Page MenuHomeFreeBSD
Differential D30220

fork: Suspend other threads if both RFPROC and RFMEM are not set
ClosedPublic
Actions

Authored by markj on May 12 2021, 12:25 AM.
Tags
None
Referenced Files
F81908821: D30220.id89127.diff
Tue, Apr 23, 12:16 AM
Unknown Object (File)
Feb 9 2024, 5:37 PM
Unknown Object (File)
Feb 2 2024, 2:51 AM
Unknown Object (File)
Feb 1 2024, 8:30 AM
Unknown Object (File)
Jan 29 2024, 5:30 AM
Unknown Object (File)
Jan 22 2024, 4:59 AM
Unknown Object (File)
Dec 20 2023, 1:29 AM
Unknown Object (File)
Nov 23 2023, 3:13 PM
View All 27 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rGcf60931c32d7: fork: Suspend other threads if both RFPROC and RFMEM are not set
rG9246b3090cbc: fork: Suspend other threads if both RFPROC and RFMEM are not set
Summary

Otherwise, a multithreaded parent process may trigger races in
vm_forkproc() if one thread calls rfork() with RFMEM set and another
calls rfork() without RFMEM.

Also simplify vm_forkproc() a bit, vmspace_unshare() already checks to
see if the address space is shared.

Reported by: syzbot+0aa7c2bec74c4066c36f@syzkaller.appspotmail.com
Reported by: syzbot+ea84cb06937afeae609d@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.May 12 2021, 12:25 AM
Herald added a subscriber: imp. · View Herald TranscriptMay 12 2021, 12:25 AM
markj requested review of this revision.May 12 2021, 12:25 AM
Harbormaster completed remote builds in B39130: Diff 89053.May 12 2021, 12:25 AM
markj added a reviewer: kib.May 12 2021, 12:25 AM
kib added a comment.May 12 2021, 10:52 AM

Could you please show specifics of things going wrong?

My concern is that if other thread might cause troubles for vmspace_unshare(), then other process sharing the address space, can do that as well, and single-threading does not stop other processes.

markj added a comment.May 12 2021, 1:21 PM
In D30220#678711, @kib wrote:

Could you please show specifics of things going wrong?

Here are the reports:

https://syzkaller.appspot.com/bug?id=879bebd49d9fb81ae0ac75307da44a9f3d979f7d
https://syzkaller.appspot.com/bug?id=a39b5a3f1bed634a4c8f2cd76d571917d7e20a96

My concern is that if other thread might cause troubles for vmspace_unshare(), then other process sharing the address space, can do that as well, and single-threading does not stop other processes.

Consider a scenario where two threads concurrently call rfork(RFMEM | RFPROC) and rfork(0). The former will create a new process sharing the vmspace of the parent, and because the refcount test in vm_forkproc() is racy, the latter may fail to call vmspace_unshare() when it should. My reasoning for the diff is that it ensures that the refcount will not transition 1->2 while other threads are suspended.

kib accepted this revision.May 12 2021, 7:00 PM

A comment should be added from your last note.

This revision is now accepted and ready to land.May 12 2021, 7:00 PM
markj updated this revision to Diff 89091.May 12 2021, 8:59 PM

Add comments.

This revision now requires review to proceed.May 12 2021, 8:59 PM
Harbormaster completed remote builds in B39146: Diff 89091.May 12 2021, 8:59 PM
kib accepted this revision.May 12 2021, 10:28 PM
This revision is now accepted and ready to land.May 12 2021, 10:28 PM
Closed by commit rG9246b3090cbc: fork: Suspend other threads if both RFPROC and RFMEM are not set (authored by markj). · Explain WhyMay 13 2021, 12:35 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG9246b3090cbc: fork: Suspend other threads if both RFPROC and RFMEM are not set.
markj added a commit: rGcf60931c32d7: fork: Suspend other threads if both RFPROC and RFMEM are not set.May 20 2021, 2:11 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
13 lines
vm/
8 lines
4 lines

Diff 89127

View Options

sys/kern/kern_fork.c

Loading...
View Options

sys/vm/vm_glue.c

Loading...
View Options

sys/vm/vm_map.c

Loading...