Date: Thu, 24 Dec 2020 11:13:14 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 7688c099fc21 - MFC r368735: Fix a race in tty_signal_sessleader() with unlocked read of s_leader. Message-ID: <202012241113.0BOBDEs5065987@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=7688c099fc21d20fe0cf1bc3097b4a0ce5178753 commit 7688c099fc21d20fe0cf1bc3097b4a0ce5178753 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2020-12-17 19:51:39 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2020-12-24 10:56:35 +0000 MFC r368735: Fix a race in tty_signal_sessleader() with unlocked read of s_leader. (cherry picked from commit 551e205f6dfa469f4f32a166ee3fb691201d27a7) --- sys/kern/tty.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 3cd0262d6042..f82c1feca021 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1462,6 +1462,7 @@ void tty_signal_sessleader(struct tty *tp, int sig) { struct proc *p; + struct session *s; tty_assert_locked(tp); MPASS(sig >= 1 && sig < NSIG); @@ -1469,8 +1470,14 @@ tty_signal_sessleader(struct tty *tp, int sig) /* Make signals start output again. */ tp->t_flags &= ~TF_STOPPED; - if (tp->t_session != NULL && tp->t_session->s_leader != NULL) { - p = tp->t_session->s_leader; + /* + * Load s_leader exactly once to avoid race where s_leader is + * set to NULL by a concurrent invocation of killjobc() by the + * session leader. Note that we are not holding t_session's + * lock for the read. + */ + if ((s = tp->t_session) != NULL && + (p = atomic_load_ptr(&s->s_leader)) != NULL) { PROC_LOCK(p); kern_psignal(p, sig); PROC_UNLOCK(p);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012241113.0BOBDEs5065987>