From owner-svn-src-head@FreeBSD.ORG  Sat Aug 17 17:02:44 2013
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id F1C9FB35;
 Sat, 17 Aug 2013 17:02:43 +0000 (UTC)
 (envelope-from bryanv@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id DD2022109;
 Sat, 17 Aug 2013 17:02:43 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r7HH2hue025713;
 Sat, 17 Aug 2013 17:02:43 GMT (envelope-from bryanv@svn.freebsd.org)
Received: (from bryanv@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r7HH2hn4025712;
 Sat, 17 Aug 2013 17:02:43 GMT (envelope-from bryanv@svn.freebsd.org)
Message-Id: <201308171702.r7HH2hn4025712@svn.freebsd.org>
From: Bryan Venteicher <bryanv@FreeBSD.org>
Date: Sat, 17 Aug 2013 17:02:43 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r254457 - head/sys/kern
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 17:02:44 -0000

Author: bryanv
Date: Sat Aug 17 17:02:43 2013
New Revision: 254457
URL: http://svnweb.freebsd.org/changeset/base/254457

Log:
  Do not use potentially stale thread in kthread_add()
  
  When an existing process is provided, the thread selected to use
  to initialize the new thread could have exited and be reaped.
  Acquire the proc lock earlier to ensure the thread remains valid.
  
  Reviewed by:	jhb, julian (previous version)
  MFC after:	3 days

Modified:
  head/sys/kern/kern_kthread.c

Modified: head/sys/kern/kern_kthread.c
==============================================================================
--- head/sys/kern/kern_kthread.c	Sat Aug 17 16:42:18 2013	(r254456)
+++ head/sys/kern/kern_kthread.c	Sat Aug 17 17:02:43 2013	(r254457)
@@ -257,18 +257,17 @@ kthread_add(void (*func)(void *), void *
 		panic("kthread_add called too soon");
 
 	/* If no process supplied, put it on proc0 */
-	if (p == NULL) {
+	if (p == NULL)
 		p = &proc0;
-		oldtd = &thread0;
-	} else {
-		oldtd = FIRST_THREAD_IN_PROC(p);
-	}
 
 	/* Initialize our new td  */
 	newtd = thread_alloc(pages);
 	if (newtd == NULL)
 		return (ENOMEM);
 
+	PROC_LOCK(p);
+	oldtd = FIRST_THREAD_IN_PROC(p);
+
 	bzero(&newtd->td_startzero,
 	    __rangeof(struct thread, td_startzero, td_endzero));
 	bcopy(&oldtd->td_startcopy, &newtd->td_startcopy,
@@ -292,7 +291,6 @@ kthread_add(void (*func)(void *), void *
 	newtd->td_ucred = crhold(p->p_ucred);
 
 	/* this code almost the same as create_thread() in kern_thr.c */
-	PROC_LOCK(p);
 	p->p_flag |= P_HADTHREADS;
 	thread_link(newtd, p);
 	thread_lock(oldtd);