From 795a11d049286bd384c7a76ee664137c165334dd Mon Sep 17 00:00:00 2001
From: David Xu <davidxu@FreeBSD.org>
Date: Wed, 15 Mar 2006 23:24:14 +0000
Subject: [PATCH] Fix a race between file operations and rfork(RFCFDG) by
 parking all other threads at user boundary, the race can crash kernel under
 stress testing.

Reviewed by: jhb
MFC after: 3 days
---
 sys/kern/kern_fork.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index dfbd315faa94..c6724b725cb9 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -220,6 +220,16 @@ fork1(td, flags, pages, procp)
 	 * certain parts of a process from itself.
 	 */
 	if ((flags & RFPROC) == 0) {
+		if ((p1->p_flag & P_HADTHREADS) &&
+		    (flags & (RFCFDG | RFFDG))) {
+			PROC_LOCK(p1);
+			if (thread_single(SINGLE_BOUNDARY)) {
+				PROC_UNLOCK(p1);
+				return (ERESTART);
+			}
+			PROC_UNLOCK(p1);
+		}
+
 		vm_forkproc(td, NULL, NULL, flags);
 
 		/*
@@ -237,6 +247,13 @@ fork1(td, flags, pages, procp)
 		 */
 		if (flags & RFFDG) 
 			fdunshare(p1, td);
+
+		if ((p1->p_flag & P_HADTHREADS) &&
+		    (flags & (RFCFDG | RFFDG))) {
+			PROC_LOCK(p1);
+			thread_single_end();
+			PROC_UNLOCK(p1);
+		}
 		*procp = NULL;
 		return (0);
 	}