Skip to content

Guard against invalid PIDs in process operations#4401

Merged
amirejaz merged 1 commit intostacklok:mainfrom
gkatz2:fix/guard-pid-zero-4400
Mar 27, 2026
Merged

Guard against invalid PIDs in process operations#4401
amirejaz merged 1 commit intostacklok:mainfrom
gkatz2:fix/guard-pid-zero-4400

Conversation

@gkatz2
Copy link
Copy Markdown
Contributor

@gkatz2 gkatz2 commented Mar 27, 2026

Summary

  • PID 0 or negative PIDs in status files can reach KillProcess, FindProcess, and WaitForExit, causing process group signals or false-positive liveness checks. See Guard against PID 0 in KillProcess and FindProcess #4400 for root cause details.
  • Add pid <= 0 guards that return a clear error. All existing callers already handle errors gracefully, so no caller changes are needed.

Fixes #4400

Type of change

  • Bug fix

Test plan

  • Unit tests (task test)
  • Linting (task lint-fix)
  • Manual testing: built test binary, verified thv run + thv rm work normally with the guards in place

Changes

File Change
pkg/process/kill_unix.go pid <= 0 early return
pkg/process/kill_windows.go Same guard
pkg/process/find_unix.go pid <= 0 early return
pkg/process/find_windows.go Same guard
pkg/process/wait.go pid <= 0 early return
pkg/process/pid_validation_test.go New: tests for PIDs 0, -1, -100

Does this introduce a user-facing change?

No.

Generated with Claude Code

@gkatz2 @claude
Guard against invalid PIDs in process ops
6e844a7 
On Unix, kill(0, sig) sends the signal to every process in the
calling process's group. KillProcess(0) would SIGTERM thv itself
and any child processes sharing its group. FindProcess(0) falsely
reports "alive" via kill(0, 0). Both can be reached when a status
file contains PID 0 due to crashes or races during proxy startup.

Fixes stacklok#4400

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Greg Katz <gkatz@indeed.com>
@github-actions github-actions bot added the size/XS Extra small PR: < 100 lines changed label Mar 27, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.51%. Comparing base (9ee7873) to head (6e844a7).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4401      +/-   ##
==========================================
- Coverage   69.51%   69.51%   -0.01%     
==========================================
  Files         485      485              
  Lines       49805    49811       +6     
==========================================
+ Hits        34623    34627       +4     
- Misses      12503    12512       +9     
+ Partials     2679     2672       -7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@amirejaz amirejaz merged commit 3f776f0 into stacklok:main Mar 27, 2026
37 checks passed
This was referenced Mar 30, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amirejaz amirejaz amirejaz approved these changes

@JAORMX JAORMX Awaiting requested review from JAORMX JAORMX is a code owner

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

@blkt blkt Awaiting requested review from blkt blkt is a code owner

@ChrisJBurns ChrisJBurns Awaiting requested review from ChrisJBurns ChrisJBurns is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

Assignees

No one assigned

Labels

size/XS Extra small PR: < 100 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Guard against PID 0 in KillProcess and FindProcess

2 participants

@gkatz2 @amirejaz