Date: Mon, 19 Mar 2018 16:47:15 -0700 From: Conrad Meyer <cem@freebsd.org> To: Matt Joras <mjoras@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r331227 - head/sys/kern Message-ID: <CAG6CVpXd6KGF3dZnQu_%2BmGYQCA=9TAq7wnWj4ixx7PC5cxvHKQ@mail.gmail.com> In-Reply-To: <201803192243.w2JMhS6N079312@repo.freebsd.org> References: <201803192243.w2JMhS6N079312@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 19, 2018 at 3:43 PM, Matt Joras <mjoras@freebsd.org> wrote: > Author: mjoras > Date: Mon Mar 19 22:43:27 2018 > New Revision: 331227 > URL: https://svnweb.freebsd.org/changeset/base/331227 > > Log: > Fix initialization of eventhandler mutex. > > mtx_init does not do a copy of the name string it is passed. The > eventhandler code incorrectly passed the parameter string directly to > mtx_init instead of using the copy it makes. This was an existing > problem with the code that I dutifully copied over in my changes in r325621. For those without context: The problem here is that the name string comes from rodata of whatever module *registers* an eventhandler listener, but isn't tied to the lifetime of that module. So for example, filemon.ko or hwpmc.ko. If those modules are subsequently unloaded, the kernel eventhandler lock lo_names continue to point to the (now stale) module memory, resulting in kernel page fault crashes if/when those names are eventually dereferenced (we hit it with "sysctl kern.proc.all" after one of those modules was unloaded). Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpXd6KGF3dZnQu_%2BmGYQCA=9TAq7wnWj4ixx7PC5cxvHKQ>