PERFORCE change 166961 for review

Marko Zec zec at FreeBSD.org
Mon Aug 3 12:37:57 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=166961

Change 166961 by zec at zec_tpx32 on 2009/08/03 12:37:40

	Introduce socreate_vnet() function, which allows for sockets to
	be created in a vnet different from the current administrative
	vnet, i.e. the one defined by the curthread's ucred.
	
	Force RPC sockets to always beceme open in vnet0, which should
	allow NFS client mounts created in vnet0 to be accessible from
	non-default vnets.  Ideally, NFS mounts would keep track in
	which vnet they have been created, in which case we wouldn't
	have to hardcode NFS to vnet0.
	
	Note that there's still nothing to prevent NFS mounts to be
	requested from non-default vnets, which will most probably
	never succed, and / or lead to cross-vnet leaks, and / or
	may lead to panics.  Hence, we should impose some barriers to
	jailed processes from requesting any NFS mount / export
	operations.

Affected files ...

.. //depot/projects/vimage-commit2/src/sys/kern/uipc_socket.c#30 edit
.. //depot/projects/vimage-commit2/src/sys/rpc/rpc_generic.c#5 edit
.. //depot/projects/vimage-commit2/src/sys/sys/socketvar.h#9 edit

Differences ...

==== //depot/projects/vimage-commit2/src/sys/kern/uipc_socket.c#30 (text+ko) ====

@@ -342,6 +342,24 @@
 socreate(int dom, struct socket **aso, int type, int proto,
     struct ucred *cred, struct thread *td)
 {
+
+#ifndef VIMAGE
+	return (socreate_vnet(dom, aso, type, proto, cred, td, NULL);
+#else
+	return (socreate_vnet(dom, aso, type, proto, cred, td,
+	    CRED_TO_VNET(cred)));
+#endif
+}
+
+/*
+ * socreate_vnet returns a socket with a ref count of 1 in a vnet possibly
+ * different from CRED_TO_VNET(cred).  The socket should be closed with
+ * soclose().
+ */
+int
+socreate_vnet(int dom, struct socket **aso, int type, int proto,
+    struct ucred *cred, struct thread *td, struct vnet *vnet)
+{
 	struct protosw *prp;
 	struct socket *so;
 	int error;
@@ -360,7 +378,7 @@
 
 	if (prp->pr_type != type)
 		return (EPROTOTYPE);
-	so = soalloc(CRED_TO_VNET(cred));
+	so = soalloc(vnet);
 	if (so == NULL)
 		return (ENOBUFS);
 

==== //depot/projects/vimage-commit2/src/sys/rpc/rpc_generic.c#5 (text+ko) ====

@@ -258,8 +258,8 @@
 		return 0;
 
 	so = NULL;
-	error =  socreate(si.si_af, &so, si.si_socktype, si.si_proto,
-	    curthread->td_ucred, curthread);
+	error =  socreate_vnet(si.si_af, &so, si.si_socktype, si.si_proto,
+	    curthread->td_ucred, curthread, vnet0);
 
 	if (error)
 		return NULL;

==== //depot/projects/vimage-commit2/src/sys/sys/socketvar.h#9 (text+ko) ====

@@ -329,6 +329,8 @@
 int	socow_setup(struct mbuf *m0, struct uio *uio);
 int	socreate(int dom, struct socket **aso, int type, int proto,
 	    struct ucred *cred, struct thread *td);
+int	socreate_vnet(int dom, struct socket **aso, int type, int proto,
+	    struct ucred *cred, struct thread *td, struct vnet *vnet);
 int	sodisconnect(struct socket *so);
 struct	sockaddr *sodupsockaddr(const struct sockaddr *sa, int mflags);
 void	sofree(struct socket *so);

More information about the p4-projects mailing list