From owner-freebsd-arch Wed Apr 4 10:55:40 2001 Delivered-To: freebsd-arch@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 0AA1C37B71E; Wed, 4 Apr 2001 10:55:37 -0700 (PDT) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f34HtVK89343; Wed, 4 Apr 2001 10:55:31 -0700 (PDT) (envelope-from dillon) Date: Wed, 4 Apr 2001 10:55:31 -0700 (PDT) From: Matt Dillon Message-Id: <200104041755.f34HtVK89343@earth.backplane.com> To: Robert Watson Cc: Alfred Perlstein , Brian Somers , freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? References: Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :It's fine for now pre-KSE. In some threaded operating systems, the way :they handle this is to do a crcopy() of the credential when making :potentially long (vis blocking) calls, freezing the credential at the time :the call is instantiated. I believe Solaris does this, but haven't :checked in a while. So when you make a VFSOP, you crcopy and pass the :reference to the copy in so that you can release the locking on the ucred :pointer rather than holding the mutex and potentially sleep. This has :nicer security properties too--you don't want credentials being :inconsistent during a call, our you can introduce nasty races. What this :does mean is we probably need an explicit credential passed into the VFS :operations, as I suggested as another possible solution to the current :crget() problem. However, we can always wait on that until KSE actually :starts happening (i.e., solve credential/proc locking problem first, then :go apply solution). : :Robert N M Watson FreeBSD Core Team, TrustedBSD Project :robert@fledge.watson.org NAI Labs, Safeport Network Services I think we could do it while avoiding the crcopy. How about this: * Any system call that uses p->p_ucred gets a reference to it via crhold(). Simple and inexpensive. We could also adjust crhold() to be an inline instead of a #define and have it return it's argument to make the code using it cleaner. fubarsyscall() { struct ucred *ucred = crhold(p->p_ucred); ... crfree(ucred); } * Any system call that modifies p->p_ucred actually detaches the existing p->p_ucred from the process structure, allocates a completely new one, and assigns the new one to the process structure. Hey, guess what! This is what we do already! Take a look at change_euid() in kern_prot.c! It's even optimized for the ref-count == 1 case. I think what this means is that we simply cleanup and use crhold() and crfree() more diligently everywhere we currently use p->p_ucred, and we're done. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message