diff options
author | Mark Johnston <markj@FreeBSD.org> | 2024-04-25 13:35:38 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2024-04-25 13:35:38 +0000 |
commit | d66399326cb4f89d1565fb62c1c07974886893c5 (patch) | |
tree | eccda3056fd59c69810b88904f6dfff4db2b689c | |
parent | 42255af64a5471a2668e3a0552d82639e1f70ee4 (diff) | |
download | src-d66399326cb4f89d1565fb62c1c07974886893c5.tar.gz src-d66399326cb4f89d1565fb62c1c07974886893c5.zip |
kthread: Set *tdptr earlier in kproc_kthread_add()
See commit ae77041e0714 ("kthread: Set *newtdp earlier in
kthread_add1()") for details. That commit was incomplete since
g_init()'s first call to kproc_kthread_add() will cause
kproc_kthread_add() to take the `*procptr == NULL` branch, which avoids
kthread_create().
To ensure that the thread pointer is initialized before the thread
starts running, we have to start the kernel process with RFSTOPPED.
We could perhaps go further and use RFSTOPPED only when tdptr != NULL,
but it's probably better to have consistent behaviour.
Reviewed by: olce, kib
Reported by: syzbot+e91e798f3c088215ace6@syzkaller.appspotmail.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44927
-rw-r--r-- | sys/kern/kern_kthread.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/kern_kthread.c b/sys/kern/kern_kthread.c index 8a84fd70918d..97d10fdb394a 100644 --- a/sys/kern/kern_kthread.c +++ b/sys/kern/kern_kthread.c @@ -495,13 +495,21 @@ kproc_kthread_add(void (*func)(void *), void *arg, struct thread *td; if (*procptr == NULL) { + /* + * Use RFSTOPPED to ensure that *tdptr is initialized before the + * thread starts running. + */ error = kproc_create(func, arg, - procptr, flags, pages, "%s", procname); + procptr, flags | RFSTOPPED, pages, "%s", procname); if (error) return (error); td = FIRST_THREAD_IN_PROC(*procptr); if (tdptr) *tdptr = td; + if ((flags & RFSTOPPED) == 0) { + thread_lock(td); + sched_add(td, SRQ_BORING); + } va_start(ap, fmt); vsnprintf(td->td_name, sizeof(td->td_name), fmt, ap); va_end(ap); |