From owner-freebsd-arch  Fri Mar 29 20:16:31 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1D89037B41B; Fri, 29 Mar 2002 20:16:28 -0800 (PST)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.6) with SMTP id g2U4GOw74352;
	Fri, 29 Mar 2002 23:16:24 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 29 Mar 2002 23:16:24 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: John Baldwin <jhb@FreeBSD.org>
Cc: arch@FreeBSD.org
Subject: Re: curthread vs. passing thread pointers around
In-Reply-To: <Pine.NEB.3.96L.1020329230554.73912G-100000@fledge.watson.org>
Message-ID: <Pine.NEB.3.96L.1020329231358.73912H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG


On Fri, 29 Mar 2002, Robert Watson wrote:

> For VFS, which is a special case, I'd actually like to see both
> credentials passed down the stack explicitly, meaning that worker
> threads and processes in kernel don't have to tweak their active
> credential in order to make a request on behalf of another thread or
> process (think async io, async nfs rpc activities, etc).  This actually
> suggests a model something like... 

BTW, this would also address races and problems associated with files kept
open by the kernel for kernel-sponsored activies.  Right now, when the
kernel "saves" a credential for use with a saved vnode, it can't guarantee
that all access control uses the saved credential.  Some may use the
active thread credential from curthread.  For example, UFS will frequently
use curthread->td_ucred for authorization when writing out account or
quota data, which is arguably wrong.  The quota and accounting code should
cache two credentials for different parts of the access control decision,
and both of those should be explicitly different from curthread's.  This
would also fix MAC and these functions, FYI :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message