From owner-dev-commits-src-all@freebsd.org  Sun Jun 13 01:45:11 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 690806540EF;
 Sun, 13 Jun 2021 01:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4G2cpZ4xS3z4jvC;
 Sun, 13 Jun 2021 01:45:10 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 89C7918ACE;
 Sun, 13 Jun 2021 01:45:10 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 15D1jA8T052033;
 Sun, 13 Jun 2021 01:45:10 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 15D1jAvT052032;
 Sun, 13 Jun 2021 01:45:10 GMT (envelope-from git)
Date: Sun, 13 Jun 2021 01:45:10 GMT
Message-Id: <202106130145.15D1jAvT052032@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: cad10e50dce3 - stable/13 - ktrace: fix a race between writes and
 close
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: cad10e50dce3732f4d664f8edf0c1d6818373239
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2021 01:45:11 -0000

The branch stable/13 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=cad10e50dce3732f4d664f8edf0c1d6818373239

commit cad10e50dce3732f4d664f8edf0c1d6818373239
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-05-22 12:40:00 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-06-13 01:22:34 +0000

    ktrace: fix a race between writes and close
    
    (cherry picked from commit fc369a353b5b5e0f8046687fcbd78a7cd9ad1810)
---
 sys/kern/kern_ktrace.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 9568a752d820..f8b2cf83e005 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -1262,7 +1262,7 @@ ktrsetchildren(struct thread *td, struct proc *top, int ops, int facs,
 static void
 ktr_writerequest(struct thread *td, struct ktr_request *req)
 {
-	struct ktr_io_params *kiop;
+	struct ktr_io_params *kiop, *kiop1;
 	struct ktr_header *kth;
 	struct vnode *vp;
 	struct proc *p;
@@ -1277,14 +1277,10 @@ ktr_writerequest(struct thread *td, struct ktr_request *req)
 	p = td->td_proc;
 
 	/*
-	 * We hold the vnode and credential for use in I/O in case ktrace is
+	 * We reference the kiop for use in I/O in case ktrace is
 	 * disabled on the process as we write out the request.
-	 *
-	 * XXXRW: This is not ideal: we could end up performing a write after
-	 * the vnode has been closed.
 	 */
 	mtx_lock(&ktrace_mtx);
-
 	kiop = p->p_ktrioparms;
 
 	/*
@@ -1296,13 +1292,12 @@ ktr_writerequest(struct thread *td, struct ktr_request *req)
 		return;
 	}
 
+	ktr_io_params_ref(kiop);
 	vp = kiop->vp;
 	cred = kiop->cr;
 	lim = kiop->lim;
 
-	vrefact(vp);
 	KASSERT(cred != NULL, ("ktr_writerequest: cred == NULL"));
-	crhold(cred);
 	mtx_unlock(&ktrace_mtx);
 
 	kth = &req->ktr_header;
@@ -1344,9 +1339,11 @@ ktr_writerequest(struct thread *td, struct ktr_request *req)
 		error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
 	VOP_UNLOCK(vp);
 	vn_finished_write(mp);
-	crfree(cred);
 	if (error == 0) {
-		vrele(vp);
+		mtx_lock(&ktrace_mtx);
+		kiop = ktr_io_params_rele(kiop);
+		mtx_unlock(&ktrace_mtx);
+		ktr_io_params_free(kiop);
 		return;
 	}
 
@@ -1359,12 +1356,15 @@ ktr_writerequest(struct thread *td, struct ktr_request *req)
 	    "ktrace write failed, errno %d, tracing stopped for pid %d\n",
 	    error, p->p_pid);
 
+	kiop1 = NULL;
 	PROC_LOCK(p);
 	mtx_lock(&ktrace_mtx);
 	if (p->p_ktrioparms != NULL && p->p_ktrioparms->vp == vp)
-		kiop = ktr_freeproc(p);
+		kiop1 = ktr_freeproc(p);
+	kiop = ktr_io_params_rele(kiop);
 	mtx_unlock(&ktrace_mtx);
 	PROC_UNLOCK(p);
+	ktr_io_params_free(kiop1);
 	ktr_io_params_free(kiop);
 	vrele(vp);
 }