git: 75a60b265825 - stable/12 - sigtimedwait: Use a unique wait channel for sleeping
Mark Johnston
markj at FreeBSD.org
Mon Aug 23 00:43:25 UTC 2021
The branch stable/12 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=75a60b2658254c974767a5407b9efbadd76ef017
commit 75a60b2658254c974767a5407b9efbadd76ef017
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-08-16 17:15:25 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-08-23 00:43:16 +0000
sigtimedwait: Use a unique wait channel for sleeping
When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of
p->p_sigacts with the proc lock as the interlock. However, p_sigacts
can be shared between processes if a child is created with
rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads
sleeping on the same wait channel using different locks, which is not
permitted.
Fix the problem simply by using a process-unique wait channel, following
the example of sigsuspend. The actual wait channel value is irrelevant
here, sleeping threads are awoken using sleepq_abort().
Reported by: syzbot+8c417afabadb50bb8827 at syzkaller.appspotmail.com
Reported by: syzbot+1d89fc2a9ef92ef64fa8 at syzkaller.appspotmail.com
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
(cherry picked from commit c4feb1ab0ae0c0e779af372e4c5f3b9e0d3e1388)
---
sys/kern/kern_sig.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 07102f6de5a5..917584a12b4b 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1317,7 +1317,8 @@ kern_sigtimedwait(struct thread *td, sigset_t waitset, ksiginfo_t *ksi,
break;
}
- error = msleep(ps, &p->p_mtx, PPAUSE|PCATCH, "sigwait", timo);
+ error = msleep(&p->p_sigacts, &p->p_mtx, PPAUSE | PCATCH,
+ "sigwait", timo);
if (timeout != NULL) {
if (error == ERESTART) {
More information about the dev-commits-src-branches
mailing list