HomeFreeBSD
Diffusion FreeBSD src repository 1d874ba4f8ba

fsetown: Fix process lookup bugs
1d874ba4f8ba
Actions

Description

fsetown: Fix process lookup bugs

  • pget()/pfind() will acquire the PID hash bucket locks, which are sleepable sx locks, but this means that the sigio mutex cannot be held while calling these functions. Instead, use pget() to hold the process, after which we lock the sigio and proc locks, respectively.
  • funsetownlst() assumes that processes cannot be registered for SIGIO once they have P_WEXIT set. However, pfind() will happily return exiting processes, breaking the invariant. Add an explicit check for P_WEXIT in fsetown() to fix this. [1]

Fixes: f52979098d3c ("Fix a pair of races in SIGIO registration")
Reported by: syzkaller [1]
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31661

Details

Provenance
markjAuthored on Aug 25 2021, 8:18 PM
Reviewer
kib
Differential Revision
D31661: Fix a pair of bugs in fsetown()
Parents
rG6032b6ba9596: amd64 UEFI loader: enable automatic disable of staging area copying
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG1d874ba4f8ba

View Options

sys/kern/kern_descrip.c

Loading...