CVS commit: src/sys

["Taylor R Campbell" <riastradh%netbsd.org@localhost>]

Module Name:    src
Committed By:   riastradh
Date:           Sun Apr 27 17:40:56 UTC 2025

Modified Files:
        src/sys/kern: kern_exec.c
        src/sys/uvm: uvm_extern.h uvm_map.c

Log Message:
posix_spawn(2): Allocate a new vmspace at process creation time.

This allocates a new vmspace for the process at the time the new
process is created, rather than sharing some other vmspace temporarily.
This eliminates any risk of anything bad happening due to temporary
sharing, since there isn't any sharing.

Resolves a race to where:

1. we set up the child to share proc0.p_vmspace at first,

2. another process tries to read the new child's psstrings via
   kern.proc_args.<childpid>.argv or similar with the child's
   p_reflock held and gets stuck in a uvm fault loop because
   proc0.p_vmspace doesn't have the child's psstrings address
   (inherited from the parent) mapped,

3. the child is waiting for p_reflock before it can replace its
   p_vmspace or psstrings.

By allocating the vmspace up front, with no mappings in it, we avoid
exposing the child in this scenario.  Minor possible downside is that
sysctl kern.proc_args.<childpid>.argv might spuriously fail with
EFAULT during this time (rather than fail with EBUSY as it does if
p_reflock is held concurrently) but that's not a particularly big
deal.

Patch and first paragraph of commit message written by chs@; minor
tweaks to comments -- and any mistakes in the analysis -- by me.

PR kern/59037: deadlock in posix_spawn
PR kern/59175: posix_spawn hang, hanging other process too


To generate a diff of this commit:
cvs rdiff -u -r1.527 -r1.528 src/sys/kern/kern_exec.c
cvs rdiff -u -r1.233 -r1.234 src/sys/uvm/uvm_extern.h
cvs rdiff -u -r1.426 -r1.427 src/sys/uvm/uvm_map.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.