diff options
author | Alan Somers <asomers@FreeBSD.org> | 2018-07-11 19:38:42 +0000 |
---|---|---|
committer | Alan Somers <asomers@FreeBSD.org> | 2018-07-11 19:38:42 +0000 |
commit | 8a894c1aa1713909d4a34682af83183f6500510b (patch) | |
tree | 2831e69b43e6e12da90cce0d7a5ed963e1751ca4 /sys/kern/kern_thr.c | |
parent | 780fb4a2fa9a9aee5ac48a60b790f567c0dc13e9 (diff) | |
download | src-8a894c1aa1713909d4a34682af83183f6500510b.tar.gz src-8a894c1aa1713909d4a34682af83183f6500510b.zip |
Don't acquire evclass_lock with a spinlock held
When the "pc" audit class is enabled and auditd is running, witness will
panic during thread exit because au_event_class tries to lock an rwlock
while holding a spinlock acquired upstack by thread_exit.
To fix this, move AUDIT_SYSCALL_EXIT futher upstack, before the spinlock is
acquired. Of thread_exit's 16 callers, it's only necessary to call
AUDIT_SYSCALL_EXIT from two, exit1 (for exiting processes) and kern_thr_exit
(for exiting threads). The other callers are all kernel threads, which
needen't call AUDIT_SYSCALL_EXIT because since they can't make syscalls
there will be nothing to audit. And exit1 already does call
AUDIT_SYSCALL_EXIT, making the second call in thread_exit redundant for that
case.
PR: 228444
Reported by: aniketp
Reviewed by: aniketp, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16210
Notes
Notes:
svn path=/head/; revision=336205
Diffstat (limited to 'sys/kern/kern_thr.c')
-rw-r--r-- | sys/kern/kern_thr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c index 915b552706a3..dd8e2c8d90af 100644 --- a/sys/kern/kern_thr.c +++ b/sys/kern/kern_thr.c @@ -374,6 +374,11 @@ kern_thr_exit(struct thread *td) KASSERT(p->p_numthreads > 1, ("too few threads")); racct_sub(p, RACCT_NTHR, 1); tdsigcleanup(td); + +#ifdef AUDIT + AUDIT_SYSCALL_EXIT(0, td); +#endif + PROC_SLOCK(p); thread_stopped(p); thread_exit(); |