From nobody Fri Nov 24 16:28:23 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ScL541Nj1z52KxT;
	Fri, 24 Nov 2023 16:28:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ScL540X8Tz3TN6;
	Fri, 24 Nov 2023 16:28:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1700843304;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nuKkOeT57iHJfdNrfKAExiqTTfG4dmw+6nvdBrXF0W0=;
	b=OmNDRCD5wPaHVHfaH2zxqrKAclV6dJPObrBWC7OI/xBo3yBydUqn3T7RS1ZDwkr6S3Laeu
	05dhs9nIKFfJqLroXaaH9W+JkFx2wTb4ywAf3BmO0t7hkE+wf9nSDyDlM8UADoOaASeQA/
	prqzhgu0RX4s323xXVQBcyHeeE/cztbZc6LhWVEfqAQ7DxCJp0hPrljvVxb6H7lwZ9/hg1
	nASdTxz1J8L591FMNIDEfzqwYN/NzFiyFRrUK2vHqMhnvYc3um9PCGXz4Bd1xk/70V7lrx
	Av8ewfNL/YkOaFh+QkpqQFjpGUhjOUxsuUjTP9YBtHZMuPWknQIh3nB7etauaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1700843304;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nuKkOeT57iHJfdNrfKAExiqTTfG4dmw+6nvdBrXF0W0=;
	b=k+5DriA0vGj580+tI+Q5ozyWG8WxbFgcnizLl12ckSQdKR0zSle69KJ2SeKYZM5egLpEc4
	dOzshecegi134vAymhYs7ij562iHk8MKs5+RITx1g6HViJ2a4IWK/axRoYP4aFT2uQ4gRu
	+jzqfPMeMVkrC5zhzvYPWgTru90v1DOYqsdFJmSUa8g5AlHbYs8+/6cC6LjMKVcHtj63DD
	IOCYF+97Zfo2gpI+Ahrlbajs55M47Icb7iLnPb/epkD65h33DqNGcovG2jTawyPfDIEPfO
	JfB6er0Q+u5k82f+qCZF6in1WTiitMyaSJpGD0lCdaQqFhkRMVxBtXx6HVknDA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700843304; a=rsa-sha256; cv=none;
	b=RDVuH3bWAkloOKD9vDsFkIArM814lBR1YWP26gwxrjG9lWbEq+biposn7fmuLXKYtjMDoy
	W7uaJhd89J23WoeGkqN8/q+90OA/CzRiCSmdVe2pGNTWOTpZ6W9bzy/nykWAJcC7UT0MdC
	H+0nnV+ZJ2f7sU6JIYGxxxnUtdEwMa+zuEpD3qrfO5dEl5lFMksWCcwcjDCi9V75+88XUb
	xlPlNs/tiNCJjt5siShjf6QVpVoTJpXvnRfzmvsCKb/LZh3qfDerNkI4NAONd2VdLWqP9K
	yo6SyOegLWOV5EUa49IFkSYYQl8JbVgHFe5xvt7dEvrpjfUaEzAcz8Aw95K/8w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ScL536hXrzsBY;
	Fri, 24 Nov 2023 16:28:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AOGSN3p051252;
	Fri, 24 Nov 2023 16:28:23 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AOGSN7v051249;
	Fri, 24 Nov 2023 16:28:23 GMT
	(envelope-from git)
Date: Fri, 24 Nov 2023 16:28:23 GMT
Message-Id: <202311241628.3AOGSN7v051249@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 393ac29f0b8b - main - kqueue: on process exit,
  force-clear its registered signal events
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 393ac29f0b8be068c8e46f76c2eeee07d20ea4df
Auto-Submitted: auto-generated

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=393ac29f0b8be068c8e46f76c2eeee07d20ea4df

commit 393ac29f0b8be068c8e46f76c2eeee07d20ea4df
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-11-24 06:41:58 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-11-24 16:26:53 +0000

    kqueue: on process exit, force-clear its registered signal events
    
    Normally, process already has all its kqueue fds destroyed at the moment
    p_klist is detached in exit flow. But, if the process was created with
    rfork(2) with shared file descriptors, its signal knotes can survive.
    Then, knlist_detach() does not destroy non-empty knlist. Later, when
    owning kqueue is closed, we access freed (or rather, reused, because
    struct proc is type-stable) memory by referencing p->p_klist from such
    knote.
    
    Handle this situation by deleting all knotes hanging from p_klist.
    
    PR:     275286
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D42745
---
 sys/kern/kern_exit.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 112f9c7b0f33..d7b45ee96654 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -985,6 +985,7 @@ proc_reap(struct thread *td, struct proc *p, int *status, int options)
 	proc_id_clear(PROC_ID_PID, p->p_pid);
 
 	PROC_LOCK(p);
+	knlist_delete(p->p_klist, td, 1);
 	knlist_detach(p->p_klist);
 	p->p_klist = NULL;
 	PROC_UNLOCK(p);