git-pthread_kill_exited

commited for 2.35

commit 2c040d0b904ca8dfd34e72dc9b4722d92436ad7e
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Jan 15 14:55:23 2022 +0100

    hurd: Fix pthread_kill on exiting/ted thread

    We have to drop the kernel_thread port from the thread structure, to
    avoid pthread_kill's call to _hurd_thread_sigstate trying to reference
    it and fail.

commit c1105e34aced53b26f02176b973079eb30fc54b1
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Jan 15 21:30:17 2022 +0100

    htl: Clear kernel_thread field before releasing the thread structure

    Otherwise this is a use-after-free.

Gbp-Pq: Topic hurd-i386
Gbp-Pq: Name git-pthread_kill_exited.diff

diff --git a/sysdeps/hurd/htl/pt-kill.c b/sysdeps/hurd/htl/pt-kill.c
index 1fcedb3e0d071eef5c7e0c81c8de5bc48131066a..306e1567b45ea42377414837ceeba3c2a5cfff0b 100644 (file)
--- a/sysdeps/hurd/htl/pt-kill.c
+++ b/sysdeps/hurd/htl/pt-kill.c
@@ -35,6 +35,10 @@ __pthread_kill (pthread_t thread, int sig)
   if (pthread == NULL)
     return ESRCH;
 
+  if (pthread->kernel_thread == MACH_PORT_DEAD)
+    /* The pthread ID is still valid but we cannot send a signal any more.  */
+    return 0;
+
   ss = _hurd_thread_sigstate (pthread->kernel_thread);
   assert (ss);
 

diff --git a/sysdeps/mach/htl/pt-thread-terminate.c b/sysdeps/mach/htl/pt-thread-terminate.c
index cfd7cdb2e8c92b3e0931e76906b06d235f5d3388..fbc7eb6919fe9b6d31e55a84badec7084e8e60ae 100644 (file)
--- a/sysdeps/mach/htl/pt-thread-terminate.c
+++ b/sysdeps/mach/htl/pt-thread-terminate.c
@@ -62,6 +62,9 @@ __pthread_thread_terminate (struct __pthread *thread)
       ? __mig_get_reply_port () : MACH_PORT_NULL;
   __mach_port_deallocate (__mach_task_self (), self_ktid);
 
+  /* The kernel thread won't be there any more.  */
+  thread->kernel_thread = MACH_PORT_DEAD;
+
   /* Finally done with the thread structure.  */
   __pthread_dealloc (thread);