CreateProcessGroup has to check whether a target process stil exists or not

A caller of CreateProcessGroup looks up a thread group without locks, so the target process can exit before CreateProcessGroup will be called. Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com PiperOrigin-RevId: 381351069
author: Andrei Vagin <avagin@google.com> 2021-06-24 15:33:26 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-06-24 15:36:01 -0700
commit: 2e6195ffe0ad452b2137c32d635d890c9d872e8d (patch)
tree: 878d54842323fcec80f7bca269ac728a4c113e1f
parent: fdf7c49030c11fae17c6f7bf99344c43654dd258 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/sessions.go b/pkg/sentry/kernel/sessions.go
index ca9076406..973d708a3 100644
--- a/pkg/sentry/kernel/sessions.go
+++ b/pkg/sentry/kernel/sessions.go
@@ -369,6 +369,11 @@ func (tg *ThreadGroup) CreateProcessGroup() error {
 	// Get the ID for this thread in the current namespace.
 	id := tg.pidns.tgids[tg]
 
+	// Check whether a process still exists or not.
+	if id == 0 {
+		return syserror.ESRCH
+	}
+
 	// Per above, check for a Session leader or existing group.
 	for s := tg.pidns.owner.sessions.Front(); s != nil; s = s.Next() {
 		if s.leader.pidns != tg.pidns {
author	Andrei Vagin <avagin@google.com>	2021-06-24 15:33:26 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-06-24 15:36:01 -0700
commit	2e6195ffe0ad452b2137c32d635d890c9d872e8d (patch)
tree	878d54842323fcec80f7bca269ac728a4c113e1f
parent	fdf7c49030c11fae17c6f7bf99344c43654dd258 (diff)