Page MenuHomeFreeBSD
Differential D31563

sigtimedwait: Use a unique wait channel for sleeping
ClosedPublic
Actions

Authored by markj on Aug 16 2021, 5:19 PM.
Tags
None
Referenced Files
F135595560: D31563.id93765.diff
Tue, Nov 11, 3:52 AM
Unknown Object (File)
Sat, Nov 8, 4:12 AM
Unknown Object (File)
Fri, Nov 7, 4:59 AM
Unknown Object (File)
Thu, Nov 6, 5:08 AM
Unknown Object (File)
Wed, Nov 5, 9:25 PM
Unknown Object (File)
Wed, Nov 5, 4:04 PM
Unknown Object (File)
Mon, Nov 3, 12:31 PM
Unknown Object (File)
Mon, Nov 3, 12:30 PM
View All 74 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rGc4feb1ab0ae0: sigtimedwait: Use a unique wait channel for sleeping
Summary

When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of
p->p_sigacts with the proc lock as the interlock. However, p_sigacts
can be shared between processes if a child is created with
rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads
sleeping on the same wait channel using different locks, which is not
permitted.

Fix the problem simply by using a process-unique wait channel, following
the example of sigsuspend. I believe the actual wait channel value is
irrelevant here, sleeping threads are awoken using sleepq_abort().

Reported by: syzbot+8c417afabadb50bb8827@syzkaller.appspotmail.com
Reported by: syzbot+1d89fc2a9ef92ef64fa8@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines

Diff 93778

View Options

sys/kern/kern_sig.c

Loading...