From: deraadt Date: Fri, 30 Apr 2021 02:06:22 +0000 (+0000) Subject: When terminating via pledge_fail() stop all threads, before issuing a X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=eb0deef5d2617e5dde4b3ef3e3c4791339e6e5ef;p=openbsd When terminating via pledge_fail() stop all threads, before issuing a (delayed action) sigabort() and disabling all syscalls for this process (ie. all threads). This resulted in multiple-threads crashing over top of themselves, and a poor debugging experience. We keep using sigabort() rather than sigexit(), to keep the debugging process good. Diagnosed from a report from brynet, and followup discussion with many. --- diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index daa78925ecf..430307f6523 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.271 2021/03/25 21:27:45 abieber Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.272 2021/04/30 02:06:22 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -548,6 +548,10 @@ pledge_fail(struct proc *p, int error, uint64_t code) p->p_p->ps_comm, p->p_p->ps_pid, codes, p->p_pledge_syscall); p->p_p->ps_acflag |= APLEDGE; + /* Stop threads immediately, because this process is suspect */ + if (P_HASSIBLING(p)) + single_thread_set(p, SINGLE_SUSPEND, 1); + /* Send uncatchable SIGABRT for coredump */ sigabort(p);