git: 79b384bd8fdf - main - kern_event: block the target process from execing for sysctl kern.proc.kqueue

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sun, 21 Jun 2026 11:48:08 UTC

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=79b384bd8fdff4869ce4799edb0342ff5c25b6fa

commit 79b384bd8fdff4869ce4799edb0342ff5c25b6fa
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-16 03:48:29 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-21 11:46:53 +0000

    kern_event: block the target process from execing for sysctl kern.proc.kqueue
    
    Reviewed by:    markj
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D57497
---
 sys/kern/kern_event.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 8c7a0949f024..01bd22fbefd1 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -49,6 +49,7 @@
 #include <sys/filedesc.h>
 #include <sys/filio.h>
 #include <sys/fcntl.h>
+#include <sys/imgact.h>
 #include <sys/jail.h>
 #include <sys/jaildesc.h>
 #include <sys/kthread.h>
@@ -3381,10 +3382,6 @@ sysctl_kern_proc_kqueue(SYSCTL_HANDLER_ARGS)
 	if ((u_int)arg2 > 2 || (u_int)arg2 == 0)
 		return (EINVAL);
 
-	error = pget((pid_t)name[0], PGET_HOLD | PGET_CANDEBUG, &p);
-	if (error != 0)
-		return (error);
-
 	td = curthread;
 #ifdef COMPAT_FREEBSD32
 	compat32 = SV_CURPROC_FLAG(SV_ILP32);
@@ -3392,6 +3389,17 @@ sysctl_kern_proc_kqueue(SYSCTL_HANDLER_ARGS)
 	compat32 = false;
 #endif
 
+	error = pget((pid_t)name[0], PGET_NOTWEXIT, &p);
+	if (error != 0)
+		return (error);
+
+	_PHOLD(p);
+	execve_block_wait(td, p);
+	error = p_candebug(td, p);
+	if (error != 0)
+		goto out1;
+	PROC_UNLOCK(p);
+
 	s = sbuf_new_for_sysctl(&sm, NULL, 0, req);
 	if (s == NULL) {
 		error = ENOMEM;
@@ -3412,7 +3420,11 @@ sysctl_kern_proc_kqueue(SYSCTL_HANDLER_ARGS)
 	sbuf_delete(s);
 
 out:
-	PRELE(p);
+	PROC_LOCK(p);
+out1:
+	execve_unblock(td, p);
+	_PRELE(p);
+	PROC_UNLOCK(p);
 	return (error);
 }