Extending MADV_PROTECT
Konstantin Belousov
kostikbel at gmail.com
Sat Jul 13 17:58:40 UTC 2013
On Fri, Jul 12, 2013 at 05:48:57PM -0400, John Baldwin wrote:
> On Friday, June 28, 2013 2:46:01 pm John Baldwin wrote:
> > Ok, there isn't really a clear consensus here, but I need a system call to let
> > me toggle this flag on existing processes.
> >
> > One reason I don't like the procctl() approach is I am uneasy about forcing
> > a certain behavior for how commands treat pgid (first-fail vs best-effort).
> > I guess it can always change in the future so that isn't completely unsolvable.
> >
> > I guess I am fine just making it use hardcoded sizes instead of full-blown
> > ioctl encoding.
>
> Ok, I have updated patches for this for HEAD. I have not yet implemented the
> inheritance bits because I'm loathe to add the first bit to a p_flag2. :-P
> However, if that's the best course of action I suppose we can do that.
>
> The kernel patch is at www.freebsd.org/~jhb/patches/procctl.patch
>
> The patch for the protect binary is at www.freebsd.org/~jhb/patches/protect.patch
>
It seems that p_cansee() is called twice, once in kern_procctl(), and
then in protect_setchild().
Is AUE_WAIT6 the correct audit event id for procctl ?
I thought proposing to use pget() for P_PID case in kern_procctl(), but
indeed open coding of the process lookup is easier, since otherwise
you would need to move proctree_lock acquisition to P_PGID.
Why do you need PPROT_CLEAR ? If you do need the flag, would it be better
to assign a non-zero value to it ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130713/e3c96a66/attachment.sig>
More information about the freebsd-arch
mailing list