Page MenuHomeFreeBSD
Differential D42986

kthread: Set *newtdb earlier in kthread_add1()
ClosedPublic
Actions

Authored by markj on Dec 9 2023, 3:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 7:08 AM
Unknown Object (File)
Tue, Nov 5, 5:14 PM
Unknown Object (File)
Wed, Oct 16, 2:07 PM
Unknown Object (File)
Tue, Oct 15, 8:19 AM
Unknown Object (File)
Mon, Oct 14, 12:57 PM
Unknown Object (File)
Sat, Oct 12, 10:23 PM
Unknown Object (File)
Thu, Oct 10, 6:19 PM
Unknown Object (File)
Oct 8 2024, 11:43 PM
View All 55 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rGd2c1d1b2bc47: kthread: Set *newtdp earlier in kthread_add1()
rGa9184e99afe8: kthread: Set *newtdp earlier in kthread_add1()
rGae77041e0714: kthread: Set *newtdp earlier in kthread_add1()
Summary

syzbot reported a boot-time crash in g_event_procbody(), a page fault
when dereferencing g_event_td. g_event_td is initialized by the
kproc_kthread_add() call which creates the GEOM event thread:

kproc_kthread_add(g_event_procbody, NULL, &g_proc, &g_event_td,
    RFHIGHPID, 0, "geom", "g_event");

The crash happened just once; I suspect that the caller of
kproc_kthread_add() was preempted after adding the new thread to the
scheduler, and before setting *newtdp, which is equal to g_event_td.

Fix the problem simply by initializing *newtdp earlier. I see no harm
in that, and it matches kproc_create1(). The scheduler provides
sufficient synchronization to ensure that the store is visible to the
new thread, wherever it happens to run.

MFC after: 1 week
Reported by: syzbot+5397f4d39219b85a9409@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
9 lines

Diff 131223

View Options

sys/kern/kern_kthread.c

Loading...