an extra reference, leaving it an unkillable zombie.
---
sys/kern/kern_jail.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 318f81fb13be..064f1afa4133 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -2705,7 +2705,6 @@ prison_proc_hold(struct prison *pr)
void
prison_proc_free(struct prison *pr)
{
- int lasturef;
/*
* Locking is only required when releasing the last reference.
@@ -2714,11 +2713,7 @@ prison_proc_free(struct prison *pr)
*/
KASSERT(refcount_load(&pr->pr_uref) > 0,
("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id));
- if (refcount_release_if_not_last(&pr->pr_uref))
- return;
- mtx_lock(&pr->pr_mtx);
- lasturef = refcount_release(&pr->pr_uref);
- if (lasturef) {
+ if (!refcount_release_if_not_last(&pr->pr_uref)) {
/*
* Don't remove the last user reference in this context,
* which is expected to be a process that is not only locked,
@@ -2726,11 +2721,8 @@ prison_proc_free(struct prison *pr)
* prison_free() won't re-submit the task.
*/
refcount_acquire(&pr->pr_ref);
- mtx_unlock(&pr->pr_mtx);
taskqueue_enqueue(taskqueue_thread, &pr->pr_task);
- return;
}
- mtx_unlock(&pr->pr_mtx);
}
/*
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
