Author: asomers
Date: Wed Jul 11 19:38:42 2018
New Revision: 336205

  Don't acquire evclass_lock with a spinlock held
  When the "pc" audit class is enabled and auditd is running, witness will
  panic during thread exit because au_event_class tries to lock an rwlock
  while holding a spinlock acquired upstack by thread_exit.
  To fix this, move AUDIT_SYSCALL_EXIT futher upstack, before the spinlock is
  acquired. Of thread_exit's 16 callers, it's only necessary to call
  AUDIT_SYSCALL_EXIT from two, exit1 (for exiting processes) and kern_thr_exit
  (for exiting threads). The other callers are all kernel threads, which
  needen't call AUDIT_SYSCALL_EXIT because since they can't make syscalls
  there will be nothing to audit.  And exit1 already does call
  AUDIT_SYSCALL_EXIT, making the second call in thread_exit redundant for that
  PR:           228444
  Reported by:  aniketp
  Reviewed by:  aniketp, kib
  MFC after:    2 weeks
  Differential Revision:


Modified: head/sys/kern/kern_thr.c
--- head/sys/kern/kern_thr.c    Wed Jul 11 19:23:11 2018        (r336204)
+++ head/sys/kern/kern_thr.c    Wed Jul 11 19:38:42 2018        (r336205)
@@ -374,6 +374,11 @@ kern_thr_exit(struct thread *td)
        KASSERT(p->p_numthreads > 1, ("too few threads"));
        racct_sub(p, RACCT_NTHR, 1);
+#ifdef AUDIT
+       AUDIT_SYSCALL_EXIT(0, td);

Modified: head/sys/kern/kern_thread.c
--- head/sys/kern/kern_thread.c Wed Jul 11 19:23:11 2018        (r336204)
+++ head/sys/kern/kern_thread.c Wed Jul 11 19:38:42 2018        (r336205)
@@ -532,9 +532,6 @@ thread_exit(void)
        SDT_PROBE0(proc, , , lwp__exit);
        KASSERT(TAILQ_EMPTY(&td->td_sigqueue.sq_list), ("signal pending"));
-#ifdef AUDIT
-       AUDIT_SYSCALL_EXIT(0, td);
         * drop FPU & debug register state storage, or any other
         * architecture specific resources that
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to