From d4477f3360186217ed26e775b88af1f3a2047cf5 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Sun, 16 Jul 2023 22:14:02 +0000
Subject: [PATCH] kthread(9): Fix nested kthread_join.

No reason for one kthread_join to interfere with another, or to cause
non-cyclic dependencies to get stuck.

Currently uses struct lwp::l_private for this purpose.  I don't think
anything in kthread(9) uses l_private, but maybe this should use a
new member instead, or create a union member with an existing pointer
for the purpose.
---
 sys/kern/kern_kthread.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/sys/kern/kern_kthread.c b/sys/kern/kern_kthread.c
index eddfc7185cf9..e0d01c843cd1 100644
--- a/sys/kern/kern_kthread.c
+++ b/sys/kern/kern_kthread.c
@@ -45,7 +45,6 @@ __KERNEL_RCSID(0, "$NetBSD: kern_kthread.c,v 1.47 2022/09/13 09:37:49 riastradh
 
 #include <uvm/uvm_extern.h>
 
-static lwp_t *		kthread_jtarget;
 static kmutex_t		kthread_lock;
 static kcondvar_t	kthread_cv;
 
@@ -55,7 +54,6 @@ kthread_sysinit(void)
 
 	mutex_init(&kthread_lock, MUTEX_DEFAULT, IPL_NONE);
 	cv_init(&kthread_cv, "kthrwait");
-	kthread_jtarget = NULL;
 }
 
 /*
@@ -172,11 +170,14 @@ kthread_exit(int ecode)
 
 	/* Barrier for joining. */
 	if (l->l_pflag & LP_MUSTJOIN) {
+		bool *exitedp;
+
 		mutex_enter(&kthread_lock);
-		while (kthread_jtarget != l) {
+		while ((exitedp = l->l_private) == NULL) {
 			cv_wait(&kthread_cv, &kthread_lock);
 		}
-		kthread_jtarget = NULL;
+		KASSERT(!*exitedp);
+		*exitedp = true;
 		cv_broadcast(&kthread_cv);
 		mutex_exit(&kthread_lock);
 	}
@@ -197,22 +198,21 @@ kthread_exit(int ecode)
 int
 kthread_join(lwp_t *l)
 {
+	bool exited = false;
 
 	KASSERT((l->l_flag & LW_SYSTEM) != 0);
 	KASSERT((l->l_pflag & LP_MUSTJOIN) != 0);
 
 	/*
-	 * - Wait if some other thread has occupied the target.
-	 * - Specify our kthread as a target and notify it.
-	 * - Wait for the target kthread to notify us.
+	 * - Ask the kthread to write to `exited'.
+	 * - After this, touching l is forbidden -- it may be freed.
+	 * - Wait until the kthread has written to `exited'.
 	 */
 	mutex_enter(&kthread_lock);
-	while (kthread_jtarget) {
-		cv_wait(&kthread_cv, &kthread_lock);
-	}
-	kthread_jtarget = l;
+	KASSERT(l->l_private == NULL);
+	l->l_private = &exited;
 	cv_broadcast(&kthread_cv);
-	while (kthread_jtarget == l) {
+	while (!exited) {
 		cv_wait(&kthread_cv, &kthread_lock);
 	}
 	mutex_exit(&kthread_lock);