Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern exit1(): remove from the radix tree before setting ...



details:   https://anonhg.NetBSD.org/src/rev/85c175c3a688
branches:  trunk
changeset: 1007557:85c175c3a688
user:      ad <ad%NetBSD.org@localhost>
date:      Sat Feb 22 21:07:46 2020 +0000

description:
exit1(): remove from the radix tree before setting zombie status, as
radix_tree_remove_node() can block on locks when freeing.

Reported-by: syzbot+02bf066c30f812b14f25%syzkaller.appspotmail.com@localhost

diffstat:

 sys/kern/kern_exit.c |  14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diffs (42 lines):

diff -r 1a6218897e90 -r 85c175c3a688 sys/kern/kern_exit.c
--- a/sys/kern/kern_exit.c      Sat Feb 22 20:29:15 2020 +0000
+++ b/sys/kern/kern_exit.c      Sat Feb 22 21:07:46 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_exit.c,v 1.283 2020/02/15 18:12:15 ad Exp $       */
+/*     $NetBSD: kern_exit.c,v 1.284 2020/02/22 21:07:46 ad Exp $       */
 
 /*-
  * Copyright (c) 1998, 1999, 2006, 2007, 2008, 2020 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.283 2020/02/15 18:12:15 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exit.c,v 1.284 2020/02/22 21:07:46 ad Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_dtrace.h"
@@ -551,6 +551,11 @@
        pcu_discard_all(l);
 
        mutex_enter(p->p_lock);
+       /* Don't bother with p_treelock as no other LWPs remain. */
+       l2 = radix_tree_remove_node(&p->p_lwptree, (uint64_t)(l->l_lid - 1));
+       KASSERT(l2 == l);
+       KASSERT(radix_tree_empty_tree_p(&p->p_lwptree));
+       radix_tree_fini_tree(&p->p_lwptree);
        /* Free the linux lwp id */
        if ((l->l_pflag & LP_PIDLID) != 0 && l->l_lid != p->p_pid)
                proc_free_pid(l->l_lid);
@@ -566,11 +571,6 @@
        p->p_nrlwps--;
        p->p_nzlwps++;
        p->p_ndlwps = 0;
-       /* Don't bother with p_treelock as no other LWPs remain. */
-       l2 = radix_tree_remove_node(&p->p_lwptree, (uint64_t)(l->l_lid - 1));
-       KASSERT(l2 == l);
-       KASSERT(radix_tree_empty_tree_p(&p->p_lwptree));
-       radix_tree_fini_tree(&p->p_lwptree);
        mutex_exit(p->p_lock);
 
        /*



Home | Main Index | Thread Index | Old Index