In linux emulation layer try to detect attempt to use linux_clone() to

create kernel threads and call rfork(2) with RFTHREAD flag set in this case, which puts parent and child into the same threading group. As a result all threads that belong to the same program end up in the same threading group. This is similar to what linuxthreads port does, though in this case we don't have a luxury of having access to the source code and there is no definite way to differentiate linux_clone() called for threading purposes from other uses, so that we have to resort to heuristics. Allow SIGTHR to be delivered between all processes in the same threading group previously it has been blocked for s[ug]id processes. This also should improve locking of the same file descriptor from different threads in programs running under linux compat layer. PR: kern/72922 Reported by: Andriy Gapon <avg@icyb.net.ua> Idea suggested by: rwatson
2026-06-11 01:30:30 -04:00 · 2005-03-03 16:57:55 +00:00 · 2005-03-03 16:57:55 +00:00 · 4b1783363f
commit 4b1783363f
parent 24fe1eafe4
2 changed files with 31 additions and 0 deletions
--- a/sys/i386/linux/linux_machdep.c
+++ b/sys/i386/linux/linux_machdep.c
@ -314,6 +314,9 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 #define CLONE_FILES	0x400
 #define CLONE_SIGHAND	0x800
 #define CLONE_PID	0x1000
+#define CLONE_THREAD	0x10000
+
+#define THREADING_FLAGS	(CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND)

 int
 linux_clone(struct thread *td, struct linux_clone_args *args)
@ -349,6 +352,22 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
 	if (!(args->flags & CLONE_FILES))
 		ff |= RFFDG;

+	/*
+	 * Attempt to detect when linux_clone(2) is used for creating
+	 * kernel threads. Unfortunately despite the existence of the
+	 * CLONE_THREAD flag, version of linuxthreads package used in
+	 * most popular distros as of beginning of 2005 doesn't make
+	 * any use of it. Therefore, this detection relay fully on
+	 * empirical observation that linuxthreads sets certain
+	 * combination of flags, so that we can make more or less
+	 * precise detection and notify the FreeBSD kernel that several
+	 * processes are in fact part of the same threading group, so
+	 * that special treatment is necessary for signal delivery
+	 * between those processes and fd locking.
+	 */
+	if ((args->flags & 0xffffff00) == THREADING_FLAGS)
+		ff |= RFTHREAD;
+
 	error = fork1(td, ff, 0, &p2);
 	if (error)
 		return (error);
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -1523,6 +1523,18 @@ p_cansignal(struct thread *td, struct proc *p, int signum)
 	/* XXX: This will require an additional lock of some sort. */
 	if (signum == SIGCONT && td->td_proc->p_session == p->p_session)
 		return (0);
+	/*
+	 * Some compat layers use SIGTHR for communications between
+	 * different kernel threads of the same process, so that
+	 * they are expecting that it's always possible to deliver
+	 * it, even for suid applications where cr_cansignal() can
+	 * deny such ability for security consideration.  It should be
+	 * pretty safe to do since the only way to create two processes
+	 * with the same p_leader is via rfork(2).
+	 */
+	if (signum == SIGTHR && td->td_proc->p_leader != NULL &&
+	    td->td_proc->p_leader == p->p_leader)
+		return (0);

 	return (cr_cansignal(td->td_ucred, p, signum));
 }