Date: Mon, 23 Aug 2021 00:43:25 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 75a60b265825 - stable/12 - sigtimedwait: Use a unique wait channel for sleeping Message-ID: <202108230043.17N0hPmN076070@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=75a60b2658254c974767a5407b9efbadd76ef017 commit 75a60b2658254c974767a5407b9efbadd76ef017 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-08-16 17:15:25 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-08-23 00:43:16 +0000 sigtimedwait: Use a unique wait channel for sleeping When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of p->p_sigacts with the proc lock as the interlock. However, p_sigacts can be shared between processes if a child is created with rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads sleeping on the same wait channel using different locks, which is not permitted. Fix the problem simply by using a process-unique wait channel, following the example of sigsuspend. The actual wait channel value is irrelevant here, sleeping threads are awoken using sleepq_abort(). Reported by: syzbot+8c417afabadb50bb8827@syzkaller.appspotmail.com Reported by: syzbot+1d89fc2a9ef92ef64fa8@syzkaller.appspotmail.com Reviewed by: kib Sponsored by: The FreeBSD Foundation (cherry picked from commit c4feb1ab0ae0c0e779af372e4c5f3b9e0d3e1388) --- sys/kern/kern_sig.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 07102f6de5a5..917584a12b4b 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1317,7 +1317,8 @@ kern_sigtimedwait(struct thread *td, sigset_t waitset, ksiginfo_t *ksi, break; } - error = msleep(ps, &p->p_mtx, PPAUSE|PCATCH, "sigwait", timo); + error = msleep(&p->p_sigacts, &p->p_mtx, PPAUSE | PCATCH, + "sigwait", timo); if (timeout != NULL) { if (error == ERESTART) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108230043.17N0hPmN076070>