PERFORCE change 20379 for review

Robert Watson rwatson at freebsd.org
Tue Oct 29 22:24:22 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20379

Change 20379 by rwatson at rwatson_tislabs on 2002/10/29 14:24:02

	Take a pass at adapting aio to interact better with MAC:
	since MAC cares about the active thread credential, not just
	the file credential, cache a reference to the thread
	credential requesting the AIO operation, and temporarily
	set the kernel worker thread credential to the cached
	credential for the duration of the AIO operation.  Note that
	any MAC policies assuming that curthread->td_proc is the
	actually process are in for a shock, still.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_aio.c#22 (text+ko) ====

@@ -175,6 +175,7 @@
 	struct	callout_handle timeouthandle;
         struct	buf *bp;		/* Buffer pointer */
         struct	proc *userproc;		/* User process */ /* Not td! */
+	struct	ucred *cred;		/* Active credential when created */
         struct	file *fd_file;		/* Pointer to file structure */ 
         struct	aio_liojob *lio;	/* Optional lio job */
         struct	aiocb *uuaiocb;		/* Pointer in userspace of aiocb */
@@ -507,6 +508,7 @@
 	aiocbe->jobstate = JOBST_NULL;
 	untimeout(process_signal, aiocbe, aiocbe->timeouthandle);
 	fdrop(aiocbe->fd_file, curthread);
+	crfree(aiocbe->cred);
 	uma_zfree(aiocb_zone, aiocbe);
 	return 0;
 }
@@ -667,6 +669,7 @@
 static void
 aio_process(struct aiocblist *aiocbe)
 {
+	struct ucred *td_savedcred;
 	struct thread *td;
 	struct proc *mycp;
 	struct aiocb *cb;
@@ -679,6 +682,8 @@
 	int inblock_st, inblock_end;
 
 	td = curthread;
+	td_savedcred = td->td_ucred;
+	td->td_ucred = aiocbe->cred;
 	mycp = td->td_proc;
 	cb = &aiocbe->uaiocb;
 	fp = aiocbe->fd_file;
@@ -726,6 +731,7 @@
 	cnt -= auio.uio_resid;
 	cb->_aiocb_private.error = error;
 	cb->_aiocb_private.status = cnt;
+	td->td_ucred = td_savedcred;
 }
 
 /*
@@ -1412,6 +1418,7 @@
 	suword(&job->_aiocb_private.error, EINPROGRESS);
 	aiocbe->uaiocb._aiocb_private.error = EINPROGRESS;
 	aiocbe->userproc = p;
+	aiocbe->cred = crref(td->td_ucred);
 	aiocbe->jobflags = 0;
 	aiocbe->lio = lj;
 	ki = p->p_aioinfo;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list