From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 06:32:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6462D16A4CE; Thu, 25 Mar 2004 06:32:58 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F04643D2D; Thu, 25 Mar 2004 06:32:57 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 5A3E8AC976; Thu, 25 Mar 2004 15:32:56 +0100 (CET) Date: Thu, 25 Mar 2004 15:32:56 +0100 From: Pawel Jakub Dawidek To: Robert Watson Message-ID: <20040325143256.GA8930@darkness.comp.waw.pl> References: <20040325111235.GY8930@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E9b8Qrao4pLwl/2H" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 14:32:58 -0000 --E9b8Qrao4pLwl/2H Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 25, 2004 at 08:33:41AM -0500, Robert Watson wrote: +> > if (td !=3D curthread) +> > printf("td !=3D curthread in %s\n", __func__); +> >=20 +> > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I +> > think using td->td_ucred in this function isn't safe...=20 +>=20 +> Yeah, that sounds fairly dubious. One of the things we've been thinking +> about for a while on the TrustedBSD Project is adding support for +> polyinstantiation, which for those who've not bumped into it before, mea= ns +> a virtualization of a service based on security properties. In the case +> of TCP/IP and UDP/IP, it would mean adding additional matching parameters +> to the PCB matching process, which currently is based on the address/port +> pair for the packet and PCB. In particular, adding the label of the +> packet and label of the PCB. It would also require some changes to the +> binding mechanism which would require explicit passing of the credential +> authorizing the bind. So my current leaning is that instead of passing = in +> a thread, we should be passing in a credential reference -- especially as +> 'td' is only used to reach the credential in the PCB binding routines, n= ot +> for anything else. Then it becomes the callers responsibility to make +> sure the reference remains valid and is safe from a locking perspective, +> which should be a lot easier to do than with a thread reference. +>=20 +> How does this sound? It would completely eliminate the issue of "er, +> which thread is that", which is really an unnecessary issue given that a= ll +> we're interested in is the credential. Sounds good. I can prepare patch with this in p4, but it isn't to heavy change from network locking branches point of view? --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --E9b8Qrao4pLwl/2H Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYu2YForvXbEpPzQRAghOAKC3mEJnltms/iIvlFNJF4UKiCWAQACcDVB4 XbxCaXMs1XdIRCtWHF312dA= =b8GN -----END PGP SIGNATURE----- --E9b8Qrao4pLwl/2H--