From 68c61f15e3cdba48de5588a9e8fee3b6f2e6585c Mon Sep 17 00:00:00 2001
From: Bhavik Sachdev <b.sachdev1904@gmail.com>
Date: Wed, 9 Oct 2024 09:50:28 +0100
Subject: [PATCH] pidfd: block SIGCHLD during tmp process creation

This patch blocks SIGCHLD during temporary process creation to prevent a
race condition between kill() and waitpid() where sigchld_handler()
causes `criu restore` to fail with an error.

Fixes: #2490

Signed-off-by: Bhavik Sachdev <b.sachdev1904@gmail.com>
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
---
 criu/pidfd.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/criu/pidfd.c b/criu/pidfd.c
index fdf5dec60e..3ea3c93094 100644
--- a/criu/pidfd.c
+++ b/criu/pidfd.c
@@ -145,6 +145,20 @@ static int create_tmp_process(void)
 static int free_dead_pidfd(struct dead_pidfd *dead)
 {
 	int status;
+	sigset_t blockmask, oldmask;
+
+	/*
+	 * Block SIGCHLD to prevent interfering from sigchld_handler()
+	 * and to properly handle the tmp process termination without
+	 * a race condition. A similar approach is used in cr_system().
+	 */
+	sigemptyset(&oldmask);
+	sigemptyset(&blockmask);
+	sigaddset(&blockmask, SIGCHLD);
+	if (sigprocmask(SIG_BLOCK, &blockmask, &oldmask) == -1) {
+		pr_perror("Cannot set mask of blocked signals");
+		goto err;
+	}
 
 	if (kill(dead->pid, SIGKILL) < 0) {
 		pr_perror("Could not kill temporary process with pid: %d",
@@ -158,6 +172,12 @@ static int free_dead_pidfd(struct dead_pidfd *dead)
 		goto err;
 	}
 
+	/* Restore the original signal mask after tmp process has terminated */
+	if (sigprocmask(SIG_SETMASK, &oldmask, NULL) == -1) {
+		pr_perror("Cannot clear blocked signals");
+		goto err;
+	}
+
 	if (!WIFSIGNALED(status)) {
 		pr_err("Expected temporary process to be terminated by a signal\n");
 		goto err;