Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Dec 2025 18:06:10 +0000
From:      Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 00bdb832fd5d - stable/14 - proc: Fix proc_init / proc_dtor ordering issues
Message-ID:  <69459412.225b7.370f91ff@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/14 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=00bdb832fd5def6dee43773d93a4f69c8db44643

commit 00bdb832fd5def6dee43773d93a4f69c8db44643
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-12-14 13:16:22 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-12-19 18:06:00 +0000

    proc: Fix proc_init / proc_dtor ordering issues
    
    * Move the initialization of p_ktr into proc_init() and make the check
      in proc_dtor() unconditional.  Prior to this, it was possible to fail
      and invoke proc_dtor() after the first thread had been created (which
      was the condition for checking p_ktr in proc_dtor()) but before p_ktr
      had been initialized.
    
    * Move the p_klist initialization in fork1() past the last possible
      failure point so we don't have to free it on failure.  We didn't,
      which meant we were leaking a knlist every time we failed to fork
      due to hitting the resource limit.
    
    PR:             291470
    MFC after:      1 week
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D54215
    
    (cherry picked from commit 026d962ef14dafe19fa73361bea6dcc95f141dfa)
---
 sys/kern/kern_fork.c | 4 ++--
 sys/kern/kern_proc.c | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index 8abf6ebc20be..7731ae4d14f3 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -1063,8 +1063,6 @@ fork1(struct thread *td, struct fork_req *fr)
 #ifdef MAC
 	mac_proc_init(newproc);
 #endif
-	newproc->p_klist = knlist_alloc(&newproc->p_mtx);
-	STAILQ_INIT(&newproc->p_ktr);
 
 	/*
 	 * Increment the count of procs running with this uid. Don't allow
@@ -1077,6 +1075,8 @@ fork1(struct thread *td, struct fork_req *fr)
 		chgproccnt(cred->cr_ruidinfo, 1, 0);
 	}
 
+	newproc->p_klist = knlist_alloc(&newproc->p_mtx);
+
 	do_fork(td, fr, newproc, td2, vm2, fp_procdesc);
 	error = 0;
 	goto cleanup;
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index b7fa7bfb60e9..c4d5356bb292 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -241,11 +241,9 @@ proc_dtor(void *mem, int size, void *arg)
 	p = (struct proc *)mem;
 	td = FIRST_THREAD_IN_PROC(p);
 	if (td != NULL) {
-#ifdef INVARIANTS
 		KASSERT((p->p_numthreads == 1),
-		    ("bad number of threads in exiting process"));
-		KASSERT(STAILQ_EMPTY(&p->p_ktr), ("proc_dtor: non-empty p_ktr"));
-#endif
+		    ("too many threads in exiting process"));
+
 		/* Free all OSD associated to this thread. */
 		osd_thread_exit(td);
 		ast_kclear(td);
@@ -253,6 +251,7 @@ proc_dtor(void *mem, int size, void *arg)
 		/* Make sure all thread destructors are executed */
 		EVENTHANDLER_DIRECT_INVOKE(thread_dtor, td);
 	}
+	KASSERT(STAILQ_EMPTY(&p->p_ktr), ("proc_dtor: non-empty p_ktr"));
 	EVENTHANDLER_DIRECT_INVOKE(process_dtor, p);
 #ifdef KDTRACE_HOOKS
 	kdtrace_proc_dtor(p);
@@ -281,6 +280,7 @@ proc_init(void *mem, int size, int flags)
 	p->p_stats = pstats_alloc();
 	p->p_pgrp = NULL;
 	TAILQ_INIT(&p->p_kqtim_stop);
+	STAILQ_INIT(&p->p_ktr);
 	return (0);
 }
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69459412.225b7.370f91ff>