From owner-svn-src-head@FreeBSD.ORG Tue Jul 1 14:07:29 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE5F025C; Tue, 1 Jul 2014 14:07:29 +0000 (UTC) Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D75024C7; Tue, 1 Jul 2014 14:07:29 +0000 (UTC) Received: by mail-qa0-f50.google.com with SMTP id m5so7594881qaj.37 for ; Tue, 01 Jul 2014 07:07:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=LfodGPLjIITZ9KOlvgrNbkD63oqS4gYgvdvAgkHinMg=; b=mDnP+2dqwhdcqoNOkcSOk5pdOTAQAQZEGMXWE/h6ixbR4EXEVNKGw5kkxerXAhkBkM CKS7fMESv8pgVAhc9qxeaal8jFVnC0tGEk4Oe5q6sAzAmj/u4M09yFan8jx6N9y/CRSy b2/E6UnKky7jah0aPA3JQxWoLt6Rd5Xca5pOJ0sSvlcMhPsHLgkwjMwSMwBXF3i0FrtW znLhF5oSddAGM5Mm3Twe+ABzl9++lTkK8Lb1OqFDAV9kKgZ2rCxc+GAh9A/Q8Dawm8Oh /IaLd7PB2NofPT8QONNhL1D8xGIi0+ku/lD2HhID4su7olAH8CMZrWsxBC06ZR0Ff+iL uBDw== MIME-Version: 1.0 X-Received: by 10.224.167.70 with SMTP id p6mr62166557qay.48.1404223648510; Tue, 01 Jul 2014 07:07:28 -0700 (PDT) Sender: mdf356@gmail.com Received: by 10.229.245.5 with HTTP; Tue, 1 Jul 2014 07:07:28 -0700 (PDT) In-Reply-To: <201407010921.s619LXHL063077@svn.freebsd.org> References: <201407010921.s619LXHL063077@svn.freebsd.org> Date: Tue, 1 Jul 2014 07:07:28 -0700 X-Google-Sender-Auth: oZ_Jbdvt3CPnkuG0Lz6GMLe2TeU Message-ID: Subject: Re: svn commit: r268087 - head/sys/kern From: Matthew Fleming To: Mateusz Guzik Content-Type: text/plain; charset=UTF-8 Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 14:07:29 -0000 On Tue, Jul 1, 2014 at 2:21 AM, Mateusz Guzik wrote: > Author: mjg > Date: Tue Jul 1 09:21:32 2014 > New Revision: 268087 > URL: http://svnweb.freebsd.org/changeset/base/268087 > > Log: > Don't call crcopysafe or uifind unnecessarily in execve. I'm not sure the code works. It gets a copy of the pointer p_ucred under the PROC_LOCK. The PROC_LOCK is released before newcred = crdup(oldcred) is called. Thus you may be copying an old version of the credentials if any of the other functions that modify them run in the meantime. Maybe this can't happen because the process is single-threaded at the time and all the other sets of p_ucred come via a syscall. I didn't look at all the functions in the kernel which set p_ucred. But only in the case that none of them can run during do_execve this code would be safe. In which case it at least deserves a comment indicating the code is violating the normal locking and safety on p_ucred. There's no assert in the do_execve() code, but kern_execve() will force single-threaded before calling do_execve(). Also, what is the motivation to avoid the crcopy? Is there a measurable performance impact? Thanks, matthew