From owner-p4-projects Tue Oct 29 14:25:38 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 86FF737B404; Tue, 29 Oct 2002 14:25:35 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FAB337B401 for ; Tue, 29 Oct 2002 14:25:35 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF56D43E3B for ; Tue, 29 Oct 2002 14:25:34 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9TMONmV062695 for ; Tue, 29 Oct 2002 14:24:23 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9TMOMVa062692 for perforce@freebsd.org; Tue, 29 Oct 2002 14:24:22 -0800 (PST) Date: Tue, 29 Oct 2002 14:24:22 -0800 (PST) Message-Id: <200210292224.g9TMOMVa062692@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20379 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20379 Change 20379 by rwatson@rwatson_tislabs on 2002/10/29 14:24:02 Take a pass at adapting aio to interact better with MAC: since MAC cares about the active thread credential, not just the file credential, cache a reference to the thread credential requesting the AIO operation, and temporarily set the kernel worker thread credential to the cached credential for the duration of the AIO operation. Note that any MAC policies assuming that curthread->td_proc is the actually process are in for a shock, still. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 (text+ko) ==== @@ -175,6 +175,7 @@ struct callout_handle timeouthandle; struct buf *bp; /* Buffer pointer */ struct proc *userproc; /* User process */ /* Not td! */ + struct ucred *cred; /* Active credential when created */ struct file *fd_file; /* Pointer to file structure */ struct aio_liojob *lio; /* Optional lio job */ struct aiocb *uuaiocb; /* Pointer in userspace of aiocb */ @@ -507,6 +508,7 @@ aiocbe->jobstate = JOBST_NULL; untimeout(process_signal, aiocbe, aiocbe->timeouthandle); fdrop(aiocbe->fd_file, curthread); + crfree(aiocbe->cred); uma_zfree(aiocb_zone, aiocbe); return 0; } @@ -667,6 +669,7 @@ static void aio_process(struct aiocblist *aiocbe) { + struct ucred *td_savedcred; struct thread *td; struct proc *mycp; struct aiocb *cb; @@ -679,6 +682,8 @@ int inblock_st, inblock_end; td = curthread; + td_savedcred = td->td_ucred; + td->td_ucred = aiocbe->cred; mycp = td->td_proc; cb = &aiocbe->uaiocb; fp = aiocbe->fd_file; @@ -726,6 +731,7 @@ cnt -= auio.uio_resid; cb->_aiocb_private.error = error; cb->_aiocb_private.status = cnt; + td->td_ucred = td_savedcred; } /* @@ -1412,6 +1418,7 @@ suword(&job->_aiocb_private.error, EINPROGRESS); aiocbe->uaiocb._aiocb_private.error = EINPROGRESS; aiocbe->userproc = p; + aiocbe->cred = crref(td->td_ucred); aiocbe->jobflags = 0; aiocbe->lio = lj; ki = p->p_aioinfo; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message