Date: Mon, 11 Dec 2000 13:53:20 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: arch@FreeBSD.org Subject: Can !curproc touch Message-ID: <XFMail.001211135320.jhb@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
I've got a question about p_cred in proc, specifically p_cred->pc_ucred. In several VOP's and other places we use p_cred->pc_ucred (aka p_ucred) as the credentials if we don't already have one. The problem arises if another process can crfree() that ucred either by a crcopy() or a direct crfree() of p_ucred. In that case, the ucred being passed around through VFS will be invalid. For example, suppose cpu A is running process P and does a VOP() using P->p_ucred. Now, suppose process Q on cpu B does a setgroups() on P, thus doing a crcopy() of p_ucred. This alone won't break things because if there is only 1 reference to a ucred, we don't crfree() it in crcopy(), thus we won't end up with an empty ucred, though the ucred will _change_ halfway through the VOP, which could be ugly. OTOH, if the ucred has a refcount > 1, then it will be crfree()'d, but there will still be a reference to it. However, if the another CPU/process releases the remaining ucred references before the VOP finishes, you can have problems. However, this can only happen if a process other than P can read or write to P->p_ucred. Candidates for this might be aio, NFS, etc. If only P can touch p_ucred, then I can leave it at is current state (k) and it doesn't need to be locked. On the other hand, if p_ucred can be read/written by someone other than P, then I need to lock accesses to p_ucred with the proc structure lock, and I need to modify consumers of ucred's as follows: VFOO(p, p->p_ucred, ...); becomes: struct ucred *uc; ... PROC_LOCK(p); uc = p->p_ucred; crhold(uc); PROC_UNLOCK(p); VFOO(p, uc, ...); crfree(uc); -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.001211135320.jhb>