PERFORCE change 161688 for review

Marko Zec zec at FreeBSD.org
Wed May 6 22:49:05 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=161688

Change 161688 by zec at zec_tpx32 on 2009/05/06 22:48:25

	Merge proc and ucred to vimage refcounting infrastructure from
	vimage branch.
	
	Enforce separation between processes running in different
	vimages / vprocgs by extending prison_check().
	
	Prevent non-default vimages from executing kldload / kldunload
	system calls.
	
	Prune unused VPROC_ITERLOOP_* macros from vimage.h

Affected files ...

.. //depot/projects/vimage-commit/src/sys/kern/init_main.c#10 edit
.. //depot/projects/vimage-commit/src/sys/kern/kern_exit.c#9 edit
.. //depot/projects/vimage-commit/src/sys/kern/kern_fork.c#10 edit
.. //depot/projects/vimage-commit/src/sys/kern/kern_jail.c#13 edit
.. //depot/projects/vimage-commit/src/sys/kern/kern_linker.c#9 edit
.. //depot/projects/vimage-commit/src/sys/kern/kern_prot.c#7 edit
.. //depot/projects/vimage-commit/src/sys/sys/sysctl.h#11 edit
.. //depot/projects/vimage-commit/src/sys/sys/vimage.h#21 edit

Differences ...

==== //depot/projects/vimage-commit/src/sys/kern/init_main.c#10 (text+ko) ====

@@ -454,7 +454,9 @@
 	p->p_ucred->cr_ruidinfo = uifind(0);
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
 #ifdef VIMAGE
-	p->p_ucred->cr_vimage = LIST_FIRST(&vimage_head);
+	P_TO_VIMAGE(p) =  LIST_FIRST(&vimage_head);
+	refcount_acquire(&P_TO_VIMAGE(p)->vi_ucredrefc);
+	LIST_FIRST(&vprocg_head)->nprocs++;
 #endif
 #ifdef AUDIT
 	audit_cred_kproc0(p->p_ucred);

==== //depot/projects/vimage-commit/src/sys/kern/kern_exit.c#9 (text+ko) ====

@@ -70,6 +70,7 @@
 #include <sys/sdt.h>
 #include <sys/shm.h>
 #include <sys/sem.h>
+#include <sys/vimage.h>
 #ifdef KTRACE
 #include <sys/ktrace.h>
 #endif
@@ -737,6 +738,7 @@
 		nfound++;
 		PROC_SLOCK(p);
 		if (p->p_state == PRS_ZOMBIE) {
+			INIT_VPROCG(P_TO_VPROCG(p));
 			if (rusage) {
 				*rusage = p->p_ru;
 				calcru(p, &rusage->ru_utime, &rusage->ru_stime);
@@ -837,6 +839,9 @@
 			uma_zfree(proc_zone, p);
 			sx_xlock(&allproc_lock);
 			nprocs--;
+#ifdef VIMAGE
+			vprocg->nprocs--;
+#endif
 			sx_xunlock(&allproc_lock);
 			return (0);
 		}

==== //depot/projects/vimage-commit/src/sys/kern/kern_fork.c#10 (text+ko) ====

@@ -350,6 +350,9 @@
 	 * are hard-limits as to the number of processes that can run.
 	 */
 	nprocs++;
+#ifdef VIMAGE
+	P_TO_VPROCG(p1)->nprocs++;
+#endif
 
 	/*
 	 * Find an unused process ID.  We remember a range of unused IDs

==== //depot/projects/vimage-commit/src/sys/kern/kern_jail.c#13 (text+ko) ====

@@ -2219,6 +2219,10 @@
 		if (cred2->cr_prison != cred1->cr_prison)
 			return (ESRCH);
 	}
+#ifdef VIMAGE
+	if (cred2->cr_vimage->v_procg != cred1->cr_vimage->v_procg)
+		return (ESRCH);
+#endif
 
 	return (0);
 }

==== //depot/projects/vimage-commit/src/sys/kern/kern_linker.c#9 (text+ko) ====

@@ -992,6 +992,12 @@
 	if ((error = priv_check(td, PRIV_KLD_LOAD)) != 0)
 		return (error);
 
+#ifdef VIMAGE
+	/* Only the default vimage is permitted to kldload modules. */
+	if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td)))
+		return (EPERM);
+#endif
+
 	/*
 	 * It's possible that kldloaded module will attach a new ifnet,
 	 * so vnet context must be set when this ocurs.
@@ -1063,6 +1069,12 @@
 	if ((error = priv_check(td, PRIV_KLD_UNLOAD)) != 0)
 		return (error);
 
+#ifdef VIMAGE
+	/* Only the default vimage is permitted to kldunload modules. */
+	if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td)))
+		return (EPERM);
+#endif
+
 	CURVNET_SET(TD_TO_VNET(td));
 	KLD_LOCK();
 	lf = linker_find_file_by_id(fileid);

==== //depot/projects/vimage-commit/src/sys/kern/kern_prot.c#7 (text+ko) ====

@@ -1824,6 +1824,9 @@
 		 */
 		if (jailed(cr))
 			prison_free(cr->cr_prison);
+#ifdef VIMAGE
+		refcount_release(&cr->cr_vimage->vi_ucredrefc);
+#endif
 #ifdef AUDIT
 		audit_cred_destroy(cr);
 #endif
@@ -1859,6 +1862,10 @@
 	uihold(dest->cr_ruidinfo);
 	if (jailed(dest))
 		prison_hold(dest->cr_prison);
+#ifdef VIMAGE
+	KASSERT(src->cr_vimage != NULL, ("cr_vimage == NULL"));
+	refcount_acquire(&dest->cr_vimage->vi_ucredrefc);
+#endif
 #ifdef AUDIT
 	audit_cred_copy(src, dest);
 #endif

==== //depot/projects/vimage-commit/src/sys/sys/sysctl.h#11 (text+ko) ====

@@ -459,6 +459,10 @@
 		    TD_TO_VNET(curthread)->mod_data[oidp->oid_v_mod];	\
 		arg1 = cp + (size_t) arg1;				\
 		break;							\
+	case V_PROCG:							\
+		cp = (char *) TD_TO_VPROCG(curthread);			\
+		arg1 = cp + (size_t) arg1;				\
+		break;							\
 	default:							\
 		panic("unsupported module id %d", oidp->oid_v_subs);	\
 	}								\

==== //depot/projects/vimage-commit/src/sys/sys/vimage.h#21 (text+ko) ====

@@ -290,16 +290,8 @@
 LIST_HEAD(vprocg_list_head, vprocg);
 extern struct vprocg_list_head vprocg_head;
 #define	INIT_VPROCG(arg)	struct vprocg *vprocg = (arg);
-#define	VPROCG_ITERLOOP_BEGIN()						\
-	struct vprocg *vprocg_iter;					\
-	LIST_FOREACH(vprocg_iter, &vprocg_head, vprocg_le) {
-  
-#define	VPROCG_ITERLOOP_END()						\
-	}	
 #else
 #define	INIT_VPROCG(arg)
-#define	VPROCG_ITERLOOP_BEGIN()
-#define	VPROCG_ITERLOOP_END()
 #endif
 
 #ifdef VIMAGE

More information about the p4-projects mailing list