Kernel: Make ProcessGroup a ListedRefCounted and fix two races

This closes two race windows: - ProcessGroup removed itself from the "all process groups" list in its destructor. It was possible to walk the list between the last unref() and the destructor invocation, and grab a pointer to a ProcessGroup that was about to get deleted. - sys$setsid() could end up creating a process group that already existed, as there was a race window between checking if the PGID is used, and actually creating a ProcessGroup with that PGID.
2025-07-25 17:17:44 +00:00 · 2023-04-04 16:38:46 +02:00 · 2023-04-04 16:38:46 +02:00 · 3e30d9bc99
commit 3e30d9bc99
parent 37bfc36601
3 changed files with 29 additions and 36 deletions
--- a/Kernel/ProcessGroup.cpp
+++ b/Kernel/ProcessGroup.cpp
@ -1,6 +1,6 @@
 /*
 * Copyright (c) 2020, the SerenityOS developers.
- * Copyright (c) 2021, Andreas Kling <kling@serenityos.org>
+ * Copyright (c) 2021-2023, Andreas Kling <kling@serenityos.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
@ -10,45 +10,44 @@

 namespace Kernel {

-static Singleton<SpinlockProtected<ProcessGroup::List, LockRank::None>> s_process_groups;
+static Singleton<SpinlockProtected<ProcessGroup::AllInstancesList, LockRank::None>> s_all_instances;

-SpinlockProtected<ProcessGroup::List, LockRank::None>& process_groups()
+SpinlockProtected<ProcessGroup::AllInstancesList, LockRank::None>& ProcessGroup::all_instances()
 {
-    return *s_process_groups;
+    return s_all_instances;
 }

-ProcessGroup::~ProcessGroup()
-{
-    process_groups().with([&](auto& groups) {
-        groups.remove(*this);
-    });
-}
+ProcessGroup::~ProcessGroup() = default;

-ErrorOr<NonnullRefPtr<ProcessGroup>> ProcessGroup::create(ProcessGroupID pgid)
+ErrorOr<NonnullRefPtr<ProcessGroup>> ProcessGroup::create_if_unused_pgid(ProcessGroupID pgid)
 {
-    auto process_group = TRY(adopt_nonnull_ref_or_enomem(new (nothrow) ProcessGroup(pgid)));
-    process_groups().with([&](auto& groups) {
-        groups.prepend(*process_group);
+    return all_instances().with([&](auto& all_instances) -> ErrorOr<NonnullRefPtr<ProcessGroup>> {
+        for (auto& process_group : all_instances) {
+            if (process_group.pgid() == pgid)
+                return EPERM;
+        }
+        auto process_group = TRY(adopt_nonnull_ref_or_enomem(new (nothrow) ProcessGroup(pgid)));
+        all_instances.prepend(*process_group);
+        return process_group;
    });
-    return process_group;
 }

 ErrorOr<NonnullRefPtr<ProcessGroup>> ProcessGroup::find_or_create(ProcessGroupID pgid)
 {
-    return process_groups().with([&](auto& groups) -> ErrorOr<NonnullRefPtr<ProcessGroup>> {
-        for (auto& group : groups) {
+    return all_instances().with([&](auto& all_instances) -> ErrorOr<NonnullRefPtr<ProcessGroup>> {
+        for (auto& group : all_instances) {
            if (group.pgid() == pgid)
                return group;
        }
        auto process_group = TRY(adopt_nonnull_ref_or_enomem(new (nothrow) ProcessGroup(pgid)));
-        groups.prepend(*process_group);
+        all_instances.prepend(*process_group);
        return process_group;
    });
 }

 RefPtr<ProcessGroup> ProcessGroup::from_pgid(ProcessGroupID pgid)
 {
-    return process_groups().with([&](auto& groups) -> RefPtr<ProcessGroup> {
+    return all_instances().with([&](auto& groups) -> RefPtr<ProcessGroup> {
        for (auto& group : groups) {
            if (group.pgid() == pgid)
                return &group;