MFC r282679:

Do not return from thread_single(SINGLE_BOUNDARY) until all stopped thread are guarenteed to be removed from the processors.
author: kib <kib@FreeBSD.org> 2015-05-16 09:13:56 +0000
committer: kib <kib@FreeBSD.org> 2015-05-16 09:13:56 +0000
commit: 0f07927a1e80c78fdd924b93496d912f723740da (patch)
tree: 4732b57997185a63a65e9ff4955be201705459f6
parent: 0ecfe385ea833004b38b3cf4f7b38c2b358f154d (diff)
download: FreeBSD-src-0f07927a1e80c78fdd924b93496d912f723740da.zip
FreeBSD-src-0f07927a1e80c78fdd924b93496d912f723740da.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/sys/kern/kern_thread.c b/sys/kern/kern_thread.c
index 8e0146a..ba04471 100644
--- a/sys/kern/kern_thread.c
+++ b/sys/kern/kern_thread.c
@@ -758,6 +758,29 @@ stopme:
 			PROC_LOCK(p);
 			PROC_SLOCK(p);
 		}
+	} else if (mode == SINGLE_BOUNDARY) {
+		/*
+		 * Wait until all suspended threads are removed from
+		 * the processors.  The thread_suspend_check()
+		 * increments p_boundary_count while it is still
+		 * running, which makes it possible for the execve()
+		 * to destroy vmspace while our other threads are
+		 * still using the address space.
+		 *
+		 * We lock the thread, which is only allowed to
+		 * succeed after context switch code finished using
+		 * the address space.
+		 */
+		FOREACH_THREAD_IN_PROC(p, td2) {
+			if (td2 == td)
+				continue;
+			thread_lock(td2);
+			KASSERT((td2->td_flags & TDF_BOUNDARY) != 0,
+			    ("td %p not on boundary", td2));
+			KASSERT(TD_IS_SUSPENDED(td2),
+			    ("td %p is not suspended", td2));
+			thread_unlock(td2);
+		}
 	}
 	PROC_SUNLOCK(p);
 	return (0);
author	kib <kib@FreeBSD.org>	2015-05-16 09:13:56 +0000
committer	kib <kib@FreeBSD.org>	2015-05-16 09:13:56 +0000
commit	0f07927a1e80c78fdd924b93496d912f723740da (patch)
tree	4732b57997185a63a65e9ff4955be201705459f6
parent	0ecfe385ea833004b38b3cf4f7b38c2b358f154d (diff)
download	FreeBSD-src-0f07927a1e80c78fdd924b93496d912f723740da.zip FreeBSD-src-0f07927a1e80c78fdd924b93496d912f723740da.tar.gz