From owner-freebsd-arch Sun Feb 4 16:14:31 2001 Delivered-To: freebsd-arch@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id F101537B401 for ; Sun, 4 Feb 2001 16:14:14 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f150EEh75545 for ; Sun, 4 Feb 2001 19:14:14 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 4 Feb 2001 19:14:14 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-arch@FreeBSD.org Subject: Tests for NULL p_ucred under p_cred -- are they needed? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've noticed that at various points in the kernel code, there are tests to check that the ucred structure in a proc is non-NULL before using it. Under what circumstances do we believe it is possible for the ucred pointer to be non-NULL? It seems that, in normal usage, it should always be defined--the only points where it might be NULL would be during process creation and process exit. Are these windows long enough for it to be a concern? Are appropriate process locks held, under SMPng, such that it's never possible to grab a ucred structure for a process while it is NULL? It seems that there are other components of the code that assume that if (p) is non-NULL, then a ucred must be defined for the process, which seems like a consistent assumption assuming appropriate protections are in place. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message