On Tue, Mar 17, 2020 at 5:18 AM Martin Pieuchot <m...@openbsd.org> wrote:
> On 17/03/20(Tue) 04:02, Philip Guenther wrote: > > On Tue, Mar 17, 2020 at 1:07 AM Martin Pieuchot <m...@openbsd.org> wrote: > > [...] > > > @@ -663,8 +668,6 @@ ktrwriteraw(struct proc *curp, struct vn > > > LIST_FOREACH(pr, &allprocess, ps_list) > > > if (pr->ps_tracevp == vp && pr->ps_tracecred == cred) > > > ktrcleartrace(pr); > > > - > > > - vput(vp); > > > return (error); > > > } > > > > > > > This looks unsafe to me: isn't ktrcleartrace() only safe if the caller > > holds a reference to the vnode? Once ktrcleartrace() clears the > reference > > from the current thread's process and it goes on the freelist, can't the > > vnode vp points to be invalidated and reused? > > As long as a process holds a reference to the vnode, via `ps_tracevp', > it wont be recycle. Only the last call of ktrcleartrace() will release > the vnode via vrele(9). > ...and after that last reference is released this code will continue to walk the allprocess list, comparing a possibly-recycled pointer to ps_tracevp pointers in the remaining processes. Good thing that vrele(9) is guaranteed to never sleep and thereby let another process start ktracing, reusing that vnode.....??
