Kernel: Fix kernel null deref on process crash during join_thread()

The join_thread() syscall is not supposed to be interruptible by signals, but it was. And since the process death mechanism piggybacked on signal interrupts, it was possible to interrupt a pthread_join() by killing the process that was doing it, leading to confusing due to some assumptions being made by Thread::finalize() for threads that have a pending joiner. This patch fixes the issue by making "interrupted by death" a distinct block result separate from "interrupted by signal". Then we handle that state in join_thread() and tidy things up so that thread finalization doesn't get confused by the pending joiner being gone. Test: Tests/Kernel/null-deref-crash-during-pthread_join.cpp
2025-07-25 04:17:35 +00:00 · 2020-01-10 19:15:01 +01:00 · 2020-01-10 19:15:01 +01:00 · 8c5cd97b45
commit 8c5cd97b45
parent 6a529ea425
7 changed files with 55 additions and 20 deletions
--- a/Tests/Kernel/null-deref-crash-during-pthread_join.cpp
+++ b/Tests/Kernel/null-deref-crash-during-pthread_join.cpp
@ -0,0 +1,21 @@
+#include <pthread.h>
+#include <stdio.h>
+#include <sys/select.h>
+#include <unistd.h>
+
+int main(int, char**)
+{
+    pthread_t tid;
+    pthread_create(
+        &tid, nullptr, [](void*) -> void* {
+            sleep(1);
+            asm volatile("ud2");
+            return nullptr;
+        },
+        nullptr);
+
+    pthread_join(tid, nullptr);
+
+    printf("ok\n");
+    return 0;
+}