Page MenuHomeFreeBSD
Differential D42986

kthread: Set *newtdb earlier in kthread_add1()
ClosedPublic
Actions

Authored by markj on Dec 9 2023, 3:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Sep 28, 1:22 PM
Unknown Object (File)
Fri, Sep 27, 6:13 PM
Unknown Object (File)
Wed, Sep 25, 10:53 PM
Unknown Object (File)
Wed, Sep 25, 6:02 PM
Unknown Object (File)
Mon, Sep 23, 7:17 PM
Unknown Object (File)
Sun, Sep 22, 11:13 PM
Unknown Object (File)
Sun, Sep 22, 2:27 PM
Unknown Object (File)
Sat, Sep 21, 10:54 AM
View All 41 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rGd2c1d1b2bc47: kthread: Set *newtdp earlier in kthread_add1()
rGa9184e99afe8: kthread: Set *newtdp earlier in kthread_add1()
rGae77041e0714: kthread: Set *newtdp earlier in kthread_add1()
Summary

syzbot reported a boot-time crash in g_event_procbody(), a page fault
when dereferencing g_event_td. g_event_td is initialized by the
kproc_kthread_add() call which creates the GEOM event thread:

kproc_kthread_add(g_event_procbody, NULL, &g_proc, &g_event_td,
    RFHIGHPID, 0, "geom", "g_event");

The crash happened just once; I suspect that the caller of
kproc_kthread_add() was preempted after adding the new thread to the
scheduler, and before setting *newtdp, which is equal to g_event_td.

Fix the problem simply by initializing *newtdp earlier. I see no harm
in that, and it matches kproc_create1(). The scheduler provides
sufficient synchronization to ensure that the store is visible to the
new thread, wherever it happens to run.

MFC after: 1 week
Reported by: syzbot+5397f4d39219b85a9409@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 54884
Build 51773: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
9 lines

Diff 131219

View Options

sys/kern/kern_kthread.c

Loading...