use crcopysafe(9) to update a process' credential in sys_cap_enter()
ClosedPublic
Actions

Authored by markj on Jan 5 2015, 10:12 PM.

Tags

None

Referenced Files

	F122004194: D1443.id3007.diff
	Tue, Jul 1, 9:14 AM

	Unknown Object (File)
	Sat, Jun 28, 11:01 PM

	Unknown Object (File)
	Fri, Jun 27, 5:14 PM

	Unknown Object (File)
	Fri, Jun 27, 12:19 AM

	Unknown Object (File)
	Fri, Jun 20, 3:42 AM

	Unknown Object (File)
	Tue, Jun 17, 2:59 AM

	Unknown Object (File)
	Sun, Jun 15, 10:39 PM

	Unknown Object (File)
	Apr 25 2025, 2:28 PM

View All 94 Files

Subscribers

None

Details

Reviewers

rwatson

Group Reviewers

capsicum

Commits

rS276727: Use crcopysafe(9) to make a copy of a process' credential struct. crcopy(9)

Summary

At the moment, sys_cap_enter() uses crcopy(9) to make a copy of a process' credential struct; it sets a flag on the copy and updates the process' p_ucred to point to the new copy. All of this is done while the corresponding proc lock is held.

crcopy(9) potentially performs an M_WAITOK allocation, which is not allowed when a mutex is held. This change modifies sys_cap_enter() to use crcopysafe(9) instead, since it's designed to avoid this problem.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

markj updated this revision to Diff 3006.Jan 5 2015, 10:12 PM

markj retitled this revision from to use crcopysafe(9) to update a process' credential in sys_cap_enter().

markj updated this object.

markj edited the test plan for this revision. (Show Details)

markj added reviewers: capsicum, rwatson.

Seems sensible.

Closed by commit rS276727 (authored by @markj).

Revision Contents
Changeset List

Path

Size

head/

sys/

kern/

sys_capability.c

3 lines

Diff 3007

View Options

head/sys/kern/sys_capability.c

use crcopysafe(9) to update a process' credential in sys_cap_enter()ClosedPublicActions