From: GNU Libc Maintainers Date: Sat, 27 Aug 2022 11:38:11 +0000 (+0100) Subject: git-pthread_kill_exited X-Git-Tag: archive/raspbian/2.34-7+rpi1~1^2~80 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5a5fca7da4573a6628701fd36e23b938d94988ba;p=glibc.git git-pthread_kill_exited committed for 2.35 commit 2c040d0b904ca8dfd34e72dc9b4722d92436ad7e Author: Samuel Thibault Date: Sat Jan 15 14:55:23 2022 +0100 hurd: Fix pthread_kill on exiting/ted thread We have to drop the kernel_thread port from the thread structure, to avoid pthread_kill's call to _hurd_thread_sigstate trying to reference it and fail. commit c1105e34aced53b26f02176b973079eb30fc54b1 Author: Samuel Thibault Date: Sat Jan 15 21:30:17 2022 +0100 htl: Clear kernel_thread field before releasing the thread structure Otherwise this is a use-after-free. Gbp-Pq: Topic hurd-i386 Gbp-Pq: Name git-pthread_kill_exited.diff --- diff --git a/sysdeps/hurd/htl/pt-kill.c b/sysdeps/hurd/htl/pt-kill.c index 1fcedb3e0..306e1567b 100644 --- a/sysdeps/hurd/htl/pt-kill.c +++ b/sysdeps/hurd/htl/pt-kill.c @@ -35,6 +35,10 @@ __pthread_kill (pthread_t thread, int sig) if (pthread == NULL) return ESRCH; + if (pthread->kernel_thread == MACH_PORT_DEAD) + /* The pthread ID is still valid but we cannot send a signal any more. */ + return 0; + ss = _hurd_thread_sigstate (pthread->kernel_thread); assert (ss); diff --git a/sysdeps/mach/htl/pt-thread-terminate.c b/sysdeps/mach/htl/pt-thread-terminate.c index cfd7cdb2e..fbc7eb691 100644 --- a/sysdeps/mach/htl/pt-thread-terminate.c +++ b/sysdeps/mach/htl/pt-thread-terminate.c @@ -62,6 +62,9 @@ __pthread_thread_terminate (struct __pthread *thread) ? __mig_get_reply_port () : MACH_PORT_NULL; __mach_port_deallocate (__mach_task_self (), self_ktid); + /* The kernel thread won't be there any more. */ + thread->kernel_thread = MACH_PORT_DEAD; + /* Finally done with the thread structure. */ __pthread_dealloc (thread);