From fb65dc6cd6e7f2518756ef29dae14ffb950cbc29 Mon Sep 17 00:00:00 2001
From: davidxu <davidxu@FreeBSD.org>
Date: Mon, 28 Oct 2002 07:37:06 +0000
Subject: Close a race window in kse_create(): signal delivered after
 SIGPENDING call but before we call kse_link().

---
 sys/kern/kern_thread.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'sys/kern/kern_thread.c')

diff --git a/sys/kern/kern_thread.c b/sys/kern/kern_thread.c
index 2b4ad4a..eb6db57 100644
--- a/sys/kern/kern_thread.c
+++ b/sys/kern/kern_thread.c
@@ -455,10 +455,6 @@ kse_create(struct thread *td, struct kse_create_args *uap)
 		bcopy(&ke->ke_startcopy, &newke->ke_startcopy,
 		      RANGEOF(struct kse, ke_startcopy, ke_endcopy));
 #endif
-		PROC_LOCK(p);
-		if (SIGPENDING(p))
-			newke->ke_flags |= KEF_ASTPENDING;
-		PROC_UNLOCK(p);
 		/* For the first call this may not have been set */
 		if (td->td_standin == NULL) {
 			td->td_standin = thread_alloc();
@@ -469,6 +465,8 @@ kse_create(struct thread *td, struct kse_create_args *uap)
 		else
 			newkg = kg;
 		kse_link(newke, newkg);
+		if (p->p_sflag & PS_NEEDSIGCHK)
+			newke->ke_flags |= KEF_ASTPENDING;
 		newke->ke_mailbox = uap->mbx;
 		newke->ke_upcall = mbx.km_func;
 		bcopy(&mbx.km_stack, &newke->ke_stack, sizeof(stack_t));
-- 
cgit v1.1