Distinguish between whether ktraceing was enabled before an IO

operation or after it.  If the ktrace operation was enabled while the
process was blocked doing IO, the race would allow it to pass down
invalid (uninitialized) data and panic later down the call stack.

1 files changed, 6 insertions, 2 deletions

diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 8e1c4dc..b6ef0a1 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -155,6 +155,7 @@ dofileread(p, fp, fd, buf, nbyte, offset, flags)
 #ifdef KTRACE
 	struct iovec ktriov;
 	struct uio ktruio;
+	int didktr = 0;
 #endif
 
 	aiov.iov_base = (caddr_t)buf;
@@ -175,6 +176,7 @@ dofileread(p, fp, fd, buf, nbyte, offset, flags)
 	if (KTRPOINT(p, KTR_GENIO)) {
 		ktriov = aiov;
 		ktruio = auio;
+		didktr = 1;
 	}
 #endif
 	cnt = nbyte;
@@ -184,7 +186,7 @@ dofileread(p, fp, fd, buf, nbyte, offset, flags)
 			error = 0;
 	cnt -= auio.uio_resid;
 #ifdef KTRACE
-	if (KTRPOINT(p, KTR_GENIO) && error == 0) {
+	if (didktr && error == 0) {
 		ktruio.uio_iov = &ktriov;
 		ktruio.uio_resid = cnt;
 		ktrgenio(p->p_tracep, fd, UIO_READ, &ktruio, error);
@@ -350,6 +352,7 @@ dofilewrite(p, fp, fd, buf, nbyte, offset, flags)
 #ifdef KTRACE
 	struct iovec ktriov;
 	struct uio ktruio;
+	int didktr = 0;
 #endif
 
 	aiov.iov_base = (void *)buf;
@@ -370,6 +373,7 @@ dofilewrite(p, fp, fd, buf, nbyte, offset, flags)
 	if (KTRPOINT(p, KTR_GENIO)) {
 		ktriov = aiov;
 		ktruio = auio;
+		didktr = 1;
 	}
 #endif
 	cnt = nbyte;
@@ -382,7 +386,7 @@ dofilewrite(p, fp, fd, buf, nbyte, offset, flags)
 	}
 	cnt -= auio.uio_resid;
 #ifdef KTRACE
-	if (KTRPOINT(p, KTR_GENIO) && error == 0) {
+	if (didktr && error == 0) {
 		ktruio.uio_iov = &ktriov;
 		ktruio.uio_resid = cnt;
 		ktrgenio(p->p_tracep, fd, UIO_WRITE, &ktruio, error);