Date: Tue, 9 Aug 2016 11:29:56 -0700 From: Mark Johnston <markj@freebsd.org> To: Oliver Pinter <oliver.pinter@hardenedbsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, Bryan Drewery <bdrewery@freebsd.org> Subject: Re: svn commit: r303855 - in head/sys: kern sys Message-ID: <20160809182956.GA91785@wkstn-mjohnston.west.isilon.com> In-Reply-To: <CAPQ4ffsm6NBC%2BOT0pU21hTvZgQ9eD9KqQiA4hhDHP1oG=8c8yQ@mail.gmail.com> References: <201608082025.u78KP4aE048791@repo.freebsd.org> <CAPQ4ffsmwTAL%2Bv9RgY8e_%2Bn5CZKKL9ejNntuSNM71MQma5_o2w@mail.gmail.com> <20160808234332.GA22449@wkstn-mjohnston.west.isilon.com> <CAPQ4ffsm6NBC%2BOT0pU21hTvZgQ9eD9KqQiA4hhDHP1oG=8c8yQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 09, 2016 at 01:51:35AM +0200, Oliver Pinter wrote: > (Added bdrewery to CC, since I'm talking with him on IRC.) > > On Tue, Aug 9, 2016 at 1:43 AM, Mark Johnston <markj@freebsd.org> wrote: > > On Tue, Aug 09, 2016 at 12:53:47AM +0200, Oliver Pinter wrote: > >> Hi! > >> > >> Can you please MFC back this change 10-STABLE together with the > >> following: https://github.com/HardenedBSD/hardenedBSD/commit/576619e564618bca3675db57580d8e1f76bd2ac7 > >> > >> This issue is still exists on 10-STABLE, as you can test with the > >> linked program from phabricator: > >> https://people.freebsd.org/~mjg/reproducers/unp-gc-panic.c > > > > Hm, I don't think this could be MFCed directly. It changes the kernel > > ABI by modifying the argument of dom_dispose(). This could be fixed in > > stable/10 with a hack to call the unix domain socket code directly when > > appropriate, which I think is preferable to the current state of things. > > I'll look into it further. > > The question is how much external / out of tree components would use > this ABI or how acceptable to break this ABI. > I just grepped through the src tree for internal uses, and I found only these: I don't think it's acceptable. This could be side-stepped with a hack: if (pr->pr_domain->dom_family == AF_LOCAL) unp_dispose_wrapper(so); else if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL) (*pr->pr_domain->dom_dispose)(so->so_rcv.sb_mb); ... So I'm inclined to just do that and avoid the issue. > > op@opn hardenedBSD.git> git grep dom_dispose > share/doc/smm/18.net/6.t: int (*dom_dispose)(); /* > dispose of internalized rights */ > share/man/man9/domain.9: void (*dom_dispose) /* > dispose of internalized rights */ > sys/kern/uipc_debug.c: db_printf("dom_dispose: %p\n", d->dom_dispose); > sys/kern/uipc_socket.c: if (pr->pr_flags & PR_RIGHTS && > pr->pr_domain->dom_dispose != NULL) > sys/kern/uipc_socket.c: (*pr->pr_domain->dom_dispose)(so); > sys/kern/uipc_socket.c: * dom_dispose() and sbrelease_internal() are > an inlining of what was > sys/kern/uipc_socket.c: * In order to avoid calling dom_dispose with > the socket buffer mutex > sys/kern/uipc_socket.c: if (pr->pr_flags & PR_RIGHTS && > pr->pr_domain->dom_dispose != NULL) > sys/kern/uipc_socket.c: (*pr->pr_domain->dom_dispose)(&aso); > sys/kern/uipc_usrreq.c: .dom_dispose = unp_dispose_so, > sys/sys/domain.h: void (*dom_dispose) /* dispose of > internalized rights */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160809182956.GA91785>