From 4ab8b759f72eb3ad9844a8a2e6e63d176484b08e Mon Sep 17 00:00:00 2001 From: claudio Date: Sat, 9 Sep 2023 14:50:09 +0000 Subject: [PATCH] Fix SCHED_LOCK() leak in single_thread_set() In the (q->p_flag & P_WEXIT) branch is a continue that did not release the SCHED_LOCK. Refactor the code a bit to simplify the places SCHED_LOCK is grabbed and released. Reported-by: syzbot+ea26d351acfad3bb3f15@syzkaller.appspotmail.com OK kettenis@ --- sys/kern/kern_sig.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 9259f5a1fb4..c2a153054d2 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.315 2023/09/08 09:06:31 claudio Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.316 2023/09/09 14:50:09 claudio Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -2109,12 +2109,14 @@ single_thread_set(struct proc *p, enum single_thread_mode mode, int wait) TAILQ_FOREACH(q, &pr->ps_threads, p_thr_link) { if (q == p) continue; - SCHED_LOCK(s); if (q->p_flag & P_WEXIT) { + SCHED_LOCK(s); if (mode == SINGLE_EXIT && q->p_stat == SSTOP) setrunnable(q); + SCHED_UNLOCK(s); continue; } + SCHED_LOCK(s); atomic_setbits_int(&q->p_flag, P_SUSPSINGLE); switch (q->p_stat) { case SIDL: -- 2.20.1