svn commit: r331227 - head/sys/kern
Conrad Meyer
cem at freebsd.org
Mon Mar 19 23:53:07 UTC 2018
On Mon, Mar 19, 2018 at 3:43 PM, Matt Joras <mjoras at freebsd.org> wrote:
> Author: mjoras
> Date: Mon Mar 19 22:43:27 2018
> New Revision: 331227
> URL: https://svnweb.freebsd.org/changeset/base/331227
>
> Log:
> Fix initialization of eventhandler mutex.
>
> mtx_init does not do a copy of the name string it is passed. The
> eventhandler code incorrectly passed the parameter string directly to
> mtx_init instead of using the copy it makes. This was an existing
> problem with the code that I dutifully copied over in my changes in r325621.
For those without context: The problem here is that the name string
comes from rodata of whatever module *registers* an eventhandler
listener, but isn't tied to the lifetime of that module. So for
example, filemon.ko or hwpmc.ko. If those modules are subsequently
unloaded, the kernel eventhandler lock lo_names continue to point to
the (now stale) module memory, resulting in kernel page fault crashes
if/when those names are eventually dereferenced (we hit it with
"sysctl kern.proc.all" after one of those modules was unloaded).
Best,
Conrad
More information about the svn-src-all
mailing list