git: 19e335596658 - stable/14 - kthread: Set *tdptr earlier in kproc_kthread_add()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 02 May 2024 13:26:48 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=19e335596658bf1ced262f769a0ed2d72f847766
commit 19e335596658bf1ced262f769a0ed2d72f847766
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-04-25 13:35:38 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-05-02 13:25:10 +0000
kthread: Set *tdptr earlier in kproc_kthread_add()
See commit ae77041e0714 ("kthread: Set *newtdp earlier in
kthread_add1()") for details. That commit was incomplete since
g_init()'s first call to kproc_kthread_add() will cause
kproc_kthread_add() to take the `*procptr == NULL` branch, which avoids
kthread_create().
To ensure that the thread pointer is initialized before the thread
starts running, we have to start the kernel process with RFSTOPPED.
We could perhaps go further and use RFSTOPPED only when tdptr != NULL,
but it's probably better to have consistent behaviour.
Reviewed by: olce, kib
Reported by: syzbot+e91e798f3c088215ace6@syzkaller.appspotmail.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44927
(cherry picked from commit d66399326cb4f89d1565fb62c1c07974886893c5)
---
sys/kern/kern_kthread.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/sys/kern/kern_kthread.c b/sys/kern/kern_kthread.c
index 9cbc74658432..00a264d57a21 100644
--- a/sys/kern/kern_kthread.c
+++ b/sys/kern/kern_kthread.c
@@ -496,13 +496,21 @@ kproc_kthread_add(void (*func)(void *), void *arg,
struct thread *td;
if (*procptr == NULL) {
+ /*
+ * Use RFSTOPPED to ensure that *tdptr is initialized before the
+ * thread starts running.
+ */
error = kproc_create(func, arg,
- procptr, flags, pages, "%s", procname);
+ procptr, flags | RFSTOPPED, pages, "%s", procname);
if (error)
return (error);
td = FIRST_THREAD_IN_PROC(*procptr);
if (tdptr)
*tdptr = td;
+ if ((flags & RFSTOPPED) == 0) {
+ thread_lock(td);
+ sched_add(td, SRQ_BORING);
+ }
va_start(ap, fmt);
vsnprintf(td->td_name, sizeof(td->td_name), fmt, ap);
va_end(ap);