Page MenuHomeFreeBSD
Differential D31563

sigtimedwait: Use a unique wait channel for sleeping
ClosedPublic
Actions

Authored by markj on Aug 16 2021, 5:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 16, 6:31 AM
Unknown Object (File)
Thu, Oct 16, 6:31 AM
Unknown Object (File)
Thu, Oct 16, 6:31 AM
Unknown Object (File)
Thu, Oct 16, 2:52 AM
Unknown Object (File)
Wed, Oct 15, 7:07 PM
Unknown Object (File)
Tue, Oct 14, 10:15 PM
Unknown Object (File)
Sun, Oct 12, 2:34 AM
Unknown Object (File)
Sun, Sep 21, 8:53 AM
View All 62 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rGc4feb1ab0ae0: sigtimedwait: Use a unique wait channel for sleeping
Summary

When a sigtimedwait(2) caller goes to sleep, it uses a wait channel of
p->p_sigacts with the proc lock as the interlock. However, p_sigacts
can be shared between processes if a child is created with
rfork(RFSIGSHARE | RFPROC). Thus we can end up with two threads
sleeping on the same wait channel using different locks, which is not
permitted.

Fix the problem simply by using a process-unique wait channel, following
the example of sigsuspend. I believe the actual wait channel value is
irrelevant here, sleeping threads are awoken using sleepq_abort().

Reported by: syzbot+8c417afabadb50bb8827@syzkaller.appspotmail.com
Reported by: syzbot+1d89fc2a9ef92ef64fa8@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines

Diff 93778

View Options

sys/kern/kern_sig.c

Loading...