Date: Mon, 24 Mar 2003 22:13:35 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/posix4 p1003_1b.c Message-ID: <200303250613.h2P6DZDB011306@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2003/03/24 22:13:35 PST
FreeBSD src repository
Modified files: (Branch: RELENG_4)
sys/posix4 p1003_1b.c
Log:
When the p1003_1b support for monitoring with and interfering with
the system scheduler was committed, access to these facilities was
limited to the root user (for unclear reasons, perhaps lack of
understanding about the potential impact of the interfacs on
system operation, or due to bugs). However, the JDK requires the
ability to monitor scheduler parameters and selection for
linux-threaded processes; a return of EPERM causes some applications
to fail as a result (in particular, the JDK). In 5.x-CURRENT,
we've replaced the access control with centralized access control
primitives, giving these interfaces controls similar to those
applied for rtprio(), setpriority(), etc, resulting in uniform
enforcement.
In order to enable proper JDK operation for 4.8-RELEASE, work around
the lack of proper access control by permitting the use of two
system calls: sched_getparam() and sched_getscheduler(), for non-root
processes when the call is made on the current process (either using
a 0 pid argument, or curproc->p_pid). While we're here, fix a
bug that caused the result of the call to be returned in the
target process, not in the subject process (ouch!), but that
previously only affected root-owned processes. These fixes are
deemed to be the lowest impact approachin the release; a backport
of the 5.x-CURRENT access control primitives might also be appropriate
in a non-release scenario. This fix doesn't permit the calls to
succeed on other linuxthreads in the same linuxthread process, but
despite those failures the JDK appears to operate properly, so
we've opted not to broaden the scope to permit the p->p_leader ==
targetp->p_leader case at this point.
The "wrong process" return value may apply to other system calls
due to overloading of the subject process pointer with the target
process, but doesn't currently affect non-root processes (and is
fairly uncommon as usually processes are interested in frobbing their
own scheduler details, not other processes, hence it not really
showing up before). This should be fixed in the post 4.8-RELEASE
time frame. These bugs should not be present in 5.x due to
process-locking and security-related changes made in that branch
well prior to 5.0-RELEASE.
Submitted by: mbr (collaborative)
Approved by: re (murray)
Revision Changes Path
1.5.2.2 +21 -10 src/sys/posix4/p1003_1b.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303250613.h2P6DZDB011306>