shithub: riscv

kernel: nil check, exited procs handling in postnote() make sure not to dereference Proc* nil pointer. this can potentially happen from devip which has code like: if(er->read4p) postnote(er->read4p, 1, "unbind", 0); the process it is about to kill can zero er->read4p at any time, so there is the possibility of the condition to be true and then er->read4p becoming nil. check if the process has already exited (p->pid == 0) in postnote() under p->debug qlock.

--- a/sys/src/9/port/pgrp.c

+++ b/sys/src/9/port/pgrp.c

@@ -29,7 +29,7 @@

 			continue;

 		if(up != p && p->noteid == noteid && p->kp == 0) {

 			qlock(&p->debug);

-			if(p->pid != 0 && p->noteid == noteid)

+			if(p->noteid == noteid)

 				postnote(p, 0, buf, flag);

 			qunlock(&p->debug);

--- a/sys/src/9/port/proc.c

+++ b/sys/src/9/port/proc.c

@@ -903,8 +903,17 @@

 	int s, ret;

 	QLock *q;

+	if(p == nil)

+		return 0;

 	if(dolock)

 		qlock(&p->debug);

+	if(p->pid == 0){

+		if(dolock)

+			qunlock(&p->debug);

+		return 0;

+	}

 	if(n != nil && flag != NUser && (p->notify == 0 || p->notified))

 		p->nnote = 0;

--

⑨