HomeFreeBSD
Diffusion FreeBSD src repository 1b4701fe1e84

thread_unsuspend(): do not unuspend the suspended leader thread doing…
1b4701fe1e84
Actions

Description

thread_unsuspend(): do not unuspend the suspended leader thread doing SINGLE_ALLPROC

markj wrote:
tdsendsignal() may unsuspend a target thread. I think there is at least
one bug there: suppose thread T is suspended in
thread_single(SINGLE_ALLPROC) when trying to kill another process with
REAP_KILL. Suppose a different thread sends SIGKILL to T->td_proc. Then,
tdsendsignal() calls thread_unsuspend(T, T->td_proc). thread_unsuspend()
incorrectly decrements T->td_proc->p_suspcount to -1.

Later, when T->td_proc exits, it will wait forever in
thread_single(SINGLE_EXIT) since T->td_proc->p_suspcount never reaches 1.

Since the thread suspension is bounded by time needed to do
thread_single(), skipping the thread_unsuspend_one() call there should
not affect signal delivery if this thread is selected as target.

Reported by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D35310

Details

Provenance
kibAuthored on Jun 8 2022, 1:27 AM
Differential Revision
D35310: Set of fixes for REAP_KILL_SUBTREE
Parents
rGb9009b1789b4: thread_single(): remove already checked conditional expression
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
kern/
sys/

rG1b4701fe1e84

View Options

sys/kern/kern_thread.c

Loading...
View Options

sys/sys/proc.h

Loading...