Kernel: Fix kernel null deref on process crash during join_thread()

The join_thread() syscall is not supposed to be interruptible by signals, but it was. And since the process death mechanism piggybacked on signal interrupts, it was possible to interrupt a pthread_join() by killing the process that was doing it, leading to confusing due to some assumptions being made by Thread::finalize() for threads that have a pending joiner. This patch fixes the issue by making "interrupted by death" a distinct block result separate from "interrupted by signal". Then we handle that state in join_thread() and tidy things up so that thread finalization doesn't get confused by the pending joiner being gone. Test: Tests/Kernel/null-deref-crash-during-pthread_join.cpp
Author: https://github.com/awesomekling Commit: 8c5cd97b45
2025-09-10 03:26:10 +00:00 · 2020-01-10 19:15:01 +01:00 · 2020-01-10 19:15:01 +01:00 · 8c5cd97b45 · 2024-07-19 10:13:02 +09:00
commit 8c5cd97b45
parent 6a529ea425
7 changed files with 55 additions and 20 deletions
--- a/Kernel/Net/IPv4Socket.cpp
+++ b/Kernel/Net/IPv4Socket.cpp
@ -240,7 +240,7 @@ ssize_t IPv4Socket::recvfrom(FileDescription& description, void* buffer, size_t

            LOCKER(lock());
            if (!m_can_read) {
-                if (res == Thread::BlockResult::InterruptedBySignal)
+                if (res != Thread::BlockResult::WokeNormally)
                    return -EINTR;

                // Unblocked due to timeout.
@ -288,7 +288,7 @@ ssize_t IPv4Socket::recvfrom(FileDescription& description, void* buffer, size_t

        LOCKER(lock());
        if (!m_can_read) {
-            if (res == Thread::BlockResult::InterruptedBySignal)
+            if (res != Thread::BlockResult::WokeNormally)
                return -EINTR;

            // Unblocked due to timeout.
--- a/Kernel/Net/LocalSocket.cpp
+++ b/Kernel/Net/LocalSocket.cpp
@ -143,7 +143,7 @@ KResult LocalSocket::connect(FileDescription& description, const sockaddr* addre
        return KSuccess;
    }

-    if (current->block<Thread::ConnectBlocker>(description) == Thread::BlockResult::InterruptedBySignal) {
+    if (current->block<Thread::ConnectBlocker>(description) != Thread::BlockResult::WokeNormally) {
        m_connect_side_role = Role::None;
        return KResult(-EINTR);
    }
@ -268,7 +268,7 @@ ssize_t LocalSocket::recvfrom(FileDescription& description, void* buffer, size_t
        }
    } else if (!can_read(description)) {
        auto result = current->block<Thread::ReceiveBlocker>(description);
-        if (result == Thread::BlockResult::InterruptedBySignal)
+        if (result != Thread::BlockResult::WokeNormally)
            return -EINTR;
    }
    if (!has_attached_peer(description) && buffer_for_me.is_empty())
--- a/Kernel/Net/TCPSocket.cpp
+++ b/Kernel/Net/TCPSocket.cpp
@ -341,7 +341,7 @@ KResult TCPSocket::protocol_connect(FileDescription& description, ShouldBlock sh
    m_direction = Direction::Outgoing;

    if (should_block == ShouldBlock::Yes) {
-        if (current->block<Thread::ConnectBlocker>(description) == Thread::BlockResult::InterruptedBySignal)
+        if (current->block<Thread::ConnectBlocker>(description) != Thread::BlockResult::WokeNormally)
            return KResult(-EINTR);
        ASSERT(setup_state() == SetupState::Completed);
        if (has_error()) {