From owner-freebsd-arch@FreeBSD.ORG  Sat Jul 13 17:58:40 2013
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 8199CF6D;
 Sat, 13 Jul 2013 17:58:40 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 by mx1.freebsd.org (Postfix) with ESMTP id 23EE71AF9;
 Sat, 13 Jul 2013 17:58:39 +0000 (UTC)
Received: from tom.home (kostik@localhost [127.0.0.1])
 by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id r6DHwZOS024608;
 Sat, 13 Jul 2013 20:58:35 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua r6DHwZOS024608
Received: (from kostik@localhost)
 by tom.home (8.14.7/8.14.7/Submit) id r6DHwZJA024606;
 Sat, 13 Jul 2013 20:58:35 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Sat, 13 Jul 2013 20:58:35 +0300
From: Konstantin Belousov <kostikbel@gmail.com>
To: John Baldwin <jhb@freebsd.org>
Subject: Re: Extending MADV_PROTECT
Message-ID: <20130713175835.GN91021@kib.kiev.ua>
References: <201305071433.27993.jhb@freebsd.org>
 <20130522084145.GJ3047@kib.kiev.ua>
 <201306281446.01797.jhb@freebsd.org>
 <201307121748.57778.jhb@freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="JTLHU1qSfROtVZpA"
Content-Disposition: inline
In-Reply-To: <201307121748.57778.jhb@freebsd.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home
Cc: arch@freebsd.org, "Robert N. M. Watson" <rwatson@freebsd.org>,
 Jilles Tjoelker <jilles@stack.nl>, freebsd-arch@freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jul 2013 17:58:40 -0000


--JTLHU1qSfROtVZpA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 12, 2013 at 05:48:57PM -0400, John Baldwin wrote:
> On Friday, June 28, 2013 2:46:01 pm John Baldwin wrote:
> > Ok, there isn't really a clear consensus here, but I need a system call=
 to let
> > me toggle this flag on existing processes.
> >=20
> > One reason I don't like the procctl() approach is I am uneasy about for=
cing
> > a certain behavior for how commands treat pgid (first-fail vs best-effo=
rt).
> > I guess it can always change in the future so that isn't completely uns=
olvable.
> >=20
> > I guess I am fine just making it use hardcoded sizes instead of full-bl=
own
> > ioctl encoding.
>=20
> Ok, I have updated patches for this for HEAD.  I have not yet implemented=
 the
> inheritance bits because I'm loathe to add the first bit to a p_flag2. :-P
> However, if that's the best course of action I suppose we can do that.
>=20
> The kernel patch is at www.freebsd.org/~jhb/patches/procctl.patch
>=20
> The patch for the protect binary is at www.freebsd.org/~jhb/patches/prote=
ct.patch
>=20

It seems that p_cansee() is called twice, once in kern_procctl(), and
then in protect_setchild().

Is AUE_WAIT6 the correct audit event id for procctl ?

I thought proposing to use pget() for P_PID case in kern_procctl(), but
indeed open coding of the process lookup is easier, since otherwise
you would need to move proctree_lock acquisition to P_PGID.

Why do you need PPROT_CLEAR ?  If you do need the flag, would it be better
to assign a non-zero value to it ?

--JTLHU1qSfROtVZpA
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)

iQIcBAEBAgAGBQJR4ZVKAAoJEJDCuSvBvK1B4y0QAJAbUl/UV7iJUjU7tAjWc3Cv
WZDN0273hxxMmTay18YyDDAVSTN9LJUm4lzh6MCYrrtjgb7gO8/kFmZ6f2VBc8i8
oXHcQRxBd7s+foXjCj8Jzf04yU9VY79+fhb3qC9Zku4yfRQkcrhTvZorqJrrd89j
It+WMQpibhZQD5MP0GRc+YmARNb2MUXcZemO9axT4QV2xv1l3C+Zq98fU+mWIG4q
4pTmi+3J4hCjT+oVzS+dczixeTk/3zQeYoaaz2PeOBRaXAlXAX6yet3N+qbVlASz
zL2lgDFRiTZqMnHaej4Scv5ncPnugVRS6i//hVtgdNoQX9U5EslEp9aZQtR3bVpr
ntjTjLB7Rz/1aU2LqJqtw7arBFtHAEsxvnzp+r7jMGsaVJHjY/grBqOX3nC+OtWg
dEcGMnhM7+nMJY9VDolq48S5bdPzo/DsF5RBWG7p8+wMJd20eVTDm3zsS1n+FhBP
pCfNOqlDfBOotq2JOK3q4eg9RIoHUF9N7FmBtzWxz/aJLKcCRHbW7iTU710A3rup
YVDNFDFY85yKt5mt5ES/gMdLFMDxZlW502wNz8zzvSkZ4Iz0rdni6W2rUBShRco+
kLBEtzbkE4V3Y7+Pb07NjFR3MuE5DpVw1NdUOaLnZi2fd7s/uej4i8/AY1J/dV12
YVfCqPWItmJgWL3l8WNQ
=sLAy
-----END PGP SIGNATURE-----

--JTLHU1qSfROtVZpA--