Date: Thu, 30 Nov 2000 06:28:12 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: bright@wintelcom.net (Alfred Perlstein) Cc: arch@FreeBSD.ORG Subject: Re: HEADSUP user struct ucred -> xucred (Was: Re: serious problem with mutexs and userland visibility?) Message-ID: <200011300628.XAA06955@usr08.primenet.com> In-Reply-To: <20001129174905.S8051@fw.wintelcom.net> from "Alfred Perlstein" at Nov 29, 2000 05:49:05 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > I recently locked down struct ucred, not a big deal, basically just
> > a mutex in each struct to protect the refcount.
> >
> > Unfortunetly struct ucred is used by some userland utils and
> > sys/ucred is included in sys/mount.h as well as sys/user.h, this
> > creates somewhat of a problem, forcing all users of sys/ucred.h to
> > include sys/mutex.g.
> >
> > I have a patch here that sort of takes care of this problem, the
> > problem is that I had to add sys/mutex.h includes to both sys/mount.h
> > and sys/user.h, this doesn't make me very happy.
>
> After a short discussion it has been determined that there will be
> a xucred exported to userland following the concention of xsocket
> and the various other xfoo structs exported to the kernel.
>
> Struct ucred will no longer be visible outside the kernel.
>
> Any userland things using struct ucred will need to use xucred.
>
> This will be the convention used to resolve mutex (or other MD
> fields) in kernel exported structures in the future.
This is a really gross way to handle this. The ucred structure
is used by a lot of user space programs.
You should do what several UNIX vendors have already done, and
implement a MUTEX() declaration macro that differes in user and
kernel space, and forces an alignment; then when you copy out,
copy out everything _BUT_ the mutex portion to the user space,
and no user space source or object code will need to change.
So:
#ifdef _KERNEL
#define MUTEX(x) mutex_t x;
#define UREF(x,y) (void *)&((x)->y)
#else
#define MUTEX(x) /* user space = no mutex*/
#define UREF(x,y) (void *)(x)
#endif
struct foo {
MUTEX(save_foo_from_bad_programmers)
int normal_foo_item_1;
char normal_foo_item_2;
...
};
...
struct foo *foop;
...
copyout( UREF(foop, normal_foo_item_1), user_space_foo);
It is much better to not impact user space code at all.
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011300628.XAA06955>