Author: hselasky
Date: Fri May 15 12:47:39 2020
New Revision: 361075
URL: https://svnweb.freebsd.org/changeset/base/361075
Log:
Assign process group of the TTY under the "proctree_lock".
This fixes a race where concurrent calls to doenterpgrp() and
leavepgrp() while TIOCSCTTY is executing may result in tp->t_pgrp
changing value so that tty_rel_pgrp() misses clearing it to NULL. For
more details refer to the use of pgdelete() in the kernel.
No functional change intended.
Panic backtrace:
__mtx_lock_sleep() # page fault due to using destroyed mutex
tty_signal_pgrp()
tty_ioctl()
ptsdev_ioctl()
kern_ioctl()
sys_ioctl()
amd64_syscall()
MFC after: 1 week
Sponsored by: Mellanox Technologies
Modified:
head/sys/kern/tty.c
Modified: head/sys/kern/tty.c
==============================================================================
--- head/sys/kern/tty.c Fri May 15 12:04:39 2020 (r361074)
+++ head/sys/kern/tty.c Fri May 15 12:47:39 2020 (r361075)
@@ -1818,7 +1818,6 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *da
tp->t_session = p->p_session;
tp->t_session->s_ttyp = tp;
tp->t_sessioncnt++;
- sx_xunlock(&proctree_lock);
/* Assign foreground process group. */
tp->t_pgrp = p->p_pgrp;
@@ -1826,6 +1825,7 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *da
p->p_flag |= P_CONTROLT;
PROC_UNLOCK(p);
+ sx_xunlock(&proctree_lock);
return (0);
}
case TIOCSPGRP: {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
