git: 5fe6e08d2db5 - main - kern_proc.c: ensure stability of the vmspace for sysctl kern.proc.vmmap

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sun, 21 Jun 2026 11:48:02 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=5fe6e08d2db56b530f0df2903ef24cfabab7b8ea

commit 5fe6e08d2db56b530f0df2903ef24cfabab7b8ea
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-14 23:49:20 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-21 11:46:52 +0000

    kern_proc.c: ensure stability of the vmspace for sysctl kern.proc.vmmap
    
    Reviewed by:    markj
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D57497
---
 sys/kern/kern_proc.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 2481823c97af..1fff6e5629ea 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -2423,6 +2423,7 @@ sysctl_kern_proc_ovmmap(SYSCTL_HANDLER_ARGS)
 	int error, *name;
 	struct vnode *vp;
 	struct proc *p;
+	struct thread *td;
 	vm_map_t map;
 	struct vmspace *vm;
 
@@ -2431,11 +2432,12 @@ sysctl_kern_proc_ovmmap(SYSCTL_HANDLER_ARGS)
 		return (EINVAL);
 
 	name = (int *)arg1;
+	td = curthread;
 	error = pget((pid_t)name[0], PGET_WANTREAD, &p);
 	if (error != 0)
 		return (error);
-	vm = vmspace_acquire_ref(p);
-	if (vm == NULL) {
+	error = proc_vmspace_ref(td, p, PRVM_CHECK_DEBUG, &vm);
+	if (error != 0) {
 		PRELE(p);
 		return (ESRCH);
 	}
@@ -2547,7 +2549,7 @@ sysctl_kern_proc_ovmmap(SYSCTL_HANDLER_ARGS)
 		}
 	}
 	vm_map_unlock_read(map);
-	vmspace_free(vm);
+	proc_vmspace_unref(td, p, PRVM_CHECK_DEBUG, vm);
 	PRELE(p);
 	free(kve, M_TEMP);
 	return (error);
@@ -2642,6 +2644,7 @@ kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
 	struct ucred *cred;
 	struct vnode *vp;
 	struct vmspace *vm;
+	struct thread *td;
 	vm_offset_t addr;
 	unsigned int last_timestamp;
 	int error;
@@ -2653,10 +2656,11 @@ kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
 
 	_PHOLD(p);
 	PROC_UNLOCK(p);
-	vm = vmspace_acquire_ref(p);
-	if (vm == NULL) {
+	td = curthread;
+	error = proc_vmspace_ref(td, p, PRVM_CHECK_DEBUG, &vm);
+	if (error != 0) {
 		PRELE(p);
-		return (ESRCH);
+		return (error);
 	}
 	kve = malloc(sizeof(*kve), M_TEMP, M_WAITOK | M_ZERO);
 
@@ -2760,7 +2764,7 @@ kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
 			if (vp != NULL) {
 				vn_fullpath(vp, &fullpath, &freepath);
 				kve->kve_vn_type = vntype_to_kinfo(vp->v_type);
-				cred = curthread->td_ucred;
+				cred = td->td_ucred;
 				vn_lock(vp, LK_SHARED | LK_RETRY);
 				if (VOP_GETATTR(vp, &va, cred) == 0) {
 					kve->kve_vn_fileid = va.va_fileid;
@@ -2816,7 +2820,7 @@ kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
 		}
 	}
 	vm_map_unlock_read(map);
-	vmspace_free(vm);
+	proc_vmspace_unref(td, p, PRVM_CHECK_DEBUG, vm);
 	PRELE(p);
 	free(kve, M_TEMP);
 	return (error);