From owner-svn-src-head@FreeBSD.ORG Sat Mar 29 03:25:20 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 36229FEC; Sat, 29 Mar 2014 03:25:20 +0000 (UTC) Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0947EBE9; Sat, 29 Mar 2014 03:25:18 +0000 (UTC) Received: by mail-we0-f174.google.com with SMTP id t60so3100350wes.33 for ; Fri, 28 Mar 2014 20:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=4FrWv6y0nMs3ySwD9AlF93ezbZ3V1PEGrEpCJPIA5Rk=; b=cZ3/iAsObMMWA01z2Jj9GtXhGuI35jLMVSK3N2T0w5pR0HmMpNJjncdz4k8tMYtIsw zbsqVaHcPlSpv5x+8l/suRMrxXA+UkAitoXC9Wd4x4d0lv4Lmf75Tneix8RKDMkrqmCf rhe39EgrFHwspMwfJpDiXHhNRiXLfB91PIK4ok2APn7nU5355Ug3ET4KilR+jBW1eLfL yrsNkQfH9icM7FMI0O/VEj1RIm8lAISwTzDMHDaSAltJ8y0amhsBDLmtmd1ly31ofrey h5Qb4Ymc5kjq0WyWOmCvJysgkrB/a3zPmIlMmIjwtUTKdmz139v0EcXb0/MoR1R9IREo VDJg== X-Received: by 10.194.6.106 with SMTP id z10mr1657036wjz.1.1396063517347; Fri, 28 Mar 2014 20:25:17 -0700 (PDT) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPSA id bm8sm2074519wjc.12.2014.03.28.20.25.15 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 28 Mar 2014 20:25:16 -0700 (PDT) Date: Sat, 29 Mar 2014 04:25:13 +0100 From: Mateusz Guzik To: David Xu Subject: Re: svn commit: r263755 - head/sys/kern Message-ID: <20140329032513.GC29296@dft-labs.eu> References: <53351627.9000703@freebsd.org> <201403281613.s2SGDKpk010871@gw.catspoiler.org> <20140329025602.GB29296@dft-labs.eu> <5336396E.7000801@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <5336396E.7000801@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: src-committers@FreeBSD.org, mjg@FreeBSD.org, Don Lewis , svn-src-head@FreeBSD.org, kostikbel@gmail.com, svn-src-all@FreeBSD.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2014 03:25:20 -0000 On Sat, Mar 29, 2014 at 11:09:34AM +0800, David Xu wrote: > On 2014/03/29 10:56, Mateusz Guzik wrote: > >But this patch would mean that current consumers (if any) would break - > >just calling FIOASYNC would not result in receiving SIGIO. > The old behavior is inconsistent with other piece of code in the kernel and > may be incompatible with POSIX. > Oh, I didn't know that. Unsure what to do in this case. > >Original patch by Don seems to work fine though, but I'm unsure about > >one thing (present in this patch as well): > > > >There is one devsoftc.sigio instance and one can get multiple processes > >with devctl fd. Is it safe from kernel perspective to have multiple > >processes call fsetown(*(int *)data, &devsoftc.sigio)? > > > > There is an inuse variable guarding this problem, you can not open it > multiple times, you can only do it in the forked process which inherited > the fd. if you don't trust the child process, you can close it before > executing real code in the child process. > This does not answer my question. I can easily imagine devctl extended in the future so that there are per-jail instances (could be handy to monitor e.g. vnet related events like link changes). If fsetown handling like this is insecure this would bite us in that scenario (and few others). In short, if we can avoid giving another way to corrupt stuff in the kernel to userspace, we should. -- Mateusz Guzik