Date: Wed, 4 Apr 2001 10:55:31 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Alfred Perlstein <bright@wintelcom.net>, Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? Message-ID: <200104041755.f34HtVK89343@earth.backplane.com> References: <Pine.NEB.3.96L.1010404131609.14983B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:It's fine for now pre-KSE. In some threaded operating systems, the way :they handle this is to do a crcopy() of the credential when making :potentially long (vis blocking) calls, freezing the credential at the time :the call is instantiated. I believe Solaris does this, but haven't :checked in a while. So when you make a VFSOP, you crcopy and pass the :reference to the copy in so that you can release the locking on the ucred :pointer rather than holding the mutex and potentially sleep. This has :nicer security properties too--you don't want credentials being :inconsistent during a call, our you can introduce nasty races. What this :does mean is we probably need an explicit credential passed into the VFS :operations, as I suggested as another possible solution to the current :crget() problem. However, we can always wait on that until KSE actually :starts happening (i.e., solve credential/proc locking problem first, then :go apply solution). : :Robert N M Watson FreeBSD Core Team, TrustedBSD Project :robert@fledge.watson.org NAI Labs, Safeport Network Services I think we could do it while avoiding the crcopy. How about this: * Any system call that uses p->p_ucred gets a reference to it via crhold(). Simple and inexpensive. We could also adjust crhold() to be an inline instead of a #define and have it return it's argument to make the code using it cleaner. fubarsyscall() { struct ucred *ucred = crhold(p->p_ucred); ... crfree(ucred); } * Any system call that modifies p->p_ucred actually detaches the existing p->p_ucred from the process structure, allocates a completely new one, and assigns the new one to the process structure. Hey, guess what! This is what we do already! Take a look at change_euid() in kern_prot.c! It's even optimized for the ref-count == 1 case. I think what this means is that we simply cleanup and use crhold() and crfree() more diligently everywhere we currently use p->p_ucred, and we're done. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104041755.f34HtVK89343>