Re: audit and quota don't get along

Tue, 14 Nov 2006 09:45:14 -0800 

On Tue, Nov 14, 2006 at 12:02:43PM -0500, Steve Wills wrote:
> On Nov 14, 2006, at 4:31 AM, Robert Watson wrote:
> 
> >
> >A backtrace would be helpful.
> >
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x0
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc06a1728
> stack pointer           = 0x28:0xcdb68c34
> frame pointer           = 0x28:0xcdb68c3c
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 568 (auditd)
> [thread pid 568 tid 100047 ]
> Stopped at      0xc06a1728 = turnstile_broadcast+0x30:  cmpl    $0,0(% 
> esi)
> db> bt
> Tracing pid 568 tid 100047 td 0xc247bc00
> turnstile_broadcast(0,c247bc00,0,cdb68cdc,c07c1e1b,...) at 0xc06a1728  
> = turnstile_broadcast+0x30
> _mtx_unlock_sleep(c09f7780,0,0,0) at 0xc06776a7 = _mtx_unlock_sleep+0x3f
> auditctl(c247bc00,cdb68d04) at 0xc07c1e1b = auditctl+0x14f
> syscall(3b,3b,3b,8054200,7,...) at 0xc08a154b = syscall+0x2cf
> Xint0x80_syscall() at 0xc088e94f = Xint0x80_syscall+0x1f
> --- syscall (453, FreeBSD ELF32, auditctl), eip = 0x280cbcb7, esp =  
> 0xbfbfec1c, ebp = 0xbfbfec88 ---
> db>
> 
> >Are you using quotas on the file system targeted by the audit  
> >trail, or just on the system in general?
> 
> Just on the system, but I'd like to have them together.
> 
> >Is compiling quotas in sufficient to reproduce the problem, or must  
> >quotas be enabled on at least one file system?
> 
> Compiling quotas in is sufficient.
> 
I'm wondering how many people are tripped over this feature of vn_open.

Please, try the patch:

Index: sys/security/audit/audit_syscalls.c
===================================================================
RCS file: /usr/local/arch/ncvs/src/sys/security/audit/audit_syscalls.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 audit_syscalls.c
--- sys/security/audit/audit_syscalls.c 16 Oct 2006 15:03:48 -0000      1.1.2.4
+++ sys/security/audit/audit_syscalls.c 14 Nov 2006 17:40:01 -0000
@@ -580,9 +580,9 @@
        error = vn_open(&nd, &flags, 0, -1);
        if (error)
                return (error);
-       vfslocked = NDHASGIANT(&nd);
-       VOP_UNLOCK(nd.ni_vp, 0, td);
        vp = nd.ni_vp;
+       vfslocked = VFS_LOCK_GIANT(vp->v_mount);
+       VOP_UNLOCK(nd.ni_vp, 0, td);
        if (vp->v_type != VREG) {
                vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
                VFS_UNLOCK_GIANT(vfslocked);

Attachment: pgpgQhMX38hIK.pgp
Description: PGP signature

Reply via email to