Differential D49529

proc: Disallow re-enabling of process itimers during exit
ClosedPublic
Actions

Authored by markj on Mar 27 2025, 10:32 AM.

Tags

None

Referenced Files

	F152071607: D49529.id152733.diff
	Sun, Apr 12, 12:55 PM

	F151985563: D49529.diff
	Sat, Apr 11, 10:49 PM

	F151958332: D49529.id152733.diff
	Sat, Apr 11, 6:51 PM

	Unknown Object (File)
	Sat, Apr 11, 2:37 AM

	Unknown Object (File)
	Fri, Apr 10, 8:56 PM

	Unknown Object (File)
	Fri, Apr 10, 2:56 PM

	Unknown Object (File)
	Tue, Apr 7, 7:42 AM

	Unknown Object (File)
	Wed, Apr 1, 9:58 PM

View All 88 Files

Subscribers

Details

Reviewers

Commits

rG693664482649: proc: Disallow re-enabling of process itimers during exit
rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit

Summary

During process exit, it's possible for the exiting thread to send a
signal to its process, via killjobc(). This happens after the itimer is
drained. If itimers are stopped, i.e., P2_ITSTOPPED is set, then
itimer_proc_continue() will resume the callout after it has been
drained.

Fix the problem by simply clearing P2_ITSTOPPED as part of the drain.
Then, a signal received after that point will not re-enable the callout.

Reported by: syzkaller

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 63170
Build 60054: arc lint + arc unit

Event Timeline

markj created this revision.Mar 27 2025, 10:32 AM

Herald added subscribers: olce, imp. · View Herald TranscriptMar 27 2025, 10:32 AM

markj requested review of this revision.Mar 27 2025, 10:32 AM

Harbormaster completed remote builds in B63148: Diff 152733.Mar 27 2025, 10:32 AM

I think this is fine.
But also I suggest to add the check for P_WEXIT/P_KILLED before re-arming the itimer callouts.

This revision is now accepted and ready to land.Mar 27 2025, 4:59 PM

Check for P_WEXIT in realitexpire_reset_callout() too.

This revision now requires review to proceed.Mar 28 2025, 8:54 AM

Harbormaster completed remote builds in B63170: Diff 152782.Mar 28 2025, 8:54 AM

kib accepted this revision.Mar 28 2025, 3:22 PM

This revision is now accepted and ready to land.Mar 28 2025, 3:22 PM

Closed by commit rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit (authored by markj). · Explain WhyMar 31 2025, 9:07 AM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGa6268f89d58c: proc: Disallow re-enabling of process itimers during exit.

markj added a commit: rG693664482649: proc: Disallow re-enabling of process itimers during exit.Apr 15 2025, 2:25 AM

Revision Contents
Changeset List

Path

Size

sys/

kern/

1 line

2 lines

Diff 152782

sys/kern/kern_exit.c

Loading...

sys/kern/kern_time.c

Loading...