CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2018/02/26 06:33:25
Modified files:
sys/kern : kern_sig.c
sys/sys : signalvar.h
Log message:
Fix a TOCTOU race that causes signals to be delivered more than once.
The race is only triggerable if one of the threads of a multi-threaded
program is in the middle of a NOLOCK syscall when a signal is received.
The problem is that `ps_sigact' is shared between threads so its access
should be serialized. In the case of SA_RESETHAND, the handler is reset
when a signal is delivered, so delivering the signal twice would put the
process in an "impossible" state where some threads were stopped and some
were waiting for the others to die.
Serialize signal checking & processing with the KERNEL_LOCK() for now,
and introduce postsig_done() gypped from FreeBSD, to make sure the lock
is held when resetting the handler.
Bug report from espie@, ok visa@
