git: c4feb1ab0ae0 - main - sigtimedwait: Use a unique wait channel for sleeping
Mark Johnston
markj at FreeBSD.org
Mon Aug 16 19:18:05 UTC 2021
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=c4feb1ab0ae0c0e779af372e4c5f3b9e0d3e1388
commit c4feb1ab0ae0c0e779af372e4c5f3b9e0d3e1388
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-08-16 17:15:25 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-08-16 19:11:15 +0000
sigtimedwait: Use a unique wait channel for sleeping
When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of
p->p_sigacts with the proc lock as the interlock. However, p_sigacts
can be shared between processes if a child is created with
rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads
sleeping on the same wait channel using different locks, which is not
permitted.
Fix the problem simply by using a process-unique wait channel, following
the example of sigsuspend. The actual wait channel value is irrelevant
here, sleeping threads are awoken using sleepq_abort().
Reported by: syzbot+8c417afabadb50bb8827 at syzkaller.appspotmail.com
Reported by: syzbot+1d89fc2a9ef92ef64fa8 at syzkaller.appspotmail.com
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31563
---
sys/kern/kern_sig.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 4f6f424fb05d..d61812ad3043 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1341,7 +1341,8 @@ kern_sigtimedwait(struct thread *td, sigset_t waitset, ksiginfo_t *ksi,
break;
}
- error = msleep(ps, &p->p_mtx, PPAUSE|PCATCH, "sigwait", timo);
+ error = msleep(&p->p_sigacts, &p->p_mtx, PPAUSE | PCATCH,
+ "sigwait", timo);
/* The syscalls can not be restarted. */
if (error == ERESTART)
More information about the dev-commits-src-all
mailing list