svn commit: r362968 - head/sys/kern

[Mark Johnston]

Author: markj
Date: Mon Jul  6 16:34:09 2020
New Revision: 362968
URL: https://svnweb.freebsd.org/changeset/base/362968

Log:
  Allow accesses of the caller's CPU and domain sets in capability mode.
  
  cpuset_(get|set)(affinity|domain)(2) permit a get or set of the calling
  thread or process' CPU and domain set in capability mode, but only when
  the thread or process ID is specified as -1.  Extend this to cover the
  case where the ID actually matches the caller's TID or PID, since some
  code, such as our pthread_attr_get_np() implementation, always provides
  an explicit ID.
  
  It was not and still is not permitted to access CPU and domain sets for
  other threads in the same process when the process is in capability
  mode.  This might change in the future.
  
  Submitted by:	Greg V <greg at unrelenting.technology> (original version)
  MFC after:	1 week
  Differential Revision:	https://reviews.freebsd.org/D25552

Modified:
  head/sys/kern/kern_cpuset.c

Modified: head/sys/kern/kern_cpuset.c
==============================================================================
--- head/sys/kern/kern_cpuset.c	Mon Jul  6 16:33:28 2020	(r362967)
+++ head/sys/kern/kern_cpuset.c	Mon Jul  6 16:34:09 2020	(r362968)
@@ -1595,7 +1595,9 @@ cpuset_check_capabilities(struct thread *td, cpulevel_
 			return (ECAPMODE);
 		if (which != CPU_WHICH_TID && which != CPU_WHICH_PID)
 			return (ECAPMODE);
-		if (id != -1)
+		if (id != -1 &&
+		    !(which == CPU_WHICH_TID && id == td->td_tid) &&
+		    !(which == CPU_WHICH_PID && id == td->td_proc->p_pid))
 			return (ECAPMODE);
 	}
 	return (0);