diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2023-06-12 07:33:43 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2023-07-04 03:21:53 +0000 |
| commit | 3360b48525fc966894e77b8cd9c124669664472d (patch) | |
| tree | f5ed17de8c7f8f94dcd75ab7bdc025028d40afbc /sys/kern/subr_pcpu.c | |
| parent | 4b59d1724b765063891cb44c28079b4c503a02fd (diff) | |
| download | src-3360b48525fc966894e77b8cd9c124669664472d.tar.gz src-3360b48525fc966894e77b8cd9c124669664472d.zip | |
killpg(2): close a race with fork(2), part1
If the process group member performs fork(), the child could escape
signalling from killpg(). Prevent it by introducing an sx process group
lock pg_killsx which is taken interruptibly shared around fork. If there
is a pending signal, do the trip through userspace with ERESTART to
handle signal ASTs. The lock is taken exclusively during killpg().
The lock is also locked exclusive when the process changes group
membership, to avoid escaping a signal by this means, by ensuring that
the process group is stable during fork.
Note that the new lock is before proctree lock, so in some situations we
could only do trylocking to obtain it.
This relatively simple approach cannot work for REAP_KILL, because
process potentially belongs to more than one reaper tree by having
sub-reapers.
Reported by: dchagin
Tested by: dchagin, pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D40493
Diffstat (limited to 'sys/kern/subr_pcpu.c')
0 files changed, 0 insertions, 0 deletions