Page MenuHomeFreeBSD
Differential D49529

proc: Disallow re-enabling of process itimers during exit
ClosedPublic
Actions

Authored by markj on Mar 27 2025, 10:32 AM.
Tags
None
Referenced Files
F147496549: D49529.id.diff
Wed, Mar 11, 10:44 AM
F147470777: D49529.id.diff
Wed, Mar 11, 6:40 AM
F147434999: D49529.id.diff
Tue, Mar 10, 11:42 PM
Unknown Object (File)
Feb 8 2026, 11:28 AM
Unknown Object (File)
Feb 7 2026, 11:37 PM
Unknown Object (File)
Feb 7 2026, 8:12 PM
Unknown Object (File)
Jan 31 2026, 11:14 AM
Unknown Object (File)
Jan 29 2026, 5:03 AM
View All 72 Files
Subscribers
imp
olce

Details

Reviewers
kib
Commits
rG693664482649: proc: Disallow re-enabling of process itimers during exit
rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit
Summary

During process exit, it's possible for the exiting thread to send a
signal to its process, via killjobc(). This happens after the itimer is
drained. If itimers are stopped, i.e., P2_ITSTOPPED is set, then
itimer_proc_continue() will resume the callout after it has been
drained.

Fix the problem by simply clearing P2_ITSTOPPED as part of the drain.
Then, a signal received after that point will not re-enable the callout.

Reported by: syzkaller

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 63170
Build 60054: arc lint + arc unit

Event Timeline

markj created this revision.Mar 27 2025, 10:32 AM
Herald added subscribers: olce, imp. · View Herald TranscriptMar 27 2025, 10:32 AM
markj requested review of this revision.Mar 27 2025, 10:32 AM
Harbormaster completed remote builds in B63148: Diff 152733.Mar 27 2025, 10:32 AM
kib accepted this revision.Mar 27 2025, 4:59 PM

I think this is fine.
But also I suggest to add the check for P_WEXIT/P_KILLED before re-arming the itimer callouts.

This revision is now accepted and ready to land.Mar 27 2025, 4:59 PM
markj updated this revision to Diff 152782.Mar 28 2025, 8:54 AM

Check for P_WEXIT in realitexpire_reset_callout() too.

This revision now requires review to proceed.Mar 28 2025, 8:54 AM
Harbormaster completed remote builds in B63170: Diff 152782.Mar 28 2025, 8:54 AM
kib accepted this revision.Mar 28 2025, 3:22 PM
This revision is now accepted and ready to land.Mar 28 2025, 3:22 PM
Closed by commit rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit (authored by markj). · Explain WhyMar 31 2025, 9:07 AM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit.
markj added a commit: rG693664482649: proc: Disallow re-enabling of process itimers during exit.Apr 15 2025, 2:25 AM

Revision Contents
Changeset List

PathSize
sys/
kern/
1 line
2 lines

Diff 152782

View Options

sys/kern/kern_exit.c

Loading...
View Options

sys/kern/kern_time.c

Loading...