Date: Thu, 25 Mar 2004 15:32:56 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. Message-ID: <20040325143256.GA8930@darkness.comp.waw.pl> In-Reply-To: <Pine.NEB.3.96L.1040325082908.52837A-100000@fledge.watson.org> References: <20040325111235.GY8930@darkness.comp.waw.pl> <Pine.NEB.3.96L.1040325082908.52837A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Thu, Mar 25, 2004 at 08:33:41AM -0500, Robert Watson wrote:
+> > if (td != curthread)
+> > printf("td != curthread in %s\n", __func__);
+> >
+> > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I
+> > think using td->td_ucred in this function isn't safe...
+>
+> Yeah, that sounds fairly dubious. One of the things we've been thinking
+> about for a while on the TrustedBSD Project is adding support for
+> polyinstantiation, which for those who've not bumped into it before, means
+> a virtualization of a service based on security properties. In the case
+> of TCP/IP and UDP/IP, it would mean adding additional matching parameters
+> to the PCB matching process, which currently is based on the address/port
+> pair for the packet and PCB. In particular, adding the label of the
+> packet and label of the PCB. It would also require some changes to the
+> binding mechanism which would require explicit passing of the credential
+> authorizing the bind. So my current leaning is that instead of passing in
+> a thread, we should be passing in a credential reference -- especially as
+> 'td' is only used to reach the credential in the PCB binding routines, not
+> for anything else. Then it becomes the callers responsibility to make
+> sure the reference remains valid and is safe from a locking perspective,
+> which should be a lot easier to do than with a thread reference.
+>
+> How does this sound? It would completely eliminate the issue of "er,
+> which thread is that", which is really an unnecessary issue given that all
+> we're interested in is the credential.
Sounds good. I can prepare patch with this in p4, but it isn't to heavy
change from network locking branches point of view?
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd@FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAYu2YForvXbEpPzQRAghOAKC3mEJnltms/iIvlFNJF4UKiCWAQACcDVB4
XbxCaXMs1XdIRCtWHF312dA=
=b8GN
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040325143256.GA8930>