Consistently use process spin lock for protection of the

p->p_boundary_count. Race could cause the execve(2) from the threaded process to hung since thread boundary counter was incorrect and single-threading never finished. Reported by: pluknet, pho Tested by: pho MFC after: 1 week
2011-11-18 09:12:26 +00:00 · 2011-11-18 09:12:26 +00:00 · 7b5190779b
commit 7b5190779b
parent dfdda19266
2 changed files with 7 additions and 2 deletions
--- a/sys/kern/kern_thread.c
+++ b/sys/kern/kern_thread.c
@ -566,6 +566,8 @@ calc_remaining(struct proc *p, int mode)
 {
 	int remaining;

+	PROC_LOCK_ASSERT(p, MA_OWNED);
+	PROC_SLOCK_ASSERT(p, MA_OWNED);
 	if (mode == SINGLE_EXIT)
 		remaining = p->p_numthreads;
 	else if (mode == SINGLE_BOUNDARY)
@ -819,8 +821,11 @@ thread_suspend_check(int return_instead)
 			td->td_flags &= ~TDF_BOUNDARY;
 		thread_unlock(td);
 		PROC_LOCK(p);
-		if (return_instead == 0)
+		if (return_instead == 0) {
+			PROC_SLOCK(p);
 			p->p_boundary_count--;
+			PROC_SUNLOCK(p);
+		}
 	}
 	return (0);
 }
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@ -532,7 +532,7 @@ struct proc {
 	struct thread	*p_singlethread;/* (c + j) If single threading this is it */
 	int		p_suspcount;	/* (j) Num threads in suspended mode. */
 	struct thread	*p_xthread;	/* (c) Trap thread */
-	int		p_boundary_count;/* (c) Num threads at user boundary */
+	int		p_boundary_count;/* (j) Num threads at user boundary */
 	int		p_pendingcnt;	/* how many signals are pending */
 	struct itimers	*p_itimers;	/* (c) POSIX interval timers. */
 	struct procdesc	*p_procdesc;	/* (e) Process descriptor, if any. */