Date: Tue, 29 Oct 2002 14:24:22 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20379 for review Message-ID: <200210292224.g9TMOMVa062692@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20379 Change 20379 by rwatson@rwatson_tislabs on 2002/10/29 14:24:02 Take a pass at adapting aio to interact better with MAC: since MAC cares about the active thread credential, not just the file credential, cache a reference to the thread credential requesting the AIO operation, and temporarily set the kernel worker thread credential to the cached credential for the duration of the AIO operation. Note that any MAC policies assuming that curthread->td_proc is the actually process are in for a shock, still. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 (text+ko) ==== @@ -175,6 +175,7 @@ struct callout_handle timeouthandle; struct buf *bp; /* Buffer pointer */ struct proc *userproc; /* User process */ /* Not td! */ + struct ucred *cred; /* Active credential when created */ struct file *fd_file; /* Pointer to file structure */ struct aio_liojob *lio; /* Optional lio job */ struct aiocb *uuaiocb; /* Pointer in userspace of aiocb */ @@ -507,6 +508,7 @@ aiocbe->jobstate = JOBST_NULL; untimeout(process_signal, aiocbe, aiocbe->timeouthandle); fdrop(aiocbe->fd_file, curthread); + crfree(aiocbe->cred); uma_zfree(aiocb_zone, aiocbe); return 0; } @@ -667,6 +669,7 @@ static void aio_process(struct aiocblist *aiocbe) { + struct ucred *td_savedcred; struct thread *td; struct proc *mycp; struct aiocb *cb; @@ -679,6 +682,8 @@ int inblock_st, inblock_end; td = curthread; + td_savedcred = td->td_ucred; + td->td_ucred = aiocbe->cred; mycp = td->td_proc; cb = &aiocbe->uaiocb; fp = aiocbe->fd_file; @@ -726,6 +731,7 @@ cnt -= auio.uio_resid; cb->_aiocb_private.error = error; cb->_aiocb_private.status = cnt; + td->td_ucred = td_savedcred; } /* @@ -1412,6 +1418,7 @@ suword(&job->_aiocb_private.error, EINPROGRESS); aiocbe->uaiocb._aiocb_private.error = EINPROGRESS; aiocbe->userproc = p; + aiocbe->cred = crref(td->td_ucred); aiocbe->jobflags = 0; aiocbe->lio = lj; ki = p->p_aioinfo; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210292224.g9TMOMVa062692>