From 169eb6f1b949a0d734529bd3896daca01f2845cb Mon Sep 17 00:00:00 2001 From: hselasky Date: Fri, 22 May 2020 09:01:26 +0000 Subject: [PATCH] MFC r361075: Assign process group of the TTY under the "proctree_lock". This fixes a race where concurrent calls to doenterpgrp() and leavepgrp() while TIOCSCTTY is executing may result in tp->t_pgrp changing value so that tty_rel_pgrp() misses clearing it to NULL. For more details refer to the use of pgdelete() in the kernel. No functional change intended. Panic backtrace: __mtx_lock_sleep() # page fault due to using destroyed mutex tty_signal_pgrp() tty_ioctl() ptsdev_ioctl() kern_ioctl() sys_ioctl() amd64_syscall() Sponsored by: Mellanox Technologies git-svn-id: svn://svn.freebsd.org/base/stable/10@361358 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/kern/tty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index e9771501f..84e690bd7 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1721,7 +1721,6 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag, tp->t_session = p->p_session; tp->t_session->s_ttyp = tp; tp->t_sessioncnt++; - sx_xunlock(&proctree_lock); /* Assign foreground process group. */ tp->t_pgrp = p->p_pgrp; @@ -1729,6 +1728,7 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag, p->p_flag |= P_CONTROLT; PROC_UNLOCK(p); + sx_xunlock(&proctree_lock); return (0); } case TIOCSPGRP: { -- 2.42.0