[Bug 213527] [patch] [kernel] Rework on functions allocating credentials.

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Oct 16 13:27:53 UTC 2016


Mateusz Guzik <mjg at FreeBSD.org> changed:

           What    |Removed                     |Added
           Assignee|freebsd-bugs at FreeBSD.org    |mjg at FreeBSD.org
                 CC|                            |mjg at FreeBSD.org

--- Comment #2 from Mateusz Guzik <mjg at FreeBSD.org> ---

The added argument indeed completes part of the task, but the patch is buggy.

You consistently have:

newcred = crget(p->p_ucred->cr_agroups);

However, the stability of p_ucred is protected only with the proc lock held.
That is, by the time you read the address stored in p->p_ucred, the object
stored at that address can be freed. The crget cannot be moved inside because
crget can sleep in an unbound manner, while the lock in question disallows

When dealing with the current process, you can cheat a little and use
td->td_ucred as a source for the number of groups.

Finally, I would argue crget() interface should be left as it is. Instead, a
new function (ncrget?) would be introduced and crget would become a wrapper
which uses the current default number of groups as an argument.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list