Date: Tue, 12 Dec 2000 16:57:07 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: John Baldwin <jhb@FreeBSD.org> Cc: arch@FreeBSD.org Subject: Re: Can !curproc touch Message-ID: <Pine.NEB.3.96L.1001212165140.62929F-100000@fledge.watson.org> In-Reply-To: <XFMail.001211135320.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
My understanding is that a number of systems perform a crcopy() while holding the struct proc mutex, and get an additional ucred reference which is then passed down the VFS stack, guarantying that the credentials are used consistently. This addresses a number of problems, including the multi-threaded case where you want a system call to be processed entirely under one set of credentials, serializing requests from the perspective of the credential. The general rule for reference counts should be that the holder of the reference count is responsible for protecting it: if the owner of the reference is struct proc, then the user of that reference must protect struct proc while using the reference. If the use of the reference is relatively long-term, then an additional reference should be created and used instead (i.e., crref()), allowing the user to release the protection (mutex, lock, invariants, whatever) on the struct proc. This was the type of reference count race condition I was discussing, btw, at BSDCon while we were futzing around at the whiteboard discussing drivers and related stuff. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001212165140.62929F-100000>