Date: Wed, 6 May 2009 22:49:03 GMT From: Marko Zec <zec@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 161688 for review Message-ID: <200905062249.n46Mn3DW055238@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=161688 Change 161688 by zec@zec_tpx32 on 2009/05/06 22:48:25 Merge proc and ucred to vimage refcounting infrastructure from vimage branch. Enforce separation between processes running in different vimages / vprocgs by extending prison_check(). Prevent non-default vimages from executing kldload / kldunload system calls. Prune unused VPROC_ITERLOOP_* macros from vimage.h Affected files ... .. //depot/projects/vimage-commit/src/sys/kern/init_main.c#10 edit .. //depot/projects/vimage-commit/src/sys/kern/kern_exit.c#9 edit .. //depot/projects/vimage-commit/src/sys/kern/kern_fork.c#10 edit .. //depot/projects/vimage-commit/src/sys/kern/kern_jail.c#13 edit .. //depot/projects/vimage-commit/src/sys/kern/kern_linker.c#9 edit .. //depot/projects/vimage-commit/src/sys/kern/kern_prot.c#7 edit .. //depot/projects/vimage-commit/src/sys/sys/sysctl.h#11 edit .. //depot/projects/vimage-commit/src/sys/sys/vimage.h#21 edit Differences ... ==== //depot/projects/vimage-commit/src/sys/kern/init_main.c#10 (text+ko) ==== @@ -454,7 +454,9 @@ p->p_ucred->cr_ruidinfo = uifind(0); p->p_ucred->cr_prison = NULL; /* Don't jail it. */ #ifdef VIMAGE - p->p_ucred->cr_vimage = LIST_FIRST(&vimage_head); + P_TO_VIMAGE(p) = LIST_FIRST(&vimage_head); + refcount_acquire(&P_TO_VIMAGE(p)->vi_ucredrefc); + LIST_FIRST(&vprocg_head)->nprocs++; #endif #ifdef AUDIT audit_cred_kproc0(p->p_ucred); ==== //depot/projects/vimage-commit/src/sys/kern/kern_exit.c#9 (text+ko) ==== @@ -70,6 +70,7 @@ #include <sys/sdt.h> #include <sys/shm.h> #include <sys/sem.h> +#include <sys/vimage.h> #ifdef KTRACE #include <sys/ktrace.h> #endif @@ -737,6 +738,7 @@ nfound++; PROC_SLOCK(p); if (p->p_state == PRS_ZOMBIE) { + INIT_VPROCG(P_TO_VPROCG(p)); if (rusage) { *rusage = p->p_ru; calcru(p, &rusage->ru_utime, &rusage->ru_stime); @@ -837,6 +839,9 @@ uma_zfree(proc_zone, p); sx_xlock(&allproc_lock); nprocs--; +#ifdef VIMAGE + vprocg->nprocs--; +#endif sx_xunlock(&allproc_lock); return (0); } ==== //depot/projects/vimage-commit/src/sys/kern/kern_fork.c#10 (text+ko) ==== @@ -350,6 +350,9 @@ * are hard-limits as to the number of processes that can run. */ nprocs++; +#ifdef VIMAGE + P_TO_VPROCG(p1)->nprocs++; +#endif /* * Find an unused process ID. We remember a range of unused IDs ==== //depot/projects/vimage-commit/src/sys/kern/kern_jail.c#13 (text+ko) ==== @@ -2219,6 +2219,10 @@ if (cred2->cr_prison != cred1->cr_prison) return (ESRCH); } +#ifdef VIMAGE + if (cred2->cr_vimage->v_procg != cred1->cr_vimage->v_procg) + return (ESRCH); +#endif return (0); } ==== //depot/projects/vimage-commit/src/sys/kern/kern_linker.c#9 (text+ko) ==== @@ -992,6 +992,12 @@ if ((error = priv_check(td, PRIV_KLD_LOAD)) != 0) return (error); +#ifdef VIMAGE + /* Only the default vimage is permitted to kldload modules. */ + if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td))) + return (EPERM); +#endif + /* * It's possible that kldloaded module will attach a new ifnet, * so vnet context must be set when this ocurs. @@ -1063,6 +1069,12 @@ if ((error = priv_check(td, PRIV_KLD_UNLOAD)) != 0) return (error); +#ifdef VIMAGE + /* Only the default vimage is permitted to kldunload modules. */ + if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td))) + return (EPERM); +#endif + CURVNET_SET(TD_TO_VNET(td)); KLD_LOCK(); lf = linker_find_file_by_id(fileid); ==== //depot/projects/vimage-commit/src/sys/kern/kern_prot.c#7 (text+ko) ==== @@ -1824,6 +1824,9 @@ */ if (jailed(cr)) prison_free(cr->cr_prison); +#ifdef VIMAGE + refcount_release(&cr->cr_vimage->vi_ucredrefc); +#endif #ifdef AUDIT audit_cred_destroy(cr); #endif @@ -1859,6 +1862,10 @@ uihold(dest->cr_ruidinfo); if (jailed(dest)) prison_hold(dest->cr_prison); +#ifdef VIMAGE + KASSERT(src->cr_vimage != NULL, ("cr_vimage == NULL")); + refcount_acquire(&dest->cr_vimage->vi_ucredrefc); +#endif #ifdef AUDIT audit_cred_copy(src, dest); #endif ==== //depot/projects/vimage-commit/src/sys/sys/sysctl.h#11 (text+ko) ==== @@ -459,6 +459,10 @@ TD_TO_VNET(curthread)->mod_data[oidp->oid_v_mod]; \ arg1 = cp + (size_t) arg1; \ break; \ + case V_PROCG: \ + cp = (char *) TD_TO_VPROCG(curthread); \ + arg1 = cp + (size_t) arg1; \ + break; \ default: \ panic("unsupported module id %d", oidp->oid_v_subs); \ } \ ==== //depot/projects/vimage-commit/src/sys/sys/vimage.h#21 (text+ko) ==== @@ -290,16 +290,8 @@ LIST_HEAD(vprocg_list_head, vprocg); extern struct vprocg_list_head vprocg_head; #define INIT_VPROCG(arg) struct vprocg *vprocg = (arg); -#define VPROCG_ITERLOOP_BEGIN() \ - struct vprocg *vprocg_iter; \ - LIST_FOREACH(vprocg_iter, &vprocg_head, vprocg_le) { - -#define VPROCG_ITERLOOP_END() \ - } #else #define INIT_VPROCG(arg) -#define VPROCG_ITERLOOP_BEGIN() -#define VPROCG_ITERLOOP_END() #endif #ifdef VIMAGEhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905062249.n46Mn3DW055238>