HomeFreeBSD
Diffusion FreeBSD src repository 2cca77ee0134

kqueue timer: Remove detached knotes from the process stop queue
2cca77ee0134
Actions

Description

kqueue timer: Remove detached knotes from the process stop queue

There are some scenarios where a timer event may be detached when it is
on the process' kqueue timer stop queue. If kqtimer_proc_continue() is
called after that point, it will iterate over the queue and access freed
timer structures.

It is also possible, at least in a multithreaded program, for a stopped
timer event to be scheduled without removing it from the process' stop
queue. Ensure that we do not doubly enqueue the event structure in this
case.

Reported by: syzbot+cea0931bb4e34cd728bd@syzkaller.appspotmail.com
Reported by: syzbot+9e1a2f3734652015998c@syzkaller.appspotmail.com
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30251

Details

Provenance
markjAuthored on May 14 2021, 2:07 PM
Reviewer
kib
Differential Revision
D30251: kqueue timer: Remove detached knotes from the process stop queue
Parents
rG34766aa8cb51: Fix scripted installs on EFI systems using ZFS root with zfsboot.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG2cca77ee0134

View Options

sys/kern/kern_event.c

Loading...