From owner-freebsd-arch Tue Apr 3 15:50:23 2001 Delivered-To: freebsd-arch@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 03FFE37B71C; Tue, 3 Apr 2001 15:50:16 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.3/8.11.3) with ESMTP id f33MoV828960; Tue, 3 Apr 2001 23:50:31 +0100 (BST) (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f33Mso560006; Tue, 3 Apr 2001 23:54:50 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200104032254.f33Mso560006@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Alfred Perlstein Cc: Matt Dillon , Robert Watson , freebsd-arch@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: Eliminate crget() from nfs kernel code? In-Reply-To: Message from Alfred Perlstein of "Tue, 03 Apr 2001 14:42:10 PDT." <20010403144210.B12164@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 03 Apr 2001 23:54:50 +0100 From: Brian Somers Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > * Matt Dillon [010403 14:30] wrote: > > :While extending ucred in a rewrite of my mandatory access control > > :implementation on FreeBSD, I managed to panic the system: > > : > > :... > > : > > :What I discovered was that the nfs_statfs() implementation fakes up a > > :credential using crget() to use when invoking nfs_fsinfo(), and uses it > > :only for the lifetime of the nfs_statfs() call. While I don't claim to > > :have a complete understanding of the NFS code, it appears that this is > > :done in lieu of using p->p_ucred, and that other related VFS calls are > > :passed a ucred as an argument. This causes some problems for > > :implementations of extensions to ucred, as it introduces a new (and fairly > > :arbitrary) credential that must be created to satisfy the need to call > > :crget() here. I was wondering if someone could expound on the rationale > > :for creating a new (and fairly poorly initialized) ucred in this scenario, > > :and perhaps comment also on two possible work-arounds: > > : > > : 1) Use p->p_ucred. > > : 2) Introduce a ucred argument to vfs_statfs() to be used by > > : file system implementations that require it. > > :... > > :ucred argument (although this will break binary compatibility in -CURRENT, > > :which is where I'd consider doing the change). The effect of the current > > :code, btw, is to always make NFSPROC_STATFS() calls using uid/gid of 0 > > :(possibly mapped to nobody on the server), rather than the calling process > > :-- it's possible to imagine environments in which this is inappropriate, > > :especially with the introduction of MAC. I notice that there's some > > :similar behavior in the ncp code. > > : > > :Robert N M Watson FreeBSD Core Team, TrustedBSD Project > > :robert@fledge.watson.org NAI Labs, Safeport Network Services > > > > Hmm. It's hard to say. The standard doesn't say anything about > > the credential needing to be root/wheel over the wire for statfs(), > > but if we change it we will probably break someone somewhere. > > > > I think you want to keep crget()/crfree() if possible, just so you > > don't have to worry about the data being sent over the wire breaking > > some poor sod. But if you want to bite the bullet and use the process > > ucred I'd say go for it - keep a careful watch for complaints of > > FreeBSD suddenly failing against various NFS servers though. > > > > The fake ucred has been in the NFS codebase from day 1. It could very > > well be outdated now. > > Hmm, strange there's not a static cred available for these usages. > > What about using process 0's ucred, does it even have one? > > I'm sure there's other examples of how to do this correctly in the > code. Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR. Maybe that'd be useful here ? > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > Represent yourself, show up at BABUG http://www.babug.org/ -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message