Fix unsafe use of ptsignal() in mi_switch().

ptsignal() has to be called with the kernel lock held. As ensuring the
locking in mi_switch() is not easy, and deferring the signaling using
the task API is not possible because of lock order issues in
mi_switch(), move the CPU time checking into a periodic timer where
the kernel can be locked without issues.

With this change, each process has a dedicated resource check timer.
The timer gets activated only when a CPU time limit is set. Because the
checking is not done as frequently as before, some precision is lost.

Use of timers adapted from FreeBSD.

OK tedu@

Reported-by: syzbot+2f5d62256e3280634623@syzkaller.appspotmail.com

1 files changed, 4 insertions, 1 deletions

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index dd26b0ac5c8..578752c75aa 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_fork.c,v 1.208 2018/11/12 15:09:17 visa Exp $	*/
+/*	$OpenBSD: kern_fork.c,v 1.209 2019/01/06 12:59:45 visa Exp $	*/
 /*	$NetBSD: kern_fork.c,v 1.29 1996/02/09 18:59:34 christos Exp $	*/
 
 /*
@@ -211,6 +211,7 @@ process_initialize(struct process *pr, struct proc *p)
 	LIST_INIT(&pr->ps_sigiolst);
 
 	timeout_set(&pr->ps_realit_to, realitexpire, pr);
+	timeout_set(&pr->ps_rucheck_to, rucheck, pr);
 }
 
 
@@ -240,6 +241,8 @@ process_new(struct proc *p, struct process *parent, int flags)
 	/* post-copy fixups */
 	pr->ps_pptr = parent;
 	pr->ps_limit->p_refcnt++;
+	if (pr->ps_limit->pl_rlimit[RLIMIT_CPU].rlim_cur != RLIM_INFINITY)
+		timeout_add_msec(&pr->ps_rucheck_to, RUCHECK_INTERVAL);
 
 	/* bump references to the text vnode (for sysctl) */
 	pr->ps_textvp = parent->ps_textvp;