Date: Thu, 14 Aug 2008 20:16:38 -0400 From: alexus <alexus@gmail.com> To: "Mateusz Guzik" <mjguzik@gmail.com> Cc: freebsd-jail@freebsd.org, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: kern/126368: Running ktrace/kdump in jail leads to stale jails Message-ID: <6ae50c2d0808141716g5c213fe9ha688c7b544a0fb35@mail.gmail.com> In-Reply-To: <20080809234717.GC13799@skucha.home.aster.pl> References: <200808081740.m78He4bc084276@freefall.freebsd.org> <20080808184224.H88849@maildrop.int.zabbadoz.net> <20080809234717.GC13799@skucha.home.aster.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
where can I get latest patch? that I can apply to 7.0-RELEASE-p3 ?
2008/8/9 Mateusz Guzik <mjguzik@gmail.com>:
> On Fri, Aug 08, 2008 at 06:43:38PM +0000, Bjoern A. Zeeb wrote:
>> >The following reply was made to PR kern/126368; it has been noted by GNATS.
>> >
>> >From: "Mateusz Guzik" <mjguzik@gmail.com>
>> >To: bug-followup@freebsd.org
>> >Cc:
>> >Subject: Re: kern/126368: Running ktrace/kdump in jail leads to stale jails
>> >Date: Fri, 8 Aug 2008 19:30:22 +0200
>> >
>> >Err, I made a mistake. crfree() will be called in case of failure
>> >(loop starting at line 959), so the following patch should be ok:
>> >
>> >--- sys/kern/kern_ktrace.c.orig 2008-08-08 16:37:45.000000000 +0200
>> >+++ sys/kern/kern_ktrace.c 2008-08-08 19:25:16.000000000 +0200
>> >@@ -933,12 +933,14 @@
>> > error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
>> > VOP_UNLOCK(vp, 0, td);
>> > vn_finished_write(mp);
>> > vrele(vp);
>> > VFS_UNLOCK_GIANT(vfslocked);
>> >- if (!error)
>> >+ if (!error) {
>> >+ crfree(cred);
>> > return;
>> >+ }
>>
>> that sounds more plausible w/o seeing the surrounding code. I had
>> wondered already earlier today when I was pointed at.
>>
>> I'll look into this.
>>
>
> Sorry for the noise -- the first patch was right. ;)
>
> ktr_writerequest() is called multiple times and it _always_ calls
> crhold(), so crfree() must be called before it returns (even in case of
> failure).
>
> Also, in this function one can find:
>
> [..]
> crhold(cred)
> [..]
> if (vp == NULL) {
> KASSERT(cred == NULL, ("ktr_writerequest: cred != NULL"));
> return;
> }
>
> `Normal' kernel might leak credentials in this case, so I believe crfree() should be added there too.
>
> Thanks, and again, sorry for the noise.
> --
> Mateusz Guzik
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>
>
--
http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ae50c2d0808141716g5c213fe9ha688c7b544a0fb35>