Date: Wed, 4 Apr 2001 10:55:31 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Alfred Perlstein <bright@wintelcom.net>, Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? Message-ID: <200104041755.f34HtVK89343@earth.backplane.com> References: <Pine.NEB.3.96L.1010404131609.14983B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:It's fine for now pre-KSE. In some threaded operating systems, the way
:they handle this is to do a crcopy() of the credential when making
:potentially long (vis blocking) calls, freezing the credential at the time
:the call is instantiated. I believe Solaris does this, but haven't
:checked in a while. So when you make a VFSOP, you crcopy and pass the
:reference to the copy in so that you can release the locking on the ucred
:pointer rather than holding the mutex and potentially sleep. This has
:nicer security properties too--you don't want credentials being
:inconsistent during a call, our you can introduce nasty races. What this
:does mean is we probably need an explicit credential passed into the VFS
:operations, as I suggested as another possible solution to the current
:crget() problem. However, we can always wait on that until KSE actually
:starts happening (i.e., solve credential/proc locking problem first, then
:go apply solution).
:
:Robert N M Watson FreeBSD Core Team, TrustedBSD Project
:robert@fledge.watson.org NAI Labs, Safeport Network Services
I think we could do it while avoiding the crcopy. How about this:
* Any system call that uses p->p_ucred gets a reference to it
via crhold(). Simple and inexpensive. We could also adjust
crhold() to be an inline instead of a #define and have it
return it's argument to make the code using it cleaner.
fubarsyscall()
{
struct ucred *ucred = crhold(p->p_ucred);
...
crfree(ucred);
}
* Any system call that modifies p->p_ucred actually detaches the
existing p->p_ucred from the process structure, allocates a
completely new one, and assigns the new one to the process
structure.
Hey, guess what! This is what we do already! Take a look at
change_euid() in kern_prot.c! It's even optimized for the
ref-count == 1 case.
I think what this means is that we simply cleanup and use crhold() and
crfree() more diligently everywhere we currently use p->p_ucred, and
we're done.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104041755.f34HtVK89343>