Date: Tue, 14 Nov 2006 19:41:00 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Steve Wills <steve@stevenwills.com> Cc: freebsd-stable@freebsd.org, Robert Watson <rwatson@freebsd.org> Subject: Re: audit and quota don't get along Message-ID: <20061114174059.GB29623@deviant.kiev.zoral.com.ua> In-Reply-To: <FB65FCDB-8815-48FB-AF7D-41DF705DF23B@stevenwills.com> References: <9ABCABF7-2D44-496D-84A2-4C3CA4527355@stevenwills.com> <20061114092953.R50450@fledge.watson.org> <FB65FCDB-8815-48FB-AF7D-41DF705DF23B@stevenwills.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--1LKvkjL3sHcu1TtY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 14, 2006 at 12:02:43PM -0500, Steve Wills wrote:
> On Nov 14, 2006, at 4:31 AM, Robert Watson wrote:
>=20
> >
> >A backtrace would be helpful.
> >
>=20
> Fatal trap 12: page fault while in kernel mode
> fault virtual address =3D 0x0
> fault code =3D supervisor read, page not present
> instruction pointer =3D 0x20:0xc06a1728
> stack pointer =3D 0x28:0xcdb68c34
> frame pointer =3D 0x28:0xcdb68c3c
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D resume, IOPL =3D 0
> current process =3D 568 (auditd)
> [thread pid 568 tid 100047 ]
> Stopped at 0xc06a1728 =3D turnstile_broadcast+0x30: cmpl $0,0(%=
=20
> esi)
> db> bt
> Tracing pid 568 tid 100047 td 0xc247bc00
> turnstile_broadcast(0,c247bc00,0,cdb68cdc,c07c1e1b,...) at 0xc06a1728 =20
> =3D turnstile_broadcast+0x30
> _mtx_unlock_sleep(c09f7780,0,0,0) at 0xc06776a7 =3D _mtx_unlock_sleep+0x3f
> auditctl(c247bc00,cdb68d04) at 0xc07c1e1b =3D auditctl+0x14f
> syscall(3b,3b,3b,8054200,7,...) at 0xc08a154b =3D syscall+0x2cf
> Xint0x80_syscall() at 0xc088e94f =3D Xint0x80_syscall+0x1f
> --- syscall (453, FreeBSD ELF32, auditctl), eip =3D 0x280cbcb7, esp =3D =
=20
> 0xbfbfec1c, ebp =3D 0xbfbfec88 ---
> db>
>=20
> >Are you using quotas on the file system targeted by the audit =20
> >trail, or just on the system in general?
>=20
> Just on the system, but I'd like to have them together.
>=20
> >Is compiling quotas in sufficient to reproduce the problem, or must =20
> >quotas be enabled on at least one file system?
>=20
> Compiling quotas in is sufficient.
>=20
I'm wondering how many people are tripped over this feature of vn_open.
Please, try the patch:
Index: sys/security/audit/audit_syscalls.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/local/arch/ncvs/src/sys/security/audit/audit_syscalls.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 audit_syscalls.c
--- sys/security/audit/audit_syscalls.c 16 Oct 2006 15:03:48 -0000 1.1.2.4
+++ sys/security/audit/audit_syscalls.c 14 Nov 2006 17:40:01 -0000
@@ -580,9 +580,9 @@
error =3D vn_open(&nd, &flags, 0, -1);
if (error)
return (error);
- vfslocked =3D NDHASGIANT(&nd);
- VOP_UNLOCK(nd.ni_vp, 0, td);
vp =3D nd.ni_vp;
+ vfslocked =3D VFS_LOCK_GIANT(vp->v_mount);
+ VOP_UNLOCK(nd.ni_vp, 0, td);
if (vp->v_type !=3D VREG) {
vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
VFS_UNLOCK_GIANT(vfslocked);
--1LKvkjL3sHcu1TtY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFFWf+rC3+MBN1Mb4gRAnVjAJoDb0iLRH+NW155Vas7Rh8eISkfwQCdH2QE
cToknSjg8/RvV6sAI+dCflQ=
=jLn/
-----END PGP SIGNATURE-----
--1LKvkjL3sHcu1TtY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061114174059.GB29623>