From bb4bee83b7bb19f5a20f9541ae0dcf4135ec1323 Mon Sep 17 00:00:00 2001
From: Luke Street <luke@street.dev>
Date: Thu, 9 Oct 2025 16:52:12 -0600
Subject: [PATCH] Fix pidfd reuse race condition

---
 src/processes.cpp | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/src/processes.cpp b/src/processes.cpp
index 632c4b7..b574c00 100644
--- a/src/processes.cpp
+++ b/src/processes.cpp
@@ -106,9 +106,11 @@ bool ProcessManager::addProcess(Pin<ProcessObject> po) {
 	if (!po) {
 		return false;
 	}
+	pid_t pid;
 	int pidfd;
 	{
 		std::lock_guard lk(po->m);
+		pid = po->pid;
 		pidfd = po->pidfd;
 		if (pidfd < 0) {
 			return false;
@@ -128,7 +130,7 @@ bool ProcessManager::addProcess(Pin<ProcessObject> po) {
 		std::lock_guard lk(m);
 		mReg.emplace(pidfd, std::move(po));
 	}
-	DEBUG_LOG("ProcessManager: tracking pidfd %d\n", pidfd);
+	DEBUG_LOG("ProcessManager: registered pid %d with pidfd %d\n", pid, pidfd);
 	wake();
 	return true;
 }
@@ -181,7 +183,6 @@ void ProcessManager::checkPidfd(int pidfd) {
 			return;
 		}
 		epoll_ctl(mEpollFd, EPOLL_CTL_DEL, pidfd, nullptr);
-		close(pidfd);
 	}
 
 	DEBUG_LOG("ProcessManager: pidfd %d exited: code=%d status=%d\n", pidfd, si.si_code, si.si_status);
@@ -190,10 +191,14 @@ void ProcessManager::checkPidfd(int pidfd) {
 	{
 		std::shared_lock lk(m);
 		auto it = mReg.find(pidfd);
-		if (it == mReg.end()) {
-			return;
+		if (it != mReg.end()) {
+			po = std::move(it->second);
+			mReg.erase(it);
 		}
-		po = it->second.clone();
+	}
+	close(pidfd);
+	if (!po) {
+		return;
 	}
 	{
 		std::lock_guard lk(po->m);
@@ -205,14 +210,6 @@ void ProcessManager::checkPidfd(int pidfd) {
 	}
 	po->cv.notify_all();
 	po->notifyWaiters(false);
-
-	{
-		std::lock_guard lk(m);
-		auto it = mReg.find(pidfd);
-		if (it != mReg.end()) {
-			mReg.erase(it);
-		}
-	}
 }
 
 ProcessManager &processes() {