From owner-freebsd-arch  Tue Oct  9 12:11:49 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2637E37B401; Tue,  9 Oct 2001 12:11:45 -0700 (PDT)
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA27750;
	Tue, 9 Oct 2001 13:05:13 -0700 (PDT)
Date: Tue, 9 Oct 2001 13:05:11 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: John Baldwin <jhb@FreeBSD.org>
Cc: arch@FreeBSD.org
Subject: Re: ucred API
In-Reply-To: <XFMail.011009112923.jhb@FreeBSD.org>
Message-ID: <Pine.BSF.4.21.0110091301321.27416-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG



On Tue, 9 Oct 2001, John Baldwin wrote:

> 
>         newcred = crget();
>         PROC_LOCK(p);
>         oldcred = p->p_ucred;
>         error = suser(oldcred);

is suser being changed to take a cred?

>         if (error == 0) {
>                 crcopy(newcred, oldcred);
> 
> Stage 2:
>     - Add a per-thread reference to the ucred that is created on syscall
>       entry and released on syscall exit.  It is also created and released
>       if needed on trap enter/exit.  It is _not_ created for interrupts since
>       interrupts should not care about the ucred of their borrowed context.
>       The per-thread ucred reference will then point to a ucred that won't
>       ever change (setuid, etc. update the per-process ucred) and thus won't
>       need any locking.  Almost all references to ucreds for suser(), VOP's
>       etc. will use the thread reference.  This will ensure that a thread's
>       ucred will be the same for an entire syscall which will close many
>       races involving multithreaded programs and ucreds.  The only place where
>       the per-process ucred will be used for access checks is places that
>       modify the ucred as we want to ensure there is no race of one thread
>       making a credential change it isn't qualified to make due to it performing
>       its access checks on a stale ucred before updating the master ucred.

I assume that you say "It won't change" because if the process's cred
is changed, it gets a new one and the thread's pointer
still points to the old one? (ref counted)


> 
> I've talked with Robert Watson about these already and they sound good to him. 
> Any objections?
> 

no, sounds fine!

> -- 
> 
> John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
> PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
> "Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message