From owner-svn-src-stable-7@FreeBSD.ORG Thu Oct 30 16:29:05 2008 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB2381065674; Thu, 30 Oct 2008 16:29:05 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 977B18FC16; Thu, 30 Oct 2008 16:29:05 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id m9UGT5YA056299; Thu, 30 Oct 2008 16:29:05 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id m9UGT4rY056290; Thu, 30 Oct 2008 16:29:04 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <200810301629.m9UGT4rY056290@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Thu, 30 Oct 2008 16:29:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r184481 - in stable/7/sys: . contrib/pf/net netinet netinet6 X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2008 16:29:05 -0000 Author: bz Date: Thu Oct 30 16:29:04 2008 New Revision: 184481 URL: http://svn.freebsd.org/changeset/base/184481 Log: MFC: r183606, r183610 Cache so_cred as inp_cred in the inpcb. This means that inp_cred is always there, even after the socket has gone away. It also means that it is constant for the lifetime of the inp. Both facts lead to simpler code and possibly less locking. Approved by: re (gnn) Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/net/pf.c stable/7/sys/netinet/in_pcb.c stable/7/sys/netinet/in_pcb.h stable/7/sys/netinet/ip_fw2.c stable/7/sys/netinet/raw_ip.c stable/7/sys/netinet/tcp_subr.c stable/7/sys/netinet/udp_usrreq.c stable/7/sys/netinet6/in6_pcb.c stable/7/sys/netinet6/udp6_usrreq.c Modified: stable/7/sys/contrib/pf/net/pf.c ============================================================================== --- stable/7/sys/contrib/pf/net/pf.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/contrib/pf/net/pf.c Thu Oct 30 16:29:04 2008 (r184481) @@ -2938,13 +2938,9 @@ pf_socket_lookup(int direction, struct p #ifdef __FreeBSD__ if (inp_arg != NULL) { INP_LOCK_ASSERT(inp_arg); - if (inp_arg->inp_socket) { - pd->lookup.uid = inp_arg->inp_socket->so_cred->cr_uid; - pd->lookup.gid = - inp_arg->inp_socket->so_cred->cr_groups[0]; - return (1); - } else - return (-1); + pd->lookup.uid = inp_arg->inp_cred->cr_uid; + pd->lookup.gid = inp_arg->inp_cred->cr_groups[0]; + return (1); } #endif switch (pd->proto) { @@ -3040,15 +3036,9 @@ pf_socket_lookup(int direction, struct p return (-1); } #ifdef __FreeBSD__ - INP_RLOCK(inp); + pd->lookup.uid = inp->inp_cred->cr_uid; + pd->lookup.gid = inp->inp_cred->cr_groups[0]; INP_INFO_RUNLOCK(pi); - if ((inp->inp_socket == NULL) || (inp->inp_socket->so_cred == NULL)) { - INP_RUNLOCK(inp); - return (-1); - } - pd->lookup.uid = inp->inp_socket->so_cred->cr_uid; - pd->lookup.gid = inp->inp_socket->so_cred->cr_groups[0]; - INP_RUNLOCK(inp); #else pd->lookup.uid = inp->inp_socket->so_euid; pd->lookup.gid = inp->inp_socket->so_egid; Modified: stable/7/sys/netinet/in_pcb.c ============================================================================== --- stable/7/sys/netinet/in_pcb.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/in_pcb.c Thu Oct 30 16:29:04 2008 (r184481) @@ -186,6 +186,7 @@ in_pcballoc(struct socket *so, struct in bzero(inp, inp_zero_size); inp->inp_pcbinfo = pcbinfo; inp->inp_socket = so; + inp->inp_cred = crhold(so->so_cred); inp->inp_inc.inc_fibnum = so->so_fibnum; #ifdef MAC error = mac_init_inpcb(inp, M_NOWAIT); @@ -224,8 +225,10 @@ in_pcballoc(struct socket *so, struct in #if defined(IPSEC) || defined(MAC) out: - if (error != 0) + if (error != 0) { + crfree(inp->inp_cred); uma_zfree(pcbinfo->ipi_zone, inp); + } #endif return (error); } @@ -345,7 +348,7 @@ in_pcbbind_setup(struct inpcb *inp, stru if (jailed(cred)) prison = 1; if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && - priv_check_cred(so->so_cred, + priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT, 0) != 0) { t = in_pcblookup_local(pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD, @@ -362,8 +365,8 @@ in_pcbbind_setup(struct inpcb *inp, stru ntohl(t->inp_laddr.s_addr) != INADDR_ANY || (t->inp_socket->so_options & SO_REUSEPORT) == 0) && - (so->so_cred->cr_uid != - t->inp_socket->so_cred->cr_uid)) + (inp->inp_cred->cr_uid != + t->inp_cred->cr_uid)) return (EADDRINUSE); } if (prison && prison_ip(cred, 0, &sin->sin_addr.s_addr)) @@ -745,6 +748,7 @@ in_pcbfree(struct inpcb *inp) if (inp->inp_moptions != NULL) inp_freemoptions(inp->inp_moptions); inp->inp_vflag = 0; + crfree(inp->inp_cred); #ifdef MAC mac_destroy_inpcb(inp); Modified: stable/7/sys/netinet/in_pcb.h ============================================================================== --- stable/7/sys/netinet/in_pcb.h Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/in_pcb.h Thu Oct 30 16:29:04 2008 (r184481) @@ -169,7 +169,8 @@ struct inpcb { u_char inp_ip_p; /* (c) protocol proto */ u_char inp_ip_minttl; /* (i) minimum TTL or drop */ uint32_t inp_ispare1; /* (x) connection id / queue id */ - void *inp_pspare[2]; /* (x) rtentry / general use */ + void *inp_pspare; /* (x) rtentry / general use */ + struct ucred *inp_cred; /* (c) cache of socket cred */ /* Local and foreign ports, local and foreign addr. */ struct in_conninfo inp_inc; Modified: stable/7/sys/netinet/ip_fw2.c ============================================================================== --- stable/7/sys/netinet/ip_fw2.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/ip_fw2.c Thu Oct 30 16:29:04 2008 (r184481) @@ -1962,15 +1962,11 @@ fill_ugid_cache(struct inpcb *inp, struc { struct ucred *cr; - if (inp->inp_socket != NULL) { - cr = inp->inp_socket->so_cred; - ugp->fw_prid = jailed(cr) ? - cr->cr_prison->pr_id : -1; - ugp->fw_uid = cr->cr_uid; - ugp->fw_ngroups = cr->cr_ngroups; - bcopy(cr->cr_groups, ugp->fw_groups, - sizeof(ugp->fw_groups)); - } + cr = inp->inp_cred; + ugp->fw_prid = jailed(cr) ? cr->cr_prison->pr_id : -1; + ugp->fw_uid = cr->cr_uid; + ugp->fw_ngroups = cr->cr_ngroups; + bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups)); } static int @@ -2026,12 +2022,8 @@ check_uidgid(ipfw_insn_u32 *insn, int pr dst_ip, htons(dst_port), wildcard, NULL); if (pcb != NULL) { - INP_RLOCK(pcb); - if (pcb->inp_socket != NULL) { - fill_ugid_cache(pcb, ugp); - *ugid_lookupp = 1; - } - INP_RUNLOCK(pcb); + fill_ugid_cache(pcb, ugp); + *ugid_lookupp = 1; } INP_INFO_RUNLOCK(pi); if (*ugid_lookupp == 0) { Modified: stable/7/sys/netinet/raw_ip.c ============================================================================== --- stable/7/sys/netinet/raw_ip.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/raw_ip.c Thu Oct 30 16:29:04 2008 (r184481) @@ -257,6 +257,7 @@ rip_input(struct mbuf *m, int off) if (inp->inp_ip_p != proto) continue; #ifdef INET6 + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV4) == 0) continue; #endif @@ -264,11 +265,9 @@ rip_input(struct mbuf *m, int off) continue; if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; - INP_RLOCK(inp); - if (jailed(inp->inp_socket->so_cred) && - (htonl(prison_getip(inp->inp_socket->so_cred)) != + if (jailed(inp->inp_cred) && + (htonl(prison_getip(inp->inp_cred)) != ip->ip_dst.s_addr)) { - INP_RUNLOCK(inp); continue; } if (last) { @@ -280,12 +279,14 @@ rip_input(struct mbuf *m, int off) /* XXX count dropped packet */ INP_RUNLOCK(last); } + INP_RLOCK(inp); last = inp; } LIST_FOREACH(inp, &ripcbinfo.ipi_hashbase[0], inp_hash) { if (inp->inp_ip_p && inp->inp_ip_p != proto) continue; #ifdef INET6 + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV4) == 0) continue; #endif @@ -295,11 +296,9 @@ rip_input(struct mbuf *m, int off) if (inp->inp_faddr.s_addr && inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; - INP_RLOCK(inp); - if (jailed(inp->inp_socket->so_cred) && - (htonl(prison_getip(inp->inp_socket->so_cred)) != + if (jailed(inp->inp_cred) && + (htonl(prison_getip(inp->inp_cred)) != ip->ip_dst.s_addr)) { - INP_RUNLOCK(inp); continue; } if (last) { @@ -311,6 +310,7 @@ rip_input(struct mbuf *m, int off) /* XXX count dropped packet */ INP_RUNLOCK(last); } + INP_RLOCK(inp); last = inp; } INP_INFO_RUNLOCK(&ripcbinfo); @@ -360,9 +360,9 @@ rip_output(struct mbuf *m, struct socket ip->ip_off = 0; ip->ip_p = inp->inp_ip_p; ip->ip_len = m->m_pkthdr.len; - if (jailed(inp->inp_socket->so_cred)) + if (jailed(inp->inp_cred)) ip->ip_src.s_addr = - htonl(prison_getip(inp->inp_socket->so_cred)); + htonl(prison_getip(inp->inp_cred)); else ip->ip_src = inp->inp_laddr; ip->ip_dst.s_addr = dst; @@ -374,9 +374,9 @@ rip_output(struct mbuf *m, struct socket } INP_RLOCK(inp); ip = mtod(m, struct ip *); - if (jailed(inp->inp_socket->so_cred)) { + if (jailed(inp->inp_cred)) { if (ip->ip_src.s_addr != - htonl(prison_getip(inp->inp_socket->so_cred))) { + htonl(prison_getip(inp->inp_cred))) { INP_RUNLOCK(inp); m_freem(m); return (EPERM); Modified: stable/7/sys/netinet/tcp_subr.c ============================================================================== --- stable/7/sys/netinet/tcp_subr.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/tcp_subr.c Thu Oct 30 16:29:04 2008 (r184481) @@ -1047,7 +1047,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error == 0) - cru2x(inp->inp_socket->so_cred, &xuc); + cru2x(inp->inp_cred, &xuc); INP_RUNLOCK(inp); } else { INP_INFO_RUNLOCK(&tcbinfo); @@ -1109,7 +1109,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error == 0) - cru2x(inp->inp_socket->so_cred, &xuc); + cru2x(inp->inp_cred, &xuc); INP_RUNLOCK(inp); } else { INP_INFO_RUNLOCK(&tcbinfo); Modified: stable/7/sys/netinet/udp_usrreq.c ============================================================================== --- stable/7/sys/netinet/udp_usrreq.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet/udp_usrreq.c Thu Oct 30 16:29:04 2008 (r184481) @@ -768,7 +768,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS) error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error == 0) - cru2x(inp->inp_socket->so_cred, &xuc); + cru2x(inp->inp_cred, &xuc); INP_RUNLOCK(inp); } else { INP_INFO_RUNLOCK(&udbinfo); Modified: stable/7/sys/netinet6/in6_pcb.c ============================================================================== --- stable/7/sys/netinet6/in6_pcb.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet6/in6_pcb.c Thu Oct 30 16:29:04 2008 (r184481) @@ -185,7 +185,7 @@ in6_pcbbind(register struct inpcb *inp, 0)) return (EACCES); if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) && - priv_check_cred(so->so_cred, + priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT, 0) != 0) { t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr, lport, @@ -197,8 +197,8 @@ in6_pcbbind(register struct inpcb *inp, (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) || (t->inp_socket->so_options & SO_REUSEPORT) - == 0) && (so->so_cred->cr_uid != - t->inp_socket->so_cred->cr_uid)) + == 0) && (inp->inp_cred->cr_uid != + t->inp_cred->cr_uid)) return (EADDRINUSE); if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0 && IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { @@ -214,8 +214,8 @@ in6_pcbbind(register struct inpcb *inp, (so->so_type != SOCK_STREAM || ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && - (so->so_cred->cr_uid != - t->inp_socket->so_cred->cr_uid)) + (inp->inp_cred->cr_uid != + t->inp_cred->cr_uid)) return (EADDRINUSE); } } @@ -317,7 +317,7 @@ in6_pcbladdr(register struct inpcb *inp, */ *plocal_addr6 = in6_selectsrc(sin6, inp->in6p_outputopts, inp, NULL, - inp->inp_socket->so_cred, + inp->inp_cred, &ifp, &error); if (ifp && scope_ambiguous && (error = in6_setscope(&sin6->sin6_addr, ifp, NULL)) != 0) { Modified: stable/7/sys/netinet6/udp6_usrreq.c ============================================================================== --- stable/7/sys/netinet6/udp6_usrreq.c Thu Oct 30 16:22:04 2008 (r184480) +++ stable/7/sys/netinet6/udp6_usrreq.c Thu Oct 30 16:29:04 2008 (r184481) @@ -458,7 +458,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error == 0) - cru2x(inp->inp_socket->so_cred, &xuc); + cru2x(inp->inp_cred, &xuc); INP_RUNLOCK(inp); } else { INP_INFO_RUNLOCK(&udbinfo);