From 3cbf9dc81c0436b11fca7829c55bcc94fdb4e52c Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Wed, 28 Oct 2020 22:12:47 +0000
Subject: Check for process group change in tty_wait_background().

The calling process's process group can change between PROC_UNLOCK(p)
and PGRP_LOCK(pg) in tty_wait_background(), e.g. by a setpgid() call
from another process. If that happens, the signal is not sent to the
calling process, even if the prior checks determine that one should be
sent.  Re-check that the process group hasn't changed after acquiring
the pgrp lock, and if it has, redo the checks.

PR:	250701
Submitted by:	Jakub Piecuch <j.piecuch96@gmail.com>
MFC after:	2 weeks
---
 sys/kern/tty.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 5cdaa10728d67..7526638b92116 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -474,6 +474,19 @@ tty_wait_background(struct tty *tp, struct thread *td, int sig)
 			sig = 0;
 		}
 		PGRP_LOCK(pg);
+
+		/*
+		 * pg may no longer be our process group.
+		 * Re-check after locking process group.
+		 */
+		PROC_LOCK(p);
+		if (p->p_pgrp != pg) {
+			PROC_UNLOCK(p);
+			PGRP_UNLOCK(pg);
+			continue;
+		}
+
+		PROC_UNLOCK(p);
 		pgsignal(pg, ksi.ksi_signo, 1, &ksi);
 		PGRP_UNLOCK(pg);
 
-- 
cgit v1.2.3