From owner-svn-src-head@freebsd.org Sun Aug 2 00:11:57 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D04C9B198E; Sun, 2 Aug 2015 00:11:57 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 737BF1E2D; Sun, 2 Aug 2015 00:11:57 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t720BvlN018595; Sun, 2 Aug 2015 00:11:57 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t720Bvei018594; Sun, 2 Aug 2015 00:11:57 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201508020011.t720Bvei018594@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Sun, 2 Aug 2015 00:11:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r286167 - head/sys/cddl/contrib/opensolaris/uts/common/dtrace X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Aug 2015 00:11:57 -0000 Author: markj Date: Sun Aug 2 00:11:56 2015 New Revision: 286167 URL: https://svnweb.freebsd.org/changeset/base/286167 Log: Avoid dereferencing curthread->td_proc->p_cred in DTrace probe context. When a process is exiting, there is a narrow window where p_cred may be NULL while its threads are still executing. Specifically, the last thread to exit a process sets the process state to PRS_ZOMBIE with the proc spinlock held and then calls thread_exit(). thread_exit() drops the spin lock, permitting the process to be reaped and thus causing its cred struct to be released. However, the exiting thread may still cause DTrace probes to fire by calling sched_throw(), resulting in a double fault if such a probe enabling attempts to access the GID or UID DIF variables. The thread's cred reference is not susceptible to this race since it is not released until after the thread has exited. MFC after: 1 week Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Sun Aug 2 00:03:08 2015 (r286166) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Sun Aug 2 00:11:56 2015 (r286167) @@ -3510,7 +3510,6 @@ dtrace_dif_variable(dtrace_mstate_t *mst */ if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) return ((uint64_t)p0.p_cred->cr_uid); -#endif /* * It is always safe to dereference one's own t_procp pointer: @@ -3522,6 +3521,9 @@ dtrace_dif_variable(dtrace_mstate_t *mst * credential, since this is never NULL after process birth. */ return ((uint64_t)curthread->t_procp->p_cred->cr_uid); +#else + return ((uint64_t)curthread->td_ucred->cr_uid); +#endif case DIF_VAR_GID: if (!dtrace_priv_proc(state)) @@ -3533,7 +3535,6 @@ dtrace_dif_variable(dtrace_mstate_t *mst */ if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) return ((uint64_t)p0.p_cred->cr_gid); -#endif /* * It is always safe to dereference one's own t_procp pointer: @@ -3545,6 +3546,9 @@ dtrace_dif_variable(dtrace_mstate_t *mst * credential, since this is never NULL after process birth. */ return ((uint64_t)curthread->t_procp->p_cred->cr_gid); +#else + return ((uint64_t)curthread->td_ucred->cr_gid); +#endif case DIF_VAR_ERRNO: { #ifdef illumos