Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Feb 2007 03:38:10 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern kern_fork.c kern_resource.c
Message-ID:  <200702260338.l1Q3cBCP035092@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
delphij     2007-02-26 03:38:10 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_fork.c kern_resource.c 
  Log:
  Close race conditions between fork() and [sg]etpriority()'s
  PRIO_USER case, possibly also other places that deferences
  p_ucred.
  
  In the past, we insert a new process into the allproc list right
  after PID allocation, and release the allproc_lock sx.  Because
  most content in new proc's structure is not yet initialized,
  this could lead to undefined result if we do not handle PRS_NEW
  with care.
  
  The problem with PRS_NEW state is that it does not provide fine
  grained information about how much initialization is done for a
  new process.  By defination, after PRIO_USER setpriority(), all
  processes that belongs to given user should have their nice value
  set to the specified value.  Therefore, if p_{start,end}copy
  section was done for a PRS_NEW process, we can not safely ignore
  it because p_nice is in this area.  On the other hand, we should
  be careful on PRS_NEW processes because we do not allow non-root
  users to lower their nice values, and without a successful copy
  of the copy section, we can get stale values that is inherted
  from the uninitialized area of the process structure.
  
  This commit tries to close the race condition by grabbing proc
  mutex *before* we release allproc_lock xlock, and do copy as
  well as zero immediately after the allproc_lock xunlock.  This
  guarantees that the new process would have its p_copy and p_zero
  sections, as well as user credential informaion initialized.  In
  getpriority() case, instead of grabbing PROC_LOCK for a PRS_NEW
  process, we just skip the process in question, because it does
  not affect the final result of the call, as the p_nice value
  would be copied from its parent, and we will see it during
  allproc traverse.
  
  Other potential solutions are still under evaluation.
  
  Discussed with: davidxu, jhb, rwatson
  PR:             kern/108071
  MFC after:      2 weeks
  
  Revision  Changes    Path
  1.267     +14 -5     src/sys/kern/kern_fork.c
  1.167     +3 -0      src/sys/kern/kern_resource.c



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702260338.l1Q3cBCP035092>