- Cache a reference to the credential of the thread that starts a ktrace in

  struct proc as p_tracecred alongside the current cache of the vnode in
  p_tracep.  This credential is then used for all later ktrace operations on
  this file rather than using the credential of the current thread at the
  time of each ktrace event.
- Now that we have multiple ktrace-related items in struct proc that are
  pointers, rename p_tracep to p_tracevp to make it less ambiguous.

Requested by:	rwatson (1)

1 files changed, 8 insertions, 3 deletions

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 2c5df1c..a359b75 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -178,6 +178,7 @@ kern_execve(td, fname, argv, envv, mac_p)
 	struct procsig *oldprocsig, *newprocsig;
 #ifdef KTRACE
 	struct vnode *tracevp = NULL;
+	struct ucred *tracecred = NULL;
 #endif
 	struct vnode *textvp = NULL;
 	int credential_changing;
@@ -489,11 +490,13 @@ interpret:
 		 */
 		setsugid(p);
 #ifdef KTRACE
-		if (p->p_tracep && suser_cred(oldcred, PRISON_ROOT)) {
+		if (p->p_tracevp != NULL && suser_cred(oldcred, PRISON_ROOT)) {
 			mtx_lock(&ktrace_mtx);
 			p->p_traceflag = 0;
-			tracevp = p->p_tracep;
-			p->p_tracep = NULL;
+			tracevp = p->p_tracevp;
+			p->p_tracevp = NULL;
+			tracecred = p->p_tracecred;
+			p->p_tracecred = NULL;
 			mtx_unlock(&ktrace_mtx);
 		}
 #endif
@@ -626,6 +629,8 @@ done1:
 #ifdef KTRACE
 	if (tracevp != NULL)
 		vrele(tracevp);
+	if (tracecred != NULL)
+		crfree(tracecred);
 #endif
 	if (oldargs != NULL)
 		pargs_drop(oldargs);