From nobody Tue Jun 9 21:17:25 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZhZF2r09z6gfvw for ; Tue, 09 Jun 2026 21:17:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZhZF0yzsz47Pt for ; Tue, 09 Jun 2026 21:17:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781039845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0wPodCJDttobio25UmwOZPfXmt1obdXf0Jh46kgLRX0=; b=ZxZq+1Z2Fyc3HZw8h08mq65uFLYr+xoF25BoVS9mUelf4lXrtnOTRwxaK0LyF2U0cA8fW5 fMR/MEGE2Ld3gmxg/pCIzGe73k4K9ESb8PeORgFJaflcBrJmemir6rIeeA8Lw8sra18jO1 dEGi5WTJrK3HGuCBYoL+8UYTrz2PJwe0wyGv/TaJdx/oUJzw31ElETj7dVF5SVT1V0m/rq I9AJoNDeKFm+Wj9PnCgsd4wzXbJc0xisVdkNPodazH+OfdshNQ1eB/glB7UldHsCuXWGo4 5tFOifyfsS4tygOZZbULjqLRdN2RlW/gTVGAdmUPH4L0va3RNwo1NvqwUFNAIQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781039845; a=rsa-sha256; cv=none; b=fyfKnwzKxRJIOgtZU30PtMB28wq9pGi59Mo8KyEZKmP/WxeF0MjzkVQfT+DsbvilKsJg5g 06NjW0XpN441UY181R/I6xdF8VmTkxyLJUHTxDc9Fc4q6jdTc/oP2kseWvvAReghPU1n6T RHA+o2fADlfDK5aTgKf8VH9Xhw7WVUHdRn14wqBBJpF9z1VN9ERYAX259jUKLmJpYF5SmK Pc9TKHGKFqQYyz7k3M/dvaGZiKf7xrQQpWufcV6sEDjPy8yjLHUVdcf5fknLgmTj0guhoQ qieLYUoDsxKY604MMSEGsDm9833qnAE3rj2OOIv/+sapMPLXW6HteNwNoE11gg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781039845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0wPodCJDttobio25UmwOZPfXmt1obdXf0Jh46kgLRX0=; b=nNRm5fb3lSyCSz4lMTVHA441WzOYIF3FdEDYiW3J8xCcu+UOeAcL3Ik5VAjEexAQAlCX0i VBCRBGkR1O+heS7Ew90bui3v7cDnM4jx9vj02nQfOzYdyXX4RlJ6fDhT0Jz7pIr1bCJX6R NE4iLKXH1DHBAa7zylGvBL973OPJD2HQsKi1BXUbqiEyilPrTrspm4P8Iukc3havoLgh6s dd1nkcrWpvvT7McDH8dRaimsRVdQ6V1FI9we9tl9TLht0ECXLvxw0hPxmEGhCUwfctPKwb JrMOcw9V5VAMeikAwhlmRXGNsjTkDC1fzjgw1RHhOyZSOBLHNErnw5DmnF7lOw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gZhZF0YqYzqpw for ; Tue, 09 Jun 2026 21:17:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 2374b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 09 Jun 2026 21:17:25 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 44970244e6d8 - main - reap_kill_subtree_once: when proctree_lock is dropped, reaper might change List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 44970244e6d872103f36eae34218b672b69579dd Auto-Submitted: auto-generated Date: Tue, 09 Jun 2026 21:17:25 +0000 Message-Id: <6a2882e5.2374b.62dc910b@gitrepo.freebsd.org> The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=44970244e6d872103f36eae34218b672b69579dd commit 44970244e6d872103f36eae34218b672b69579dd Author: Konstantin Belousov AuthorDate: 2026-06-05 23:57:16 +0000 Commit: Konstantin Belousov CommitDate: 2026-06-09 21:11:45 +0000 reap_kill_subtree_once: when proctree_lock is dropped, reaper might change Recalculate it to iterate over the right set of processes. Prevent reaper' struct proc reuse by holding the tree ref on it. Since our reference is taken under the proctree lock and we know that the process is reaper, it cannot go away. The process hold count (p_lock) cannot be used there because p_lock intent is prevent exit, but reaper owns its reap-children until reaped itself, i.e. even a zombie reaper is still on duty. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D57492 --- sys/kern/kern_procctl.c | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c index 1ff1b15767b5..c8d14aa2f2f6 100644 --- a/sys/kern/kern_procctl.c +++ b/sys/kern/kern_procctl.c @@ -49,6 +49,7 @@ #include #include #include +#include static int protect_setchild(struct thread *td, struct proc *p, int flags) @@ -366,13 +367,7 @@ reap_kill_sched(struct reap_kill_tracker_head *tracker, struct proc *p2) { struct reap_kill_tracker *t; - PROC_LOCK(p2); - if ((p2->p_flag2 & P2_WEXIT) != 0) { - PROC_UNLOCK(p2); - return; - } - _PHOLD(p2); - PROC_UNLOCK(p2); + PROC_TREE_REF(p2); t = malloc(sizeof(struct reap_kill_tracker), M_TEMP, M_WAITOK); t->parent = p2; TAILQ_INSERT_TAIL(tracker, t, link); @@ -381,7 +376,7 @@ reap_kill_sched(struct reap_kill_tracker_head *tracker, struct proc *p2) static void reap_kill_sched_free(struct reap_kill_tracker *t) { - PRELE(t->parent); + PROC_TREE_UNREF(t->parent); free(t, M_TEMP); } @@ -416,16 +411,17 @@ reap_kill_children(struct thread *td, struct proc *reaper, } static bool -reap_kill_subtree_once(struct thread *td, struct proc *p, struct proc *reaper, +reap_kill_subtree_once(struct thread *td, struct proc *p, struct proc **reaperp, struct unrhdr *pids, struct reap_kill_proc_work *w) { struct reap_kill_tracker_head tracker; struct reap_kill_tracker *t; - struct proc *p2; + struct proc *p2, *reaper, *old_reaper; bool proctree_dropped, res; res = false; TAILQ_INIT(&tracker); + reaper = *reaperp; reap_kill_sched(&tracker, reaper); while ((t = TAILQ_FIRST(&tracker)) != NULL) { TAILQ_REMOVE(&tracker, t, link); @@ -483,8 +479,24 @@ again: } PROC_UNLOCK(p2); res = true; - if (proctree_dropped) + if (proctree_dropped) { + old_reaper = reaper; + reaper = get_reaper_or_p(p); + if (old_reaper != reaper) { + *reaperp = reaper; + PROC_TREE_REF(reaper); + PROC_TREE_UNREF(old_reaper); + reap_kill_sched(&tracker, reaper); + /* + * Already scheduled kill + * actions should be kept on + * the schedule, the processes + * are inherited by the new + * reaper. + */ + } goto again; + } } reap_kill_sched_free(t); } @@ -492,7 +504,7 @@ again: } static void -reap_kill_subtree(struct thread *td, struct proc *p, struct proc *reaper, +reap_kill_subtree(struct thread *td, struct proc *p, struct proc **reaperp, struct reap_kill_proc_work *w) { struct unrhdr pids; @@ -512,7 +524,7 @@ reap_kill_subtree(struct thread *td, struct proc *p, struct proc *reaper, goto out; } PROC_UNLOCK(td->td_proc); - while (reap_kill_subtree_once(td, p, reaper, &pids, w)) + while (reap_kill_subtree_once(td, p, reaperp, &pids, w)) ; ihandle = create_iter_unr(&pids); @@ -562,6 +574,7 @@ reap_kill(struct thread *td, struct proc *p, void *data) return (EINVAL); PROC_UNLOCK(p); reaper = get_reaper_or_p(p); + ksiginfo_init(&ksi); ksi.ksi_signo = rk->rk_sig; ksi.ksi_code = SI_USER; @@ -577,7 +590,9 @@ reap_kill(struct thread *td, struct proc *p, void *data) w.ksi = &ksi; w.rk = rk; w.error = &error; - reap_kill_subtree(td, p, reaper, &w); + PROC_TREE_REF(reaper); + reap_kill_subtree(td, p, &reaper, &w); + PROC_TREE_UNREF(reaper); crfree(w.cr); } PROC_LOCK(p);