From 5b35c9fbe68e11041130d9e75b8de64c8dd7b10d Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Tue, 22 Oct 2024 11:54:06 +0000 Subject: Protect the ps_pgrp pointer by either the KERNEL_LOCK or the ps_mtx. This should be enough to be on the safe side when unlocking ptsignal where a pr->ps_pgrp->pg_jobc == 0 check happens. OK mpi@ kettenis@ --- sys/kern/kern_proc.c | 6 +++++- sys/kern/kern_sig.c | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'sys/kern') diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index f061b06cffe..7abbab5fd48 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_proc.c,v 1.100 2024/10/15 13:49:26 claudio Exp $ */ +/* $OpenBSD: kern_proc.c,v 1.101 2024/10/22 11:54:04 claudio Exp $ */ /* $NetBSD: kern_proc.c,v 1.14 1996/02/09 18:59:41 christos Exp $ */ /* @@ -319,7 +319,9 @@ enterthispgrp(struct process *pr, struct pgrp *pgrp) fixjobc(pr, savepgrp, 0); LIST_REMOVE(pr, ps_pglist); + mtx_enter(&pr->ps_mtx); pr->ps_pgrp = pgrp; + mtx_leave(&pr->ps_mtx); LIST_INSERT_HEAD(&pgrp->pg_members, pr, ps_pglist); if (LIST_EMPTY(&savepgrp->pg_members)) pgdelete(savepgrp); @@ -337,7 +339,9 @@ leavepgrp(struct process *pr) LIST_REMOVE(pr, ps_pglist); if (LIST_EMPTY(&pr->ps_pgrp->pg_members)) pgdelete(pr->ps_pgrp); + mtx_enter(&pr->ps_mtx); pr->ps_pgrp = NULL; + mtx_leave(&pr->ps_mtx); } /* diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 98edd7378d5..6d3800ccdb0 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.343 2024/10/17 09:11:35 claudio Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.344 2024/10/22 11:54:04 claudio Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -1436,10 +1436,14 @@ cursig(struct proc *p, struct sigctx *sctx, int deep) * process group, ignore tty stop signals. */ if (prop & SA_STOP) { + mtx_enter(&pr->ps_mtx); if (pr->ps_flags & PS_TRACED || (pr->ps_pgrp->pg_jobc == 0 && - prop & SA_TTYSTOP)) + prop & SA_TTYSTOP)) { + mtx_leave(&pr->ps_mtx); break; /* == ignore */ + } + mtx_leave(&pr->ps_mtx); pr->ps_xsig = signum; SCHED_LOCK(); proc_stop(p, 1); -- cgit v1.2.3