From owner-cvs-src@FreeBSD.ORG Fri Jan 11 16:55:09 2008 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4BC416A46D; Fri, 11 Jan 2008 16:55:09 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 858D513C4CC; Fri, 11 Jan 2008 16:55:09 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from zion.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by elvis.mu.org (Postfix) with ESMTP id A49BC1A4D7E; Fri, 11 Jan 2008 08:52:09 -0800 (PST) From: John Baldwin To: Alfred Perlstein Date: Fri, 11 Jan 2008 11:54:44 -0500 User-Agent: KMail/1.9.7 References: <200801102336.m0ANa0mP035046@repoman.freebsd.org> <20080111023628.GB99258@elvis.mu.org> In-Reply-To: <20080111023628.GB99258@elvis.mu.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801111154.45554.jhb@freebsd.org> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org, Peter Wemm Subject: Re: cvs commit: src/sys/nfsclient nfs_socket.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2008 16:55:09 -0000 On Thursday 10 January 2008 09:36:28 pm Alfred Perlstein wrote: > * Peter Wemm [080110 17:39] wrote: > > On Jan 10, 2008 5:00 PM, Alfred Perlstein wrote: > > > > > > * John Baldwin [080110 15:33] wrote: > > > > jhb 2008-01-10 23:36:00 UTC > > > > > > > > FreeBSD src repository > > > > > > > > Modified files: > > > > sys/nfsclient nfs_socket.c > > > > Log: > > > > Pass curthread to various socket routines (socreate(), sobind(), and > > > > soconnect()) instead of &thread0 when establishing a connection to the NFS > > > > server. Otherwise inconsistent credentials may be used when setting up > > > > the NFS socket. > > > > > > I'm not sure, but I think this may be a regression, I seem to recall > > > that a long time ago it was switched to &thread0 because otherwise > > > certain operations can fail due to curthread not running as root. > > > > That's my recollection too. For example, when nfs is configured to > > bind to a priviliged local port for making queries or connections, it > > had to be done as root. With tcp mounts, the connection can be > > dropped and a reconnect required at any time. > > This could be implemented by a handoff to a thread that does the > appropriate setuid call beforehand, or perhaps the credential > inconsistencies can be further expained or fixed. The problem case I have is doing a mount inside of a jail. The socket's credential is jailed but thread0's credential is not, and you end up with odd behavior where sobind() treats the socket as non-jailed (and thus only binds the local port and not the local IP address) but soconnect() treats the socket as jailed and fails with EINVAL when it sees a partially bound socket. (sobind() of a jailed socket sets both the port and IP.) What I can do as a workaround is to change curthread's ucred to be the NFS mount's credential during nfs_connect() by fiddling with td_ucred. It would be safe as it wouldn't affect other threads even in the same process and the current thread isn't going to be doing anything else until the function returns with the restored credentials, just hackish. -- John Baldwin