- User Since
- Jun 4 2014, 10:38 AM (311 w, 4 d)
Sun, May 10
Sat, May 9
Thu, May 7
Fri, May 1
Sorry for late reply, I'll look into it. In general, unless there is a reason not to, we should be feature-compatible with Linux so this (and perhaps more) is on the table.
Adding this without plugging the problem lends itself towards introduction of more bugs, for example the new feature can be added to startup scripts and then the aforementioned attack vector is back on the table.
Mon, Apr 27
It's not about host root but jailed root.
See D12878 .
Apr 17 2020
diff --git a/sys/security/audit/audit_bsm_klib.c b/sys/security/audit/audit_bsm_klib.c index 64b7a344a60..c8d602fb692 100644 --- a/sys/security/audit/audit_bsm_klib.c +++ b/sys/security/audit/audit_bsm_klib.c @@ -433,10 +433,15 @@ audit_canon_path_vp(struct thread *td, struct vnode *rdir, struct vnode *cdir, __func__, __FILE__, __LINE__);
Apr 16 2020
I would prefer extending if-else on *path but I'm not going to insist.
Apr 3 2020
Mar 30 2020
Maybe there is a difference depending on MALLOC_PRODUCTION? Either way, looks like a net win.
Mar 25 2020
anything stopping this from going in?
Mar 19 2020
- add missing lock to proc_set_cred
- add some comments
The original capsicum code introduced a lot of bzeroing which can probably be eliminated.
Mar 11 2020
pho reported a similar problem some time ago, also with nfs. I think the real fix would fold both statfs and root calls into mount so that the fs can handle it however it sees fit, but that's beyond the scope of this review.
Mar 10 2020
Semantics can be agreed upon as follows (this partially repeats itself to reinforce the point):
But my proposal does not loosen anything in terms of assertions, especially smr. In fact I explicitly noted they should be added.
- introduce td_realucred. this fixes a bug against code which temporarily swaps td_ucred with something else
Well that puts CK itself in a rather peculiar spot, what are the expectations of current CK users? Perhaps this would make an argument for replacing internal CK atomics with FreeBSD ones.
Mar 9 2020
CK_* macros are basically queue.sh + augmentation for SMP. They also happen to be a known quantity so to speak and preferably smr would just wrap them and add smr-specific asserts. I don't know if this will pose any problems due to type difference. Should wrapping not work out I think the most pragmatic take would be to steal said macros, s/CK/SMR/ and point at the original stating this renames and adds smr specific stuff but is otherwise equivalent.
Idea implemented in D24007
So I have a better idea which expands on this. Key insight is that if needed we can transfer the count to the "real" reference count in cred and there are few well defined places which affect td_ucred and p_ucred. Thus we can manage the counter per-thread and transfer it out to the actual struct only if we are changing creds to something else.
Mar 8 2020
Mar 7 2020
Tested by pho. He ran into a zfs hang which seems unrelated https://people.freebsd.org/~pho/stress/log/mjguzik026.txt (threads stuck waiting on i/o completion while the thread which should deliver it just sleeps in its main loop)
Mar 6 2020
Can you please add:
- rebase on top of updated D23913
- rename vfs_seqc to vn_seqc
- add back tmpfs port
- hide vfs_smr behind macros
- pretty print hold count flags
that's fair, I'll rename. While here the question is if this should be "smr lookup" instead of "fast path lookup". Then in particular the mount point flag would be MNTK_SMRLOOKUP and so on.
- convert some inlines to macros to get better assertion output
- hide vfs_smr access behind dedicated vfs_* macros
- assert smr in fplookup pre/post routines
- misc comment fixes
Mar 5 2020
- address feedback
- rename loader_fs_mounted
- add smr_kvm_load, will be committed separately
- assorted fixups
Mar 4 2020
Well I claimed the change only affects pipes for which it's not a problem and it avoids touching anything else. I also noted this matches Linux precision for pipe timestamps.
This indeed covers all pipes, it's trivial to make it switchable on PIPE_NAMED.
- assorted bugfixes and cleanups
Mar 3 2020
I think this is too much of an uglifier. Given this and the fact that the change is -CURRENT only (i.e., not going to be MFCed) I think looking out for older compilers is not worth it. I don't see a clear fix modulo copy-pasting the current routines and ifdefing around them.
Mar 2 2020
- fix fixups
- handle SAVENAME
Mar 1 2020
- use smr accessors. libprocstat will be patched later.