kern/58594: Kernel FIOASYNC/FIOSETOWN/FIOGETOWN protocol is incoherent

[campbell+netbsd%mumble.net@localhost]

>Number:         58594
>Category:       kern
>Synopsis:       Kernel FIOASYNC/FIOSETOWN/FIOGETOWN protocol is incoherent
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 14 02:50:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, ...
>Organization:
The NetBSD SIGIOdation
>Environment:
>Description:
Various drivers implement FIOASYNC/FIOSETOWN/FIOGETOWN in their own ways.  The kernel provides fsetown/fgetown/fownsignal(9), but the usage rules aren't clear enough:

1. Is the caller required to serialize these?  (Probable answer: yes)

2. Can these be used in interrupt context (or under a spin lock), or in soft interrupt context?  (Probable answer: no, but bpf(4) does try to use fownsignal(9) like that.)

3. What happens if the process terminates and the pid/pgid is recycled?  (Probable answer: nothing good; I don't see anywhere the kernel might clean up the references, in case the file in question is held by a different process.)
>How-To-Repeat:
code inspection
>Fix:
1. Clarify the man page.
2. Figure out how to deal with cleanup.  Maybe provide an opaque `struct fown' data structure for callers to wire up the weak references for concurrent teardown on process termination.
3. Audit all the callers.