Date: Thu, 25 Mar 2004 15:32:56 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. Message-ID: <20040325143256.GA8930@darkness.comp.waw.pl> In-Reply-To: <Pine.NEB.3.96L.1040325082908.52837A-100000@fledge.watson.org> References: <20040325111235.GY8930@darkness.comp.waw.pl> <Pine.NEB.3.96L.1040325082908.52837A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--E9b8Qrao4pLwl/2H
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 25, 2004 at 08:33:41AM -0500, Robert Watson wrote:
+> > if (td !=3D curthread)
+> > printf("td !=3D curthread in %s\n", __func__);
+> >=20
+> > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I
+> > think using td->td_ucred in this function isn't safe...=20
+>=20
+> Yeah, that sounds fairly dubious. One of the things we've been thinking
+> about for a while on the TrustedBSD Project is adding support for
+> polyinstantiation, which for those who've not bumped into it before, mea=
ns
+> a virtualization of a service based on security properties. In the case
+> of TCP/IP and UDP/IP, it would mean adding additional matching parameters
+> to the PCB matching process, which currently is based on the address/port
+> pair for the packet and PCB. In particular, adding the label of the
+> packet and label of the PCB. It would also require some changes to the
+> binding mechanism which would require explicit passing of the credential
+> authorizing the bind. So my current leaning is that instead of passing =
in
+> a thread, we should be passing in a credential reference -- especially as
+> 'td' is only used to reach the credential in the PCB binding routines, n=
ot
+> for anything else. Then it becomes the callers responsibility to make
+> sure the reference remains valid and is safe from a locking perspective,
+> which should be a lot easier to do than with a thread reference.
+>=20
+> How does this sound? It would completely eliminate the issue of "er,
+> which thread is that", which is really an unnecessary issue given that a=
ll
+> we're interested in is the credential.
Sounds good. I can prepare patch with this in p4, but it isn't to heavy
change from network locking branches point of view?
--=20
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd@FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
--E9b8Qrao4pLwl/2H
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAYu2YForvXbEpPzQRAghOAKC3mEJnltms/iIvlFNJF4UKiCWAQACcDVB4
XbxCaXMs1XdIRCtWHF312dA=
=b8GN
-----END PGP SIGNATURE-----
--E9b8Qrao4pLwl/2H--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040325143256.GA8930>