From bd75e80df29110d13bffb115892d0836486dbb68 Mon Sep 17 00:00:00 2001
From: Tomoki Shirasawa <tomoki.shirasawa.kk@hitachi-solutions.com>
Date: Mon, 17 Jul 2017 19:32:08 +0900
Subject: [PATCH] terminate: fix to reference freed pointer

---
 kernel/syscall.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/syscall.c b/kernel/syscall.c
index 9a0acaa9..0b933460 100644
--- a/kernel/syscall.c
+++ b/kernel/syscall.c
@@ -895,13 +895,14 @@ terminate(int rc, int sig)
 			list_for_each_entry_safe(child, next,
 					&resource_set->process_hash->list[i],
 					hash_list){
+				int free_child = 0;
 				mcs_rwlock_writer_lock_noirq(&child->update_lock,
 						&updatelock);
 				if(child->ppid_parent == proc &&
 						child->status == PS_ZOMBIE){
 					list_del(&child->hash_list);
 					list_del(&child->siblings_list);
-					kfree(child);
+					free_child = 1;
 				}
 				else if(child->ppid_parent == proc){
 					mcs_rwlock_writer_lock_noirq(&proc->children_lock,
@@ -927,6 +928,8 @@ terminate(int rc, int sig)
 				}
 				mcs_rwlock_writer_unlock_noirq(&child->update_lock,
 						&updatelock);
+				if (free_child)
+					kfree(child);
 			}
 			mcs_rwlock_writer_unlock(&resource_set->process_hash->lock[i],
 					&lock);