From patchwork Sat Jan 15 20:31:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Samuel Thibault X-Patchwork-Id: 50071 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5FFB43858418 for ; Sat, 15 Jan 2022 20:32:12 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from hera.aquilenet.fr (hera.aquilenet.fr [IPv6:2a0c:e300::1]) by sourceware.org (Postfix) with ESMTPS id E2BC13858D35 for ; Sat, 15 Jan 2022 20:31:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E2BC13858D35 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=ens-lyon.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=ens-lyon.org Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 7C7473B6; Sat, 15 Jan 2022 21:31:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JEUujrMto_yb; Sat, 15 Jan 2022 21:31:57 +0100 (CET) Received: from begin (unknown [IPv6:2a01:cb19:956:1b00:de41:a9ff:fe47:ec49]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 515272AC; Sat, 15 Jan 2022 21:31:57 +0100 (CET) Received: from samy by begin with local (Exim 4.95) (envelope-from ) id 1n8piN-0029nC-HD; Sat, 15 Jan 2022 21:31:55 +0100 From: Samuel Thibault To: libc-alpha@sourceware.org Subject: [hurd, commited] htl: Clear kernel_thread field before releasing the thread structure Date: Sat, 15 Jan 2022 21:31:55 +0100 Message-Id: <20220115203155.514291-1-samuel.thibault@ens-lyon.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spamd-Bar: ++++ X-Rspamd-Server: hera Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Queue-Id: 7C7473B6 X-Spamd-Result: default: False [4.90 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_MISSING_CHARSET(2.50)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[3]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[] X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_PASS, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: commit-hurd@gnu.org Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Otherwise this is a use-after-free. --- sysdeps/mach/htl/pt-thread-terminate.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sysdeps/mach/htl/pt-thread-terminate.c b/sysdeps/mach/htl/pt-thread-terminate.c index 0cf72b330f..9bd6c3434d 100644 --- a/sysdeps/mach/htl/pt-thread-terminate.c +++ b/sysdeps/mach/htl/pt-thread-terminate.c @@ -62,15 +62,15 @@ __pthread_thread_terminate (struct __pthread *thread) ? __mig_get_reply_port () : MACH_PORT_NULL; __mach_port_deallocate (__mach_task_self (), self_ktid); + /* The kernel thread won't be there any more. */ + thread->kernel_thread = MACH_PORT_DEAD; + /* Finally done with the thread structure. */ __pthread_dealloc (thread); /* The wake up port is now no longer needed. */ __mach_port_destroy (__mach_task_self (), wakeup_port); - /* The kernel thread won't be there any more. */ - thread->kernel_thread = MACH_PORT_DEAD; - /* Terminate and release all that's left. */ err = __thread_terminate_release (kernel_thread, mach_task_self (), kernel_thread, reply_port,