From owner-svn-src-all@FreeBSD.ORG Sat Mar 29 04:14:47 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D6964E0E; Sat, 29 Mar 2014 04:14:47 +0000 (UTC) Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [IPv6:2a00:1450:400c:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA6D7F76; Sat, 29 Mar 2014 04:14:46 +0000 (UTC) Received: by mail-we0-f179.google.com with SMTP id x48so3002437wes.24 for ; Fri, 28 Mar 2014 21:14:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=jfe7MpdnaefwYL4LnhE+GslYjk5kvhY7KTF+5U8N4B8=; b=Ur+iSsXWLrK/+NCrygcLyn7g4EJwvkwCK/u+pjZqESIYihEFhguqZj0gfc0rL+bnXc djXiqFUbxctcpDjKPHO3ycjNBH3DAGcLdUY3ziqQE/tMQOtCkBGTXVkWAqDXWDK2VSSp jzK+P84z27qgHjqmcL+cMxF/deu4CDivZHShcplF9A6SoGyFA9wIeDZVY+1vmT2wmYOd lOHB4XuM4aXSkpCzueYJ2sEb39kCxgjNJp41HmyMPCV9s1mYNxbx/JfLvq0vj6TH7Op8 6fuzfAtMjzszNPXzVv3IiWkf1VaGMWXBpTIhINAaUzR9r6CzQkdBJzqOad+fFCA48AQD ru7g== X-Received: by 10.180.185.232 with SMTP id ff8mr342784wic.25.1396066484905; Fri, 28 Mar 2014 21:14:44 -0700 (PDT) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPSA id fs4sm11717847wib.11.2014.03.28.21.14.43 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 28 Mar 2014 21:14:43 -0700 (PDT) Date: Sat, 29 Mar 2014 05:14:41 +0100 From: Mateusz Guzik To: David Xu Subject: Re: svn commit: r263755 - head/sys/kern Message-ID: <20140329041441.GD29296@dft-labs.eu> References: <53351627.9000703@freebsd.org> <201403281613.s2SGDKpk010871@gw.catspoiler.org> <20140329025602.GB29296@dft-labs.eu> <5336396E.7000801@freebsd.org> <20140329032513.GC29296@dft-labs.eu> <53364369.10500@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <53364369.10500@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: src-committers@FreeBSD.org, mjg@FreeBSD.org, Don Lewis , svn-src-head@FreeBSD.org, kostikbel@gmail.com, svn-src-all@FreeBSD.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2014 04:14:47 -0000 On Sat, Mar 29, 2014 at 11:52:09AM +0800, David Xu wrote: > >If fsetown handling like this is insecure this would bite us in that > >scenario (and few others). In short, if we can avoid giving another way > >to corrupt stuff in the kernel to userspace, we should. > > > I can not see what you said, where is the security problem with fsetown ? > if you have per-jail instance of devsoftc, they all are operating on their > own instance. but I don't think this patch should address jail now, there > are many things are not jail ready. > I asked if multpiple concurrent calls to fsetown(.., &pointer) could result in some corruption in the kernel - if they could, we would have a problem in the future. I decided to read the code once more and fsetown seems to be safe in this regard after all and with that in mind the patch looks good to me. This thread is too long already, so I'm stepping down on this one in case there are some futher concerns. -- Mateusz Guzik