Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Mar 25 06:32:58 PST 2004
On Thu, Mar 25, 2004 at 08:33:41AM -0500, Robert Watson wrote:
+> > if (td != curthread)
+> > printf("td != curthread in %s\n", __func__);
+> > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I
+> > think using td->td_ucred in this function isn't safe...
+> Yeah, that sounds fairly dubious. One of the things we've been thinking
+> about for a while on the TrustedBSD Project is adding support for
+> polyinstantiation, which for those who've not bumped into it before, means
+> a virtualization of a service based on security properties. In the case
+> of TCP/IP and UDP/IP, it would mean adding additional matching parameters
+> to the PCB matching process, which currently is based on the address/port
+> pair for the packet and PCB. In particular, adding the label of the
+> packet and label of the PCB. It would also require some changes to the
+> binding mechanism which would require explicit passing of the credential
+> authorizing the bind. So my current leaning is that instead of passing in
+> a thread, we should be passing in a credential reference -- especially as
+> 'td' is only used to reach the credential in the PCB binding routines, not
+> for anything else. Then it becomes the callers responsibility to make
+> sure the reference remains valid and is safe from a locking perspective,
+> which should be a lot easier to do than with a thread reference.
+> How does this sound? It would completely eliminate the issue of "er,
+> which thread is that", which is really an unnecessary issue given that all
+> we're interested in is the credential.
Sounds good. I can prepare patch with this in p4, but it isn't to heavy
change from network locking branches point of view?
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20040325/de8d8881/attachment.bin
More information about the freebsd-net