--- //depot/projects/smpng/sys/alpha/alpha/machdep.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/alpha/alpha/machdep.c 2002/02/08 14:06:04 @@ -1652,6 +1652,7 @@ uio.uio_segflg = UIO_SYSSPACE; uio.uio_rw = UIO_READ; uio.uio_td = td; + PROC_LOCK(td->td_proc); return proc_rwmem(td->td_proc, &uio); } @@ -1669,6 +1670,7 @@ uio.uio_segflg = UIO_SYSSPACE; uio.uio_rw = UIO_WRITE; uio.uio_td = td; + PROC_LOCK(td->td_proc); return proc_rwmem(td->td_proc, &uio); } --- //depot/projects/smpng/sys/alpha/alpha/mem.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/alpha/alpha/mem.c 2002/01/15 05:03:22 @@ -122,7 +122,7 @@ case 0: case 1: if (flags & FWRITE) { - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); } --- //depot/projects/smpng/sys/alpha/alpha/promcons.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/alpha/alpha/promcons.c 2002/01/15 08:44:58 @@ -124,7 +124,7 @@ ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } --- //depot/projects/smpng/sys/alpha/alpha/sys_machdep.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/alpha/alpha/sys_machdep.c 2002/01/15 08:44:58 @@ -114,16 +114,22 @@ if (error) return (error); - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); - error = suser(td->td_proc); + error = suser(td, 0); if (error) return (error); + /* + * XXX: When KSE splits the md_flags, this will be per-thread and + * won't need locking. + */ + PROC_LOCK(td->td_proc); td->td_md.md_flags |= MDP_HAEUSED; td->td_md.md_hae = ua.hae; + PROC_UNLOCK(td->td_proc); return (0); } --- //depot/projects/smpng/sys/alpha/conf/ALPHA 2001/12/19 00:24:22 +++ //depot/user/jhb/proc/alpha/conf/ALPHA 2002/01/07 11:11:48 @@ -7,7 +7,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols makeoptions NO_MODULES=yes -makeoptions KERNEL=smpng +makeoptions KERNEL=proc # Platforms supported options DEC_ST550 # Personal Workstation 433, 500, 600 --- //depot/projects/smpng/sys/alpha/osf1/imgact_osf1.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/alpha/osf1/imgact_osf1.c 2002/01/15 05:59:25 @@ -75,6 +75,12 @@ #define DPRINTF(a) #endif +/* + * XXX: Use of p_ucred without locks and use of p_thread is probably safe + * but icky. We need to ensure that an exec()'ing process is always + * single threaded at this point and that the process' ucred is the + * credentials the thread calling exec() entered the kernel with. + */ static int exec_osf1_imgact(struct image_params *imgp) { @@ -142,6 +148,7 @@ if (error) { uprintf("imgact_osf1: can't read /compat/osf1/sbin/loader\n"); free(imgp->auxargs, M_TEMP); + free(ndp, M_TEMP); return(error); } if (imgp->vp) { @@ -193,7 +200,8 @@ if (imgp->vp->v_flag & VTEXT) panic("exec: a VTEXT vnode has writecount != 0\n"); #endif - return ETXTBSY; + error = ETXTBSY; + goto bail; } imgp->vp->v_flag |= VTEXT; @@ -202,7 +210,7 @@ VM_PROT_READ|VM_PROT_EXECUTE, VM_PROT_ALL, MAP_FIXED|MAP_COPY, (caddr_t)imgp->vp, ECOFF_TXTOFF(execp)))) { DPRINTF(("%s(%d): error = %d\n", __FILE__, __LINE__, error)); - return error; + goto bail; } /* .. data .. */ if ((error = vm_mmap(&vmspace->vm_map, &daddr, dsize, @@ -251,6 +259,7 @@ VOP_CLOSE(ndp->ni_vp, FREAD, imgp->proc->p_ucred, &imgp->proc->p_thread); vrele(ndp->ni_vp); + free(ndp, M_TEMP); } return(error); } --- //depot/projects/smpng/sys/alpha/osf1/osf1_misc.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/alpha/osf1/osf1_misc.c 2002/02/08 14:06:04 @@ -194,7 +194,7 @@ return error; } - ucred = td->td_proc->p_ucred; + ucred = td->td_ucred; if ((error = VOP_GETATTR(nd.ni_vp, &vat, ucred, td)) != 0) { goto bad; } @@ -1060,13 +1060,18 @@ p = td->td_proc; uid = SCARG(uap, uid); + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; - if ((error = suser_xxx(p->p_ucred, NULL, PRISON_ROOT)) != 0 && - uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) + if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 && + uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) { + PROC_UNLOCK(p); + crfree(newcred); return (error); + } - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (error == 0) { if (uid != oldcred->cr_ruid) { change_ruid(newcred, uid); @@ -1082,6 +1087,7 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); return (0); } @@ -1106,13 +1112,18 @@ p = td->td_proc; gid = SCARG(uap, gid); + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; - if (((error = suser_xxx(p->p_ucred, NULL, PRISON_ROOT)) != 0 ) && - gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) + if (((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 ) && + gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) { + PROC_UNLOCK(p); + crfree(newcred); return (error); + } - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (error == 0) { if (gid != oldcred->cr_rgid) { change_rgid(newcred, gid); @@ -1128,6 +1139,7 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); return (0); } --- //depot/projects/smpng/sys/alpha/tlsb/zs_tlsb.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/alpha/tlsb/zs_tlsb.c 2002/01/15 08:44:58 @@ -290,7 +290,7 @@ tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } --- //depot/projects/smpng/sys/cam/scsi/scsi_pass.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/cam/scsi/scsi_pass.c 2002/01/15 06:02:22 @@ -371,7 +371,7 @@ /* * Don't allow access when we're running at a high securelevel. */ - error = securelevel_gt(td->td_proc->p_ucred, 1); + error = securelevel_gt(td->td_ucred, 1); if (error) { splx(s); return(error); --- //depot/projects/smpng/sys/coda/coda_vfsops.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/coda/coda_vfsops.c 2002/01/15 05:22:57 @@ -317,7 +317,7 @@ } } - error = venus_root(vftomi(vfsp), p->p_ucred, p, &VFid); + error = venus_root(vftomi(vfsp), td->td_ucred, p, &VFid); if (!error) { /* @@ -457,7 +457,7 @@ return(0); } - error = venus_fhtovp(vftomi(vfsp), &cfid->cfid_fid, p->p_ucred, p, &VFid, &vtype); + error = venus_fhtovp(vftomi(vfsp), &cfid->cfid_fid, td->td_ucred, p, &VFid, &vtype); if (error) { CODADEBUG(CODA_VGET, myprintf(("vget error %d\n",error));) --- //depot/projects/smpng/sys/compat/linprocfs/linprocfs.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/compat/linprocfs/linprocfs.c 2002/02/08 12:43:41 @@ -487,16 +487,16 @@ { struct kinfo_proc kp; + PROC_LOCK(p); fill_kinfo_proc(p, &kp); sbuf_printf(sb, "%d", p->p_pid); #define PS_ADD(name, fmt, arg) sbuf_printf(sb, " " fmt, arg) PS_ADD("comm", "(%s)", p->p_comm); PS_ADD("statr", "%c", '0'); /* XXX */ - PROC_LOCK(p); PS_ADD("ppid", "%d", p->p_pptr ? p->p_pptr->p_pid : 0); - PROC_UNLOCK(p); PS_ADD("pgrp", "%d", p->p_pgid); PS_ADD("session", "%d", p->p_session->s_sid); + PROC_UNLOCK(p); PS_ADD("tty", "%d", 0); /* XXX */ PS_ADD("tpgid", "%d", 0); /* XXX */ PS_ADD("flags", "%u", 0); /* XXX */ @@ -569,6 +569,7 @@ state = state_str[(int)p->p_stat]; mtx_unlock_spin(&sched_lock); + PROC_LOCK(p); fill_kinfo_proc(p, &kp); sbuf_printf(sb, "Name:\t%s\n", p->p_comm); /* XXX escape */ sbuf_printf(sb, "State:\t%s\n", state); @@ -577,7 +578,6 @@ * Credentials */ sbuf_printf(sb, "Pid:\t%d\n", p->p_pid); - PROC_LOCK(p); sbuf_printf(sb, "PPid:\t%d\n", p->p_pptr ? p->p_pptr->p_pid : 0); sbuf_printf(sb, "Uid:\t%d %d %d %d\n", p->p_ucred->cr_ruid, @@ -670,11 +670,15 @@ * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) { + PROC_LOCK(p); + if (p->p_args && (ps_argsopen || !p_cansee(td, p))) { sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); + PROC_UNLOCK(p); } else if (p != td->td_proc) { + PROC_UNLOCK(p); sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm); } else { + PROC_UNLOCK(p); error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr)); if (error) return (error); --- //depot/projects/smpng/sys/compat/linux/linux_file.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/compat/linux/linux_file.c 2002/02/08 14:06:04 @@ -284,7 +284,7 @@ return (EINVAL); } - if ((error = VOP_GETATTR(vp, &va, td->td_proc->p_ucred, td))) { + if ((error = VOP_GETATTR(vp, &va, td->td_ucred, td))) { fdrop(fp, td); return (error); } --- //depot/projects/smpng/sys/compat/linux/linux_getcwd.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/compat/linux/linux_getcwd.c 2002/01/15 05:59:25 @@ -132,7 +132,7 @@ * current directory is still locked. */ if (bufp != NULL) { - error = VOP_GETATTR(lvp, &va, td->td_proc->p_ucred, td); + error = VOP_GETATTR(lvp, &va, td->td_ucred, td); if (error) { vput(lvp); *lvpp = NULL; @@ -148,7 +148,7 @@ cn.cn_nameiop = LOOKUP; cn.cn_flags = ISLASTCN | ISDOTDOT | RDONLY; cn.cn_thread = td; - cn.cn_cred = td->td_proc->p_ucred; + cn.cn_cred = td->td_ucred; cn.cn_pnbuf = NULL; cn.cn_nameptr = ".."; cn.cn_namelen = 2; @@ -200,7 +200,7 @@ eofflag = 0; - error = VOP_READDIR(uvp, &uio, td->td_proc->p_ucred, &eofflag, 0, 0); + error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, 0, 0); off = uio.uio_offset; @@ -335,7 +335,7 @@ * whether or not caller cares. */ if (flags & GETCWD_CHECK_ACCESS) { - error = VOP_ACCESS(lvp, perms, td->td_proc->p_ucred, td); + error = VOP_ACCESS(lvp, perms, td->td_ucred, td); if (error) goto out; perms = VEXEC|VREAD; --- //depot/projects/smpng/sys/compat/linux/linux_mib.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/compat/linux/linux_mib.c 2002/02/07 08:18:09 @@ -50,6 +50,16 @@ SYSCTL_NODE(_compat, OID_AUTO, linux, CTLFLAG_RW, 0, "Linux mode"); +static struct mtx osname_lock; + +static void +linux_osname_init(void *dummy) +{ + + mtx_init(&osname_lock, "linux osname", MTX_DEF); +} +SYSINIT(linux_osname_init, SI_SUB_LOCK, SI_ORDER_ANY, linux_osname_init, NULL) + static char linux_osname[LINUX_MAX_UTSNAME] = "Linux"; static int @@ -122,34 +132,25 @@ register struct prison *pr; register struct linux_prison *lpr; - if (!jailed(p->p_ucred)) + PROC_LOCK(p); + if (!jailed(p->p_ucred)) { + PROC_UNLOCK(p); return (NULL); + } + PROC_UNLOCK(p); + MALLOC(lpr, struct linux_prison *, sizeof *lpr, M_PRISON, + M_WAITOK | M_ZERO); + PROC_LOCK(p); pr = p->p_ucred->cr_prison; - - /* - * Rather than hold the prison mutex during allocation, check to - * see if we need to allocate while holding the mutex, release it, - * allocate, then once we've allocated the memory, check again to - * see if it's still needed, and set if appropriate. If it's not, - * we release the mutex again to FREE(), and grab it again so as - * to release holding the lock. - */ mtx_lock(&pr->pr_mtx); if (pr->pr_linux == NULL) { - mtx_unlock(&pr->pr_mtx); - MALLOC(lpr, struct linux_prison *, sizeof *lpr, - M_PRISON, M_WAITOK|M_ZERO); - mtx_lock(&pr->pr_mtx); - if (pr->pr_linux == NULL) { - pr->pr_linux = lpr; - } else { - mtx_unlock(&pr->pr_mtx); - FREE(lpr, M_PRISON); - mtx_lock(&pr->pr_mtx); - } + pr->pr_linux = lpr; + lpr = NULL; } - + PROC_UNLOCK(p); + if (lpr != NULL) + FREE(lpr, M_PRISON); return (pr->pr_linux); } @@ -161,24 +162,26 @@ register struct prison *pr; register struct linux_prison *lpr; - if (p->p_ucred->cr_prison == NULL) { - bcopy(linux_osname, dst, LINUX_MAX_UTSNAME); - return; - } - + PROC_LOCK(p); pr = p->p_ucred->cr_prison; - - mtx_lock(&pr->pr_mtx); - if (pr->pr_linux != NULL) { - lpr = (struct linux_prison *)pr->pr_linux; - if (lpr->pr_osname[0]) { - bcopy(lpr->pr_osname, dst, LINUX_MAX_UTSNAME); - mtx_unlock(&pr->pr_mtx); - return; + if (pr != NULL) { + mtx_lock(&pr->pr_mtx); + if (pr->pr_linux != NULL) { + lpr = (struct linux_prison *)pr->pr_linux; + if (lpr->pr_osname[0]) { + bcopy(lpr->pr_osname, dst, LINUX_MAX_UTSNAME); + mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + return; + } } + mtx_unlock(&pr->pr_mtx); } - mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + + mtx_lock(&osname_lock); bcopy(linux_osname, dst, LINUX_MAX_UTSNAME); + mtx_unlock(&osname_lock); } int @@ -191,9 +194,12 @@ lpr = linux_get_prison(p); if (lpr != NULL) { strcpy(lpr->pr_osname, osname); + /* XXX: This is way, bad uber disgusting wrong!!! */ mtx_unlock(&p->p_ucred->cr_prison->pr_mtx); } else { + mtx_lock(&osname_lock); strcpy(linux_osname, osname); + mtx_unlock(&osname_lock); } return (0); @@ -207,24 +213,27 @@ register struct prison *pr; struct linux_prison *lpr; - if (p->p_ucred->cr_prison == NULL) { - bcopy(linux_osrelease, dst, LINUX_MAX_UTSNAME); - return; - } - + PROC_LOCK(p); pr = p->p_ucred->cr_prison; - - mtx_lock(&pr->pr_mtx); - if (pr->pr_linux != NULL) { - lpr = (struct linux_prison *) pr->pr_linux; - if (lpr->pr_osrelease[0]) { - bcopy(lpr->pr_osrelease, dst, LINUX_MAX_UTSNAME); - mtx_unlock(&pr->pr_mtx); - return; + if (pr != NULL) { + mtx_lock(&pr->pr_mtx); + if (pr->pr_linux != NULL) { + lpr = (struct linux_prison *) pr->pr_linux; + if (lpr->pr_osrelease[0]) { + bcopy(lpr->pr_osrelease, dst, + LINUX_MAX_UTSNAME); + mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + return; + } } + mtx_unlock(&pr->pr_mtx); } - mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + + mtx_lock(&osname_lock); bcopy(linux_osrelease, dst, LINUX_MAX_UTSNAME); + mtx_unlock(&osname_lock); } int @@ -237,9 +246,12 @@ lpr = linux_get_prison(p); if (lpr != NULL) { strcpy(lpr->pr_osrelease, osrelease); + /* XXX */ mtx_unlock(&p->p_ucred->cr_prison->pr_mtx); } else { + mtx_lock(&osname_lock); strcpy(linux_osrelease, osrelease); + mtx_unlock(&osname_lock); } return (0); @@ -253,24 +265,26 @@ register struct linux_prison *lpr; int version; - if (p->p_ucred->cr_prison == NULL) - return (linux_oss_version); - + PROC_LOCK(p); pr = p->p_ucred->cr_prison; - - mtx_lock(&pr->pr_mtx); - if (pr->pr_linux != NULL) { - lpr = (struct linux_prison *) pr->pr_linux; - if (lpr->pr_oss_version) { - version = lpr->pr_oss_version; - } else { - version = linux_oss_version; + if (pr != NULL) { + mtx_lock(&pr->pr_mtx); + if (pr->pr_linux != NULL) { + lpr = (struct linux_prison *) pr->pr_linux; + if (lpr->pr_oss_version) { + version = lpr->pr_oss_version; + mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + return (version); + } } - } else { - version = linux_oss_version; + mtx_unlock(&pr->pr_mtx); } - mtx_unlock(&pr->pr_mtx); + PROC_UNLOCK(p); + mtx_lock(&osname_lock); + version = linux_oss_version; + mtx_unlock(&osname_lock); return (version); } @@ -284,9 +298,12 @@ lpr = linux_get_prison(p); if (lpr != NULL) { lpr->pr_oss_version = oss_version; + /* XXX */ mtx_unlock(&p->p_ucred->cr_prison->pr_mtx); } else { + mtx_lock(&osname_lock); linux_oss_version = oss_version; + mtx_unlock(&osname_lock); } return (0); --- //depot/projects/smpng/sys/compat/linux/linux_misc.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/compat/linux/linux_misc.c 2002/02/08 14:06:04 @@ -283,7 +283,7 @@ } /* Executable? */ - error = VOP_GETATTR(vp, &attr, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, &attr, td->td_ucred, td); if (error) goto cleanup; @@ -300,11 +300,11 @@ } /* Can we access it? */ - error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td); if (error) goto cleanup; - error = VOP_OPEN(vp, FREAD, td->td_proc->p_ucred, td); + error = VOP_OPEN(vp, FREAD, td->td_ucred, td); if (error) goto cleanup; @@ -970,9 +970,19 @@ l_gid_t linux_gidset[NGROUPS]; gid_t *bsd_gidset; int ngrp, error; + struct proc *p; ngrp = args->gidsetsize; - oldcred = td->td_proc->p_ucred; + if (ngrp >= NGROUPS) + return (EINVAL); + error = copyin((caddr_t)args->grouplist, linux_gidset, + ngrp * sizeof(l_gid_t)); + if (error) + return (error); + newcred = crget(); + p = td->td_proc; + PROC_LOCK(p); + oldcred = p->p_ucred; /* * cr_groups[0] holds egid. Setting the whole set from @@ -980,19 +990,14 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); return (error); + } - if (ngrp >= NGROUPS) - return (EINVAL); - - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (ngrp > 0) { - error = copyin((caddr_t)args->grouplist, linux_gidset, - ngrp * sizeof(l_gid_t)); - if (error) - return (error); - newcred->cr_ngroups = ngrp + 1; bsd_gidset = newcred->cr_groups; @@ -1005,8 +1010,9 @@ else newcred->cr_ngroups = 1; - setsugid(td->td_proc); - td->td_proc->p_ucred = newcred; + setsugid(p); + p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); return (0); } @@ -1019,7 +1025,7 @@ gid_t *bsd_gidset; int bsd_gidsetsz, ngrp, error; - cred = td->td_proc->p_ucred; + cred = td->td_ucred; bsd_gidset = cred->cr_groups; bsd_gidsetsz = cred->cr_ngroups - 1; @@ -1310,7 +1316,7 @@ linux_getgid(struct thread *td, struct linux_getgid_args *args) { - td->td_retval[0] = td->td_proc->p_ucred->cr_rgid; + td->td_retval[0] = td->td_ucred->cr_rgid; return (0); } @@ -1318,7 +1324,7 @@ linux_getuid(struct thread *td, struct linux_getuid_args *args) { - td->td_retval[0] = td->td_proc->p_ucred->cr_ruid; + td->td_retval[0] = td->td_ucred->cr_ruid; return (0); } --- //depot/projects/smpng/sys/compat/linux/linux_uid16.c 2001/10/17 19:58:24 +++ //depot/user/jhb/proc/compat/linux/linux_uid16.c 2002/01/15 07:44:40 @@ -30,6 +30,8 @@ #include #include +#include +#include #include #include @@ -93,6 +95,7 @@ l_gid16_t linux_gidset[NGROUPS]; gid_t *bsd_gidset; int ngrp, error; + struct proc *p; #ifdef DEBUG if (ldebug(setgroups16)) @@ -100,7 +103,16 @@ #endif ngrp = args->gidsetsize; - oldcred = td->td_proc->p_ucred; + if (ngrp >= NGROUPS) + return (EINVAL); + error = copyin((caddr_t)args->gidset, linux_gidset, + ngrp * sizeof(l_gid16_t)); + if (error) + return (error); + newcred = crget(); + p = td->td_proc; + PROC_LOCK(p); + oldcred = p->p_ucred; /* * cr_groups[0] holds egid. Setting the whole set from @@ -108,19 +120,14 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); return (error); + } - if (ngrp >= NGROUPS) - return (EINVAL); - - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (ngrp > 0) { - error = copyin((caddr_t)args->gidset, linux_gidset, - ngrp * sizeof(l_gid16_t)); - if (error) - return (error); - newcred->cr_ngroups = ngrp + 1; bsd_gidset = newcred->cr_groups; @@ -134,7 +141,8 @@ newcred->cr_ngroups = 1; setsugid(td->td_proc); - td->td_proc->p_ucred = newcred; + p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); return (0); } @@ -152,7 +160,7 @@ printf(ARGS(getgroups16, "%d, *"), args->gidsetsize); #endif - cred = td->td_proc->p_ucred; + cred = td->td_ucred; bsd_gidset = cred->cr_groups; bsd_gidsetsz = cred->cr_ngroups - 1; @@ -200,7 +208,7 @@ linux_getgid16(struct thread *td, struct linux_getgid16_args *args) { - td->td_retval[0] = td->td_proc->p_ucred->cr_rgid; + td->td_retval[0] = td->td_ucred->cr_rgid; return (0); } @@ -208,7 +216,7 @@ linux_getuid16(struct thread *td, struct linux_getuid16_args *args) { - td->td_retval[0] = td->td_proc->p_ucred->cr_ruid; + td->td_retval[0] = td->td_ucred->cr_ruid; return (0); } --- //depot/projects/smpng/sys/compat/linux/linux_util.c 2001/10/29 12:58:53 +++ //depot/user/jhb/proc/compat/linux/linux_util.c 2002/01/15 05:59:25 @@ -140,11 +140,11 @@ return error; } - if ((error = VOP_GETATTR(nd.ni_vp, &vat, td->td_proc->p_ucred, td)) != 0) { + if ((error = VOP_GETATTR(nd.ni_vp, &vat, td->td_ucred, td)) != 0) { goto bad; } - if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, td->td_proc->p_ucred, td)) + if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, td->td_ucred, td)) != 0) { goto bad; } --- //depot/projects/smpng/sys/compat/pecoff/imgact_pecoff.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/compat/pecoff/imgact_pecoff.c 2002/02/08 12:43:41 @@ -163,8 +163,9 @@ pecoff_coredump(register struct thread * td, register struct vnode * vp, off_t limit) { - register struct ucred *cred = td->td_proc->p_ucred; - register struct vmspace *vm = td->td_proc->p_vmspace; + register struct ucred *cred = td->td_ucred; + struct proc *p = td->td_proc; + register struct vmspace *vm = p->p_vmspace; int error; #ifdef PECOFF_DEBUG struct vm_map *map; @@ -174,7 +175,9 @@ #endif if (ctob((UAREA_PAGES+KSTACK_PAGES) + vm->vm_dsize + vm->vm_ssize) >= limit) return (EFAULT); - fill_kinfo_proc(td->td_proc, &td->td_proc->p_uarea->u_kproc); + PROC_LOCK(p); + fill_kinfo_proc(p, &p->p_uarea->u_kproc); + PROC_UNLOCK(p); #if PECOFF_DEBUG fill_regs(td, ®s); @@ -605,7 +608,7 @@ size_t resid; error = vn_rdwr(UIO_READ, vp, buf, siz, pos, - UIO_SYSSPACE, IO_NODELOCKED, td->td_proc->p_ucred, + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) return error; --- //depot/projects/smpng/sys/compat/svr4/svr4_fcntl.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/compat/svr4/svr4_fcntl.c 2002/02/08 14:06:04 @@ -260,11 +260,11 @@ goto out; } - if ((error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td)) != 0) + if ((error = VOP_GETATTR(vp, &vattr, td->td_ucred, td)) != 0) goto out; - if (td->td_proc->p_ucred->cr_uid != vattr.va_uid && - (error = suser_td(td)) != 0) + if (td->td_ucred->cr_uid != vattr.va_uid && + (error = suser(td, 0)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) @@ -306,7 +306,7 @@ return ESPIPE; } - if ((error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td)) != 0) { + if ((error = VOP_GETATTR(vp, &vattr, td->td_ucred, td)) != 0) { fdrop(fp, td); return error; } --- //depot/projects/smpng/sys/compat/svr4/svr4_misc.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/compat/svr4/svr4_misc.c 2002/02/08 14:06:04 @@ -275,7 +275,7 @@ return (EINVAL); } - if ((error = VOP_GETATTR(vp, &va, td->td_proc->p_ucred, td))) { + if ((error = VOP_GETATTR(vp, &va, td->td_ucred, td))) { fdrop(fp, td); return error; } @@ -607,7 +607,7 @@ struct file *fp; int error; - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return error; if ((error = getvnode(fdp, SCARG(uap, fd), &fp)) != 0) return error; @@ -616,7 +616,7 @@ if (vp->v_type != VDIR) error = ENOTDIR; else - error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); if (error) { fdrop(fp, td); --- //depot/projects/smpng/sys/compat/svr4/svr4_stat.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/compat/svr4/svr4_stat.c 2002/01/15 08:44:58 @@ -560,13 +560,13 @@ break; #if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES) case SVR4_SI_SET_HOSTNAME: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return error; name = KERN_HOSTNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); case SVR4_SI_SET_SRPC_DOMAIN: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return error; name = KERN_NISDOMAINNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); --- //depot/projects/smpng/sys/compat/svr4/svr4_sysvec.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/compat/svr4/svr4_sysvec.c 2002/02/08 12:43:41 @@ -44,7 +44,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -213,10 +215,12 @@ AUXARGS_ENTRY(pos, AT_FLAGS, args->flags); AUXARGS_ENTRY(pos, AT_ENTRY, args->entry); AUXARGS_ENTRY(pos, AT_BASE, args->base); + PROC_LOCK(imgp->proc); AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_ucred->cr_ruid); AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_ucred->cr_svuid); AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid); AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid); + PROC_UNLOCK(imgp->proc); AUXARGS_ENTRY(pos, AT_NULL, 0); free(imgp->auxargs, M_TEMP); @@ -246,7 +250,6 @@ char **pbuf; int cflag; { - struct proc *p = td->td_proc; struct nameidata nd; struct nameidata ndroot; struct vattr vat; @@ -331,11 +334,11 @@ } NDFREE(&ndroot, NDF_ONLY_PNBUF); - if ((error = VOP_GETATTR(nd.ni_vp, &vat, p->p_ucred, td)) != 0) { + if ((error = VOP_GETATTR(nd.ni_vp, &vat, td->td_ucred, td)) != 0) { goto done; } - if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, p->p_ucred, td)) + if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, td->td_ucred, td)) != 0) { goto done; } --- //depot/projects/smpng/sys/ddb/db_ps.c 2001/10/23 16:38:14 +++ //depot/user/jhb/proc/ddb/db_ps.c 2001/10/24 09:33:08 @@ -55,6 +55,7 @@ np = nprocs; + /* sx_slock(&allproc_lock); */ if (!LIST_EMPTY(&allproc)) p = LIST_FIRST(&allproc); else @@ -90,6 +91,7 @@ printf("oops, ran out of processes early!\n"); break; } + /* PROC_LOCK(p); */ pp = p->p_pptr; if (pp == NULL) pp = p; @@ -126,8 +128,11 @@ } db_printf(" %s\n", p->p_comm); } + /* PROC_UNLOCK(p); */ + p = LIST_NEXT(p, p_list); if (p == NULL && np > 0) p = LIST_FIRST(&zombproc); } + /* sx_sunlock(&allproc_lock); */ } --- //depot/projects/smpng/sys/dev/an/if_an.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/dev/an/if_an.c 2002/02/06 23:07:48 @@ -1268,7 +1268,7 @@ int i; struct an_softc *sc; struct ifreq *ifr; - struct proc *p = curproc; + struct thread *td = curthread; struct ieee80211req *ireq; u_int8_t tmpstr[IEEE80211_NWID_LEN*2]; u_int8_t *tmpptr; @@ -1355,7 +1355,7 @@ error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq)); break; case SIOCSAIRONET: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq)); if (error != 0) @@ -1612,7 +1612,7 @@ } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; sc->areq.an_len = sizeof(sc->areq); /* --- //depot/projects/smpng/sys/dev/asr/asr.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/dev/asr/asr.c 2002/01/15 08:44:58 @@ -3880,7 +3880,7 @@ s = splcam (); if (ASR_ctlr_held) { error = EBUSY; - } else if ((error = suser(td->td_proc)) == 0) { + } else if ((error = suser(td, 0)) == 0) { ++ASR_ctlr_held; } splx(s); --- //depot/projects/smpng/sys/dev/ata/atapi-cd.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/ata/atapi-cd.c 2002/02/08 14:06:04 @@ -574,7 +574,7 @@ break; case CDIOCRESET: - error = suser(td->td_proc); + error = suser(td, 0); if (error) break; error = atapi_test_ready(cdp->device); --- //depot/projects/smpng/sys/dev/awi/awi.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/awi/awi.c 2002/01/15 08:44:58 @@ -521,7 +521,11 @@ break; case SIOCS80211NWID: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -555,7 +559,11 @@ break; case SIOCS80211NWKEY: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -613,7 +621,11 @@ error = awi_wep_getkey(sc, ireq->i_val, tmpstr, &len); if(error) break; +#if __FreeBSD__ >= 5 + if(!suser(curthread, 0)) +#else if(!suser(curproc)) +#endif bzero(tmpstr, len); ireq->i_len = len; error = copyout(tmpstr, ireq->i_data, len); @@ -650,7 +662,11 @@ } break; case SIOCS80211: +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if(error) break; switch(ireq->i_type) { --- //depot/projects/smpng/sys/dev/awi/awi_wep.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/awi/awi_wep.c 2002/01/15 08:44:58 @@ -189,7 +189,11 @@ nwkey->i_defkid = sc->sc_wep_defkid + 1; /* do not show any keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + suerr = suser(curthread, 0); +#else suerr = suser(curproc); +#endif #else suerr = suser(curproc->p_ucred, &curproc->p_acflag); #endif --- //depot/projects/smpng/sys/dev/awi/awi_wicfg.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/awi/awi_wicfg.c 2002/01/15 08:44:58 @@ -108,7 +108,11 @@ break; case SIOCSWAVELAN: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif @@ -272,7 +276,11 @@ keys = (struct wi_ltv_keys *)&wreq; /* do not show keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif --- //depot/projects/smpng/sys/dev/ccd/ccd.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/dev/ccd/ccd.c 2002/01/15 05:31:01 @@ -441,7 +441,7 @@ * Get partition information for the component. */ if ((error = VOP_IOCTL(vp, DIOCGPART, (caddr_t)&dpart, - FREAD, td->td_proc->p_ucred, td)) != 0) { + FREAD, td->td_ucred, td)) != 0) { #ifdef DEBUG if (ccddebug & (CCDB_FOLLOW|CCDB_INIT)) printf("ccd%d: %s: ioctl failed, error = %d\n", @@ -1328,7 +1328,7 @@ if ((error = ccdlookup(cpp[i], td, &vpp[i])) != 0) { for (j = 0; j < lookedup; ++j) (void)vn_close(vpp[j], FREAD|FWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); free(vpp, M_DEVBUF); free(cpp, M_DEVBUF); ccdunlock(cs); @@ -1345,7 +1345,7 @@ if ((error = ccdinit(cs, cpp, td)) != 0) { for (j = 0; j < lookedup; ++j) (void)vn_close(vpp[j], FREAD|FWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); /* * We can't ccddestroy() cs just yet, because nothing * prevents user-level app to do another ioctl() @@ -1406,7 +1406,7 @@ cs->sc_cinfo[i].ci_vp); #endif (void)vn_close(cs->sc_cinfo[i].ci_vp, FREAD|FWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); free(cs->sc_cinfo[i].ci_path, M_DEVBUF); } @@ -1637,7 +1637,7 @@ VOP_UNLOCK(vp, 0, td); NDFREE(&nd, NDF_ONLY_PNBUF); /* vn_close does vrele() for vp */ - (void)vn_close(vp, FREAD|FWRITE, td->td_proc->p_ucred, td); + (void)vn_close(vp, FREAD|FWRITE, td->td_ucred, td); return (error); } --- //depot/projects/smpng/sys/dev/cnw/if_cnw.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/cnw/if_cnw.c 2002/02/08 14:06:04 @@ -1239,7 +1239,11 @@ #endif struct ifreq *ifr = (struct ifreq *)data; int s, error = 0; +#if defined(__FreeBSD__) && __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ +#else struct proc *p = curproc; /*XXX*/ +#endif s = splnet(); @@ -1331,8 +1335,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; error = cnw_setdomain(sc, ifr->ifr_domain); @@ -1342,8 +1350,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; error = cnw_setkey(sc, (int)ifr->ifr_key); @@ -1353,8 +1365,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; if ((ifp->if_flags & IFF_RUNNING) == 0) --- //depot/projects/smpng/sys/dev/dgb/dgb.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/dev/dgb/dgb.c 2002/01/15 09:05:41 @@ -1046,7 +1046,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto out; } @@ -1544,7 +1544,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1766,7 +1766,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/dev/digi/digi.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/dev/digi/digi.c 2002/01/15 09:05:41 @@ -781,7 +781,7 @@ } goto open_top; } - if (tp->t_state & TS_XCLUDE && td->td_proc->p_ucred->cr_uid != 0) { + if (tp->t_state & TS_XCLUDE && suser(td, 0) != 0) { error = EBUSY; goto out; } @@ -1144,7 +1144,7 @@ switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1315,7 +1315,7 @@ *(int *)data = digimctl(port, 0, DMGET); break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/dev/md/md.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/md/md.c 2002/02/08 14:06:04 @@ -604,7 +604,6 @@ static int mdcreate_vnode(struct md_ioctl *mdio, struct thread *td) { - struct proc *p = td->td_proc; struct md_s *sc; struct vattr vattr; struct nameidata nd; @@ -637,9 +636,9 @@ } NDFREE(&nd, NDF_ONLY_PNBUF); if (nd.ni_vp->v_type != VREG || - (error = VOP_GETATTR(nd.ni_vp, &vattr, p->p_ucred, td))) { + (error = VOP_GETATTR(nd.ni_vp, &vattr, td->td_ucred, td))) { VOP_UNLOCK(nd.ni_vp, 0, td); - (void) vn_close(nd.ni_vp, flags, p->p_ucred, td); + (void) vn_close(nd.ni_vp, flags, td->td_ucred, td); return (error ? error : EINVAL); } VOP_UNLOCK(nd.ni_vp, 0, td); @@ -654,12 +653,12 @@ else sc->nsect = vattr.va_size / sc->secsize; /* XXX: round up ? */ if (sc->nsect == 0) { - (void) vn_close(nd.ni_vp, flags, p->p_ucred, td); + (void) vn_close(nd.ni_vp, flags, td->td_ucred, td); return (EINVAL); } - error = mdsetcred(sc, p->p_ucred); + error = mdsetcred(sc, td->td_ucred); if (error) { - (void) vn_close(nd.ni_vp, flags, p->p_ucred, td); + (void) vn_close(nd.ni_vp, flags, td->td_ucred, td); return (error); } mdinit(sc); @@ -749,7 +748,7 @@ return (EDOM); } } - error = mdsetcred(sc, td->td_proc->p_ucred); + error = mdsetcred(sc, td->td_ucred); if (error) mddestroy(sc, td); else --- //depot/projects/smpng/sys/dev/nmdm/nmdm.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/dev/nmdm/nmdm.c 2002/01/15 09:05:41 @@ -203,9 +203,9 @@ tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser_td(td)) { + } else if (tp->t_state & TS_XCLUDE && suser(td, 0)) { return (EBUSY); - } else if (pti->pt_prison != td->td_proc->p_ucred->cr_prison) { + } else if (pti->pt_prison != td->td_ucred->cr_prison) { return (EBUSY); } --- //depot/projects/smpng/sys/dev/ofw/ofw_console.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/dev/ofw/ofw_console.c 2002/01/15 09:05:41 @@ -123,7 +123,7 @@ ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser_td(td)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { return (EBUSY); } --- //depot/projects/smpng/sys/dev/pci/pci_user.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/dev/pci/pci_user.c 2002/01/15 05:31:01 @@ -91,7 +91,7 @@ int error; if (oflags & FWRITE) { - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); } --- //depot/projects/smpng/sys/dev/random/randomdev.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/dev/random/randomdev.c 2002/01/15 08:44:58 @@ -144,10 +144,10 @@ int error; if (flags & FWRITE) { - error = suser(td->td_proc); + error = suser(td, 0); if (error) return (error); - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); } @@ -158,8 +158,8 @@ random_close(dev_t dev, int flags, int fmt, struct thread *td) { if (flags & FWRITE) { - if (!(suser(td->td_proc) || - securelevel_gt(td->td_proc->p_ucred, 0))) + if (!(suser(td, 0) || + securelevel_gt(td->td_ucred, 0))) random_reseed(); } return 0; --- //depot/projects/smpng/sys/dev/rp/rp.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/dev/rp/rp.c 2002/01/15 09:05:41 @@ -1008,7 +1008,7 @@ goto open_top; } } - if(tp->t_state & TS_XCLUDE && suser_td(td) != 0) { + if(tp->t_state & TS_XCLUDE && suser(td, 0) != 0) { splx(oldspl); error = EBUSY; goto out2; @@ -1265,7 +1265,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if(error != 0) return(error); *ct = *(struct termios *)data; @@ -1410,7 +1410,7 @@ *(int *)data = result; break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td, 0); if(error != 0) { splx(oldspl); return(error); --- //depot/projects/smpng/sys/dev/sbni/if_sbni.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/dev/sbni/if_sbni.c 2002/01/15 08:44:58 @@ -1042,6 +1042,7 @@ { struct sbni_softc *sc; struct ifreq *ifr; + struct thread *td; struct proc *p; struct sbni_in_stats *in_stats; struct sbni_flags flags; @@ -1049,7 +1050,8 @@ sc = ifp->if_softc; ifr = (struct ifreq *)data; - p = curproc; + td = curthread; + p = td->td_proc; error = 0; s = splimp(); @@ -1114,7 +1116,7 @@ case SIOCSHWFLAGS: /* set flags */ /* root only */ - error = suser(p); + error = suser(td, 0); if (error) break; flags = *(struct sbni_flags*)&ifr->ifr_data; @@ -1136,7 +1138,7 @@ break; case SIOCRINSTATS: - if (!(error = suser(p))) /* root only */ + if (!(error = suser(td, 0))) /* root only */ bzero(&sc->in_stats, sizeof(struct sbni_in_stats)); break; --- //depot/projects/smpng/sys/dev/si/si.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/si/si.c 2002/01/15 09:05:41 @@ -607,7 +607,7 @@ /* quickly let in /dev/si_control */ if (IS_CONTROLDEV(mynor)) { - if ((error = suser_td(td))) + if ((error = suser(td, 0))) return(error); return(0); } @@ -686,7 +686,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { DPRINT((pp, DBG_OPEN|DBG_FAIL, "already open and EXCLUSIVE set\n")); error = EBUSY; @@ -951,7 +951,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1064,7 +1064,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error == 0) pp->sp_dtr_wait = *(int *)data * hz / 100; break; @@ -1117,7 +1117,7 @@ ip = (int *)data; -#define SUCHECK if ((error = suser_td(td))) goto out +#define SUCHECK if ((error = suser(td, 0))) goto out switch (cmd) { case TCSIPORTS: --- //depot/projects/smpng/sys/dev/sio/sio.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/sio/sio.c 2002/02/08 14:06:04 @@ -1192,7 +1192,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto out; } @@ -1928,7 +1928,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -2019,7 +2019,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/dev/streams/streams.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/streams/streams.c 2002/02/08 14:06:04 @@ -265,7 +265,7 @@ return error; if ((error = socreate(family, &so, type, protocol, - td->td_proc->p_ucred, td)) != 0) { + td->td_ucred, td)) != 0) { FILEDESC_LOCK(p->p_fd); p->p_fd->fd_ofiles[fd] = 0; FILEDESC_UNLOCK(p->p_fd); --- //depot/projects/smpng/sys/dev/syscons/syscons.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/dev/syscons/syscons.c 2002/01/15 09:05:41 @@ -479,7 +479,7 @@ (*linesw[tp->t_line].l_modem)(tp, 1); } else - if (tp->t_state & TS_XCLUDE && suser_td(td)) + if (tp->t_state & TS_XCLUDE && suser(td, 0)) return(EBUSY); error = (*linesw[tp->t_line].l_open)(dev, tp); @@ -975,10 +975,10 @@ return 0; case KDENABIO: /* allow io operations */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) return error; - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return error; #ifdef __i386__ --- //depot/projects/smpng/sys/dev/syscons/sysmouse.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/syscons/sysmouse.c 2002/01/15 09:05:41 @@ -99,7 +99,7 @@ tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; smparam(tp, &tp->t_termios); (*linesw[tp->t_line].l_modem)(tp, 1); - } else if (tp->t_state & TS_XCLUDE && suser_td(td)) { + } else if (tp->t_state & TS_XCLUDE && suser(td, 0)) { return EBUSY; } --- //depot/projects/smpng/sys/dev/usb/umodem.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/dev/usb/umodem.c 2002/01/15 09:05:41 @@ -599,7 +599,7 @@ if (ISSET(tp->t_state, TS_ISOPEN) && ISSET(tp->t_state, TS_XCLUDE) && - suser_td(p)) + suser(p, 0)) return (EBUSY); /* --- //depot/projects/smpng/sys/dev/vinum/vinum.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/dev/vinum/vinum.c 2002/01/15 09:05:41 @@ -375,7 +375,7 @@ } case VINUM_SUPERDEV_TYPE: - error = suser_td(td); /* are we root? */ + error = suser(td, 0); /* are we root? */ if (error == 0) { /* yes, can do */ if (devminor == VINUM_DAEMON_DEV) /* daemon device */ vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */ --- //depot/projects/smpng/sys/dev/wi/if_wi.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/dev/wi/if_wi.c 2002/02/08 14:06:04 @@ -1475,7 +1475,7 @@ struct wi_req wreq; struct ifreq *ifr; struct ieee80211req *ireq; - struct proc *p = curproc; + struct thread *td = curthread; sc = ifp->if_softc; WI_LOCK(sc); @@ -1527,7 +1527,7 @@ if (error) break; /* Don't show WEP keys to non-root users. */ - if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(p)) + if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(td, 0)) break; if (wreq.wi_type == WI_RID_IFACE_STATS) { bcopy((char *)&sc->wi_stats, (char *)&wreq.wi_val, @@ -1561,7 +1561,7 @@ error = copyout(&wreq, ifr->ifr_data, sizeof(wreq)); break; case SIOCSWAVELAN: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; error = copyin(ifr->ifr_data, &wreq, sizeof(wreq)); if (error) @@ -1620,7 +1620,7 @@ break; } len = sc->wi_keys.wi_keys[ireq->i_val].wi_keylen; - if (suser(p)) + if (suser(td, 0)) bcopy(sc->wi_keys.wi_keys[ireq->i_val].wi_keydat, tmpkey, len); else @@ -1673,7 +1673,7 @@ } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; switch(ireq->i_type) { case IEEE80211_IOC_SSID: --- //depot/projects/smpng/sys/dev/wl/if_wl.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/dev/wl/if_wl.c 2002/01/15 09:05:41 @@ -1254,7 +1254,7 @@ /* pointer to buffer in user space */ up = (void *)ifr->ifr_data; /* work out if they're root */ - isroot = (suser_td(td) == 0); + isroot = (suser(td, 0) == 0); for (i = 0; i < 0x40; i++) { /* don't hand the DES key out to non-root users */ @@ -1269,7 +1269,7 @@ /* copy the PSA in from the caller; we only copy _some_ values */ case SIOCSWLPSA: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td, 0))) break; error = EINVAL; /* assume the worst */ /* pointer to buffer in user space containing data */ @@ -1323,7 +1323,7 @@ */ case SIOCSWLCNWID: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td, 0))) break; if (!(ifp->if_flags & IFF_UP)) { error = EIO; /* only allowed while up */ @@ -1341,7 +1341,7 @@ /* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */ case SIOCGWLEEPROM: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td, 0))) break; /* pointer to buffer in user space */ up = (void *)ifr->ifr_data; @@ -1364,7 +1364,7 @@ /* zero (Delete) the wl cache */ case SIOCDWLCACHE: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td, 0))) break; wl_cache_zero(unit); break; --- //depot/projects/smpng/sys/fs/devfs/devfs_vnops.c 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/fs/devfs/devfs_vnops.c 2002/01/15 08:44:58 @@ -718,7 +718,7 @@ if (uid != de->de_uid || gid != de->de_gid) { if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) && - (error = suser(ap->a_td->td_proc)) != 0) + (error = suser(ap->a_td, 0)) != 0) return (error); de->de_uid = uid; de->de_gid = gid; @@ -735,21 +735,21 @@ if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser(ap->a_td->td_proc))) + (error = suser(ap->a_td, 0))) return (error); de->de_mode = vap->va_mode; c = 1; } if (vap->va_atime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser(ap->a_td->td_proc))) + (error = suser(ap->a_td, 0))) return (error); de->de_atime = vap->va_atime; c = 1; } if (vap->va_mtime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser(ap->a_td->td_proc))) + (error = suser(ap->a_td, 0))) return (error); de->de_mtime = vap->va_mtime; c = 1; @@ -775,7 +775,7 @@ struct devfs_dirent *de; struct devfs_mount *dmp; - error = suser(ap->a_cnp->cn_thread->td_proc); + error = suser(ap->a_cnp->cn_thread, 0); if (error) return(error); dmp = VFSTODEVFS(ap->a_dvp->v_mount); --- //depot/projects/smpng/sys/fs/fifofs/fifo_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/fifofs/fifo_vnops.c 2002/02/08 14:06:04 @@ -176,7 +176,7 @@ MALLOC(fip, struct fifoinfo *, sizeof(*fip), M_VNODE, M_WAITOK); vp->v_fifoinfo = fip; error = socreate(AF_LOCAL, &rso, SOCK_STREAM, 0, - ap->a_td->td_proc->p_ucred, ap->a_td); + ap->a_td->td_ucred, ap->a_td); if (error) { free(fip, M_VNODE); vp->v_fifoinfo = NULL; @@ -184,7 +184,7 @@ } fip->fi_readsock = rso; error = socreate(AF_LOCAL, &wso, SOCK_STREAM, 0, - ap->a_td->td_proc->p_ucred, ap->a_td); + ap->a_td->td_ucred, ap->a_td); if (error) { (void)soclose(rso); free(fip, M_VNODE); --- //depot/projects/smpng/sys/fs/hpfs/hpfs_vfsops.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/fs/hpfs/hpfs_vfsops.c 2002/01/15 05:17:53 @@ -239,7 +239,7 @@ return (EBUSY); vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = vinvalbuf(devvp, V_SAVE, td->td_proc->p_ucred, td, 0, 0); + error = vinvalbuf(devvp, V_SAVE, td->td_ucred, td, 0, 0); VOP_UNLOCK(devvp, 0, td); if (error) return (error); --- //depot/projects/smpng/sys/fs/hpfs/hpfs_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/hpfs/hpfs_vnops.c 2002/02/08 14:06:04 @@ -527,7 +527,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != hp->h_uid && - (error = suser_xxx(cred, td->td_proc, PRISON_ROOT)) && + (error = suser_cred(cred, PRISON_ROOT)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, td)))) return (error); --- //depot/projects/smpng/sys/fs/msdosfs/msdosfs_vfsops.c 2001/11/29 10:51:21 +++ //depot/user/jhb/proc/fs/msdosfs/msdosfs_vfsops.c 2002/01/15 09:05:41 @@ -195,11 +195,11 @@ * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { devvp = pmp->pm_devvp; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); error = VOP_ACCESS(devvp, VREAD | VWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error) { VOP_UNLOCK(devvp, 0, td); return (error); @@ -242,12 +242,12 @@ * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_ACCESS(devvp, accessmode, td->td_proc->p_ucred, td); + error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); if (error) { vput(devvp); return (error); @@ -315,7 +315,7 @@ if (vcount(devvp) > 1 && devvp != rootvp) return (EBUSY); vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = vinvalbuf(devvp, V_SAVE, td->td_proc->p_ucred, td, 0, 0); + error = vinvalbuf(devvp, V_SAVE, td->td_ucred, td, 0, 0); VOP_UNLOCK(devvp, 0, td); if (error) return (error); --- //depot/projects/smpng/sys/fs/msdosfs/msdosfs_vnops.c 2001/11/29 10:51:21 +++ //depot/user/jhb/proc/fs/msdosfs/msdosfs_vnops.c 2002/01/15 07:44:40 @@ -376,7 +376,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); /* * We are very inconsistent about handling unsupported @@ -390,7 +390,7 @@ * set ATTR_ARCHIVE for directories `cp -pr' from a more * sensible file system attempts it a lot. */ - if (suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT)) { + if (suser_cred(cred, PRISON_ROOT)) { if (vap->va_flags & SF_SETTABLE) return EPERM; } @@ -417,7 +417,7 @@ gid = pmp->pm_gid; if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return error; if (uid != pmp->pm_uid || gid != pmp->pm_gid) return EINVAL; @@ -449,7 +449,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT)) && + (error = suser_cred(cred, PRISON_ROOT)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td)))) return (error); @@ -472,7 +472,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); if (vp->v_type != VDIR) { /* We ignore the read and execute bits. */ --- //depot/projects/smpng/sys/fs/ntfs/ntfs_vfsops.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/fs/ntfs/ntfs_vfsops.c 2002/01/15 05:17:53 @@ -294,7 +294,7 @@ if (ncount > 1 && devvp != rootvp) return (EBUSY); vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = vinvalbuf(devvp, V_SAVE, td->td_proc->p_ucred, td, 0, 0); + error = vinvalbuf(devvp, V_SAVE, td->td_ucred, td, 0, 0); VOP_UNLOCK(devvp, 0, td); if (error) return (error); --- //depot/projects/smpng/sys/fs/nwfs/nwfs_io.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/fs/nwfs/nwfs_io.c 2002/01/15 05:17:53 @@ -407,8 +407,8 @@ vm_page_t *pages; vp = ap->a_vp; - td = curthread; /* XXX */ - cred = curproc->p_ucred; /* XXX */ + td = curthread; /* XXX */ + cred = td->td_ucred; /* XXX */ np = VTONW(vp); nmp = VFSTONWFS(vp->v_mount); pages = ap->a_m; @@ -517,7 +517,7 @@ #ifndef NWFS_RWCACHE td = curthread; /* XXX */ - cred = td->td_proc->p_ucred; /* XXX */ + cred = td->td_ucred; /* XXX */ VOP_OPEN(vp, FWRITE, cred, td); error = vop_stdputpages(ap); VOP_CLOSE(vp, FWRITE, cred, td); @@ -534,7 +534,7 @@ vm_page_t *pages; td = curthread; /* XXX */ - cred = td->td_proc->p_ucred; /* XXX */ + cred = td->td_ucred; /* XXX */ /* VOP_OPEN(vp, FWRITE, cred, td);*/ np = VTONW(vp); nmp = VFSTONWFS(vp->v_mount); --- //depot/projects/smpng/sys/fs/nwfs/nwfs_node.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/fs/nwfs/nwfs_node.c 2002/01/15 05:17:53 @@ -287,7 +287,7 @@ } */ *ap; { struct thread *td = ap->a_td; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct vnode *vp = ap->a_vp; struct nwnode *np = VTONW(vp); int error; --- //depot/projects/smpng/sys/fs/nwfs/nwfs_vfsops.c 2001/10/23 16:38:14 +++ //depot/user/jhb/proc/fs/nwfs/nwfs_vfsops.c 2002/01/15 05:17:53 @@ -169,7 +169,7 @@ nwfs_printf("mount version mismatch: kernel=%d, mount=%d\n",NWFS_VERSION,args.version); return (1); } - error = ncp_conn_getbyref(args.connRef, td , td->td_proc->p_ucred,NCPM_EXECUTE,&conn); + error = ncp_conn_getbyref(args.connRef, td , td->td_ucred,NCPM_EXECUTE,&conn); if (error) { nwfs_printf("invalid connection refernce %d\n",args.connRef); return (error); @@ -249,7 +249,7 @@ return (error); conn = NWFSTOCONN(nmp); ncp_conn_puthandle(nmp->connh,NULL,0); - if (ncp_conn_lock(conn, td, td->td_proc->p_ucred,NCPM_WRITE | NCPM_EXECUTE) == 0) { + if (ncp_conn_lock(conn, td, td->td_ucred,NCPM_WRITE | NCPM_EXECUTE) == 0) { if(ncp_conn_free(conn)) ncp_conn_unlock(conn, td); } @@ -270,7 +270,7 @@ struct ncp_conn *conn; struct nw_entry_info fattr; struct thread *td = curthread; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; int error, nsf, opt; u_char vol; @@ -431,7 +431,7 @@ if (np == NULL) return EINVAL; error = ncp_get_volume_info_with_number(NWFSTOCONN(nmp), - nmp->n_volume, &vi, td, td->td_proc->p_ucred); + nmp->n_volume, &vi, td, td->td_ucred); if (error) return error; secsize = 512; /* XXX how to get real value ??? */ sbp->f_spare2=0; /* placeholder */ --- //depot/projects/smpng/sys/fs/portalfs/portal_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/portalfs/portal_vnops.c 2002/02/08 14:06:04 @@ -246,8 +246,8 @@ /* * Create a new socket. */ - error = socreate(AF_UNIX, &so, SOCK_STREAM, 0, - ap->a_td->td_proc->p_ucred, ap->a_td); + error = socreate(AF_UNIX, &so, SOCK_STREAM, 0, ap->a_td->td_ucred, + ap->a_td); if (error) goto bad; --- //depot/projects/smpng/sys/fs/procfs/procfs.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/fs/procfs/procfs.c 2002/02/06 21:41:07 @@ -105,6 +105,7 @@ vap->va_mode = 0600; /* p is locked by caller */ + PROC_LOCK_ASSERT(p, MA_OWNED); vap->va_uid = p->p_ucred->cr_uid; vap->va_gid = p->p_ucred->cr_gid; @@ -128,8 +129,9 @@ int procfs_candebug(PFS_VIS_ARGS) { + PROC_LOCK_ASSERT(p, MA_OWNED); return ((p->p_flag & P_SYSTEM) == 0 && - p_candebug(td->td_proc, p) == 0); + p_candebug(td, p) == 0); } /* --- //depot/projects/smpng/sys/fs/procfs/procfs_ctl.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_ctl.c 2002/02/06 23:07:48 @@ -105,37 +105,29 @@ { 0 }, }; -static int procfs_control __P((struct proc *curp, struct proc *p, int op)); +static int procfs_control __P((struct thread *td, struct proc *p, int op)); static int -procfs_control(struct proc *curp, struct proc *p, int op) +procfs_control(struct thread *td, struct proc *p, int op) { int error = 0; /* - * Authorization check: rely on normal debugging protection, except - * allow processes to disengage debugging on a process onto which - * they have previously attached, but no longer have permission to - * debug. - */ - if (op != PROCFS_CTL_DETACH && - ((error = p_candebug(curp, p)))) - return (error); - - /* * Attach - attaches the target process for debugging * by the calling process. */ if (op == PROCFS_CTL_ATTACH) { sx_xlock(&proctree_lock); PROC_LOCK(p); + if ((error = p_candebug(td, p)) != 0) + goto out; if (p->p_flag & P_TRACED) { error = EBUSY; goto out; } /* Can't trace yourself! */ - if (p->p_pid == curp->p_pid) { + if (p->p_pid == td->td_proc->p_pid) { error = EINVAL; goto out; } @@ -151,9 +143,9 @@ p->p_flag |= P_TRACED; faultin(p); p->p_xstat = 0; /* XXX ? */ - if (p->p_pptr != curp) { + if (p->p_pptr != td->td_proc) { p->p_oppid = p->p_pptr->p_pid; - proc_reparent(p, curp); + proc_reparent(p, td->td_proc); } psignal(p, SIGSTOP); out: @@ -163,7 +155,20 @@ } /* - * Target process must be stopped, owned by (curp) and + * Authorization check: rely on normal debugging protection, except + * allow processes to disengage debugging on a process onto which + * they have previously attached, but no longer have permission to + * debug. + */ + PROC_LOCK(p); + if (op != PROCFS_CTL_DETACH && + ((error = p_candebug(td, p)))) { + PROC_UNLOCK(p); + return (error); + } + + /* + * Target process must be stopped, owned by (td) and * be set up for tracing (P_TRACED flag set). * Allow DETACH to take place at any time for sanity. * Allow WAIT any time, of course. @@ -174,15 +179,10 @@ break; default: - PROC_LOCK(p); - mtx_lock_spin(&sched_lock); - if (!TRACE_WAIT_P(curp, p)) { - mtx_unlock_spin(&sched_lock); + if (!TRACE_WAIT_P(td->td_proc, p)) { PROC_UNLOCK(p); return (EBUSY); } - mtx_unlock_spin(&sched_lock); - PROC_UNLOCK(p); } @@ -198,7 +198,6 @@ * To continue with a signal, just send * the signal name to the ctl file */ - PROC_LOCK(p); p->p_xstat = 0; switch (op) { @@ -226,9 +225,12 @@ struct proc *pp; pp = pfind(p->p_oppid); - PROC_LOCK(p); - if (pp) + if (pp) { + PROC_UNLOCK(pp); + PROC_LOCK(p); proc_reparent(p, pp); + } else + PROC_LOCK(p); } else PROC_LOCK(p); p->p_oppid = 0; @@ -236,7 +238,7 @@ PROC_UNLOCK(p); sx_xunlock(&proctree_lock); - wakeup((caddr_t) curp); /* XXX for CTL_WAIT below ? */ + wakeup((caddr_t) td->td_proc); /* XXX for CTL_WAIT below ? */ break; @@ -266,31 +268,19 @@ */ case PROCFS_CTL_WAIT: if (p->p_flag & P_TRACED) { - mtx_lock_spin(&sched_lock); while (error == 0 && (p->p_stat != SSTOP) && (p->p_flag & P_TRACED) && - (p->p_pptr == curp)) { - mtx_unlock_spin(&sched_lock); + (p->p_pptr == td->td_proc)) error = msleep((caddr_t) p, &p->p_mtx, PWAIT|PCATCH, "procfsx", 0); - mtx_lock_spin(&sched_lock); - } - if (error == 0 && !TRACE_WAIT_P(curp, p)) + if (error == 0 && !TRACE_WAIT_P(td->td_proc, p)) error = EBUSY; - mtx_unlock_spin(&sched_lock); - PROC_UNLOCK(p); - } else { - PROC_UNLOCK(p); - mtx_lock_spin(&sched_lock); - while (error == 0 && p->p_stat != SSTOP) { - mtx_unlock_spin(&sched_lock); - error = tsleep((caddr_t) p, + } else + while (error == 0 && p->p_stat != SSTOP) + error = msleep((caddr_t) p, &p->p_mtx, PWAIT|PCATCH, "procfs", 0); - mtx_lock_spin(&sched_lock); - } - mtx_unlock_spin(&sched_lock); - } + PROC_UNLOCK(p); return (error); default: @@ -340,24 +330,22 @@ nm = findname(ctlnames, sbuf_data(sb), sbuf_len(sb)); if (nm) { printf("procfs: got a %s command\n", sbuf_data(sb)); - error = procfs_control(td->td_proc, p, nm->nm_val); + error = procfs_control(td, p, nm->nm_val); } else { nm = findname(signames, sbuf_data(sb), sbuf_len(sb)); if (nm) { printf("procfs: got a sig%s\n", sbuf_data(sb)); PROC_LOCK(p); - mtx_lock_spin(&sched_lock); if (TRACE_WAIT_P(td->td_proc, p)) { p->p_xstat = nm->nm_val; #ifdef FIX_SSTEP FIX_SSTEP(&p->p_thread); /* XXXKSE */ #endif + mtx_lock_spin(&sched_lock); setrunnable(&p->p_thread); /* XXXKSE */ mtx_unlock_spin(&sched_lock); - } else { - mtx_unlock_spin(&sched_lock); + } else psignal(p, nm->nm_val); - } PROC_UNLOCK(p); error = 0; } --- //depot/projects/smpng/sys/fs/procfs/procfs_dbregs.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_dbregs.c 2002/02/06 21:41:07 @@ -64,8 +64,11 @@ char *kv; int kl; - if (p_candebug(td->td_proc, p) != 0) + PROC_LOCK(p); + if (p_candebug(td, p) != 0) { + PROC_UNLOCK(p); return (EPERM); + } kl = sizeof(r); kv = (char *) &r; @@ -74,6 +77,8 @@ if (kl > uio->uio_resid) kl = uio->uio_resid; + /* XXX: PHOLD? */ + if (kl < 0) error = EINVAL; else @@ -86,6 +91,8 @@ else error = proc_write_dbregs(&p->p_thread, &r); /* XXXKSE */ } + /* XXX: PRELE? */ + PROC_UNLOCK(p); uio->uio_offset = 0; return (error); --- //depot/projects/smpng/sys/fs/procfs/procfs_fpregs.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_fpregs.c 2002/02/06 21:41:07 @@ -61,8 +61,11 @@ char *kv; int kl; - if (p_candebug(td->td_proc, p)) + PROC_LOCK(p); + if (p_candebug(td, p)) { + PROC_UNLOCK(p); return EPERM; + } kl = sizeof(r); kv = (char *) &r; @@ -71,7 +74,7 @@ if (kl > uio->uio_resid) kl = uio->uio_resid; - PHOLD(p); + _PHOLD(p); if (kl < 0) error = EINVAL; @@ -85,7 +88,8 @@ else error = proc_write_fpregs(&p->p_thread, &r); } - PRELE(p); + _PRELE(p); + PROC_UNLOCK(p); uio->uio_offset = 0; return (error); --- //depot/projects/smpng/sys/fs/procfs/procfs_ioctl.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/fs/procfs/procfs_ioctl.c 2002/01/15 08:44:58 @@ -59,7 +59,7 @@ break; case PIOCSFL: flags = *(unsigned int *)data; - if (flags & PF_ISUGID && (error = suser(td->td_proc)) != 0) + if (flags & PF_ISUGID && (error = suser(td, 0)) != 0) break; p->p_pfsflags = flags; break; --- //depot/projects/smpng/sys/fs/procfs/procfs_mem.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_mem.c 2002/02/06 23:07:48 @@ -64,10 +64,12 @@ if (uio->uio_resid == 0) return (0); - error = p_candebug(td->td_proc, p); - if (error) - return (error); - error = proc_rwmem(p, uio); + PROC_LOCK(p); + error = p_candebug(td, p); + if (error == 0) + error = proc_rwmem(p, uio); + else + PROC_UNLOCK(p); return (error); } --- //depot/projects/smpng/sys/fs/procfs/procfs_regs.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_regs.c 2002/02/06 21:41:07 @@ -61,8 +61,11 @@ char *kv; int kl; - if (p_candebug(td->td_proc, p)) + PROC_LOCK(p); + if (p_candebug(td, p)) { + PROC_UNLOCK(p); return EPERM; + } kl = sizeof(r); kv = (char *) &r; @@ -71,7 +74,8 @@ if (kl > uio->uio_resid) kl = uio->uio_resid; - PHOLD(p); + _PHOLD(p); + PROC_UNLOCK(p); if (kl < 0) error = EINVAL; @@ -79,13 +83,15 @@ error = proc_read_regs(&p->p_thread, &r); /* XXXKSE */ if (error == 0) error = uiomove(kv, kl, uio); + PROC_LOCK(p); if (error == 0 && uio->uio_rw == UIO_WRITE) { if (p->p_stat != SSTOP) error = EBUSY; else error = proc_write_regs(&p->p_thread, &r); /* XXXKSE */ } - PRELE(p); + _PRELE(p); + PROC_UNLOCK(p); uio->uio_offset = 0; return (error); --- //depot/projects/smpng/sys/fs/procfs/procfs_status.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/procfs/procfs_status.c 2002/02/06 21:41:07 @@ -73,7 +73,6 @@ pid = p->p_pid; PROC_LOCK(p); ppid = p->p_pptr ? p->p_pptr->p_pid : 0; - PROC_UNLOCK(p); pgid = p->p_pgrp->pg_id; sess = p->p_pgrp->pg_session; sid = sess->s_leader ? sess->s_leader->p_pid : 0; @@ -153,6 +152,7 @@ } else { sbuf_printf(sb, " -"); } + PROC_UNLOCK(p); sbuf_printf(sb, "\n"); return (0); @@ -174,9 +174,14 @@ * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) { + PROC_LOCK(p); + if (p->p_args && (ps_argsopen || !p_cansee(td, p))) { sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); - } else if (p != td->td_proc) { + PROC_UNLOCK(p); + return (0); + } + PROC_UNLOCK(p); + if (p != td->td_proc) { sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm); } else { error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr)); --- //depot/projects/smpng/sys/fs/pseudofs/pseudofs_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/pseudofs/pseudofs_vnops.c 2002/02/08 14:06:04 @@ -86,10 +86,13 @@ if (pid != NO_PID) { if ((proc = pfind(pid)) == NULL) PFS_RETURN (0); - /* XXX should lock td->td_proc? */ - if (p_cansee(td->td_proc, proc) != 0 || + if (p_cansee(td, proc) != 0 || (pn->pn_vis != NULL && !(pn->pn_vis)(td, proc, pn))) r = 0; + /* + * XXX: We might should return with the proc locked to + * avoid some races. + */ PROC_UNLOCK(proc); } PFS_RETURN (r); --- //depot/projects/smpng/sys/fs/smbfs/smbfs_io.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/fs/smbfs/smbfs_io.c 2002/01/15 05:17:53 @@ -429,7 +429,7 @@ vp = ap->a_vp; td = curthread; /* XXX */ - cred = td->td_proc->p_ucred; /* XXX */ + cred = td->td_ucred; /* XXX */ np = VTOSMB(vp); smp = VFSTOSMBFS(vp->v_mount); pages = ap->a_m; @@ -549,7 +549,7 @@ #ifdef SMBFS_RWGENERIC td = curthread; /* XXX */ - cred = td->td_proc->p_ucred; /* XXX */ + cred = td->td_ucred; /* XXX */ VOP_OPEN(vp, FWRITE, cred, td); error = vop_stdputpages(ap); VOP_CLOSE(vp, FWRITE, cred, td); @@ -567,7 +567,7 @@ vm_page_t *pages; td = curthread; /* XXX */ - cred = td->td_proc->p_ucred; /* XXX */ + cred = td->td_ucred; /* XXX */ /* VOP_OPEN(vp, FWRITE, cred, td);*/ np = VTOSMB(vp); smp = VFSTOSMBFS(vp->v_mount); --- //depot/projects/smpng/sys/fs/smbfs/smbfs_node.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/fs/smbfs/smbfs_node.c 2002/01/15 05:17:53 @@ -337,7 +337,7 @@ } */ *ap; { struct thread *td = ap->a_td; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct vnode *vp = ap->a_vp; struct smbnode *np = VTOSMB(vp); struct smb_cred scred; --- //depot/projects/smpng/sys/fs/smbfs/smbfs_vfsops.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/fs/smbfs/smbfs_vfsops.c 2002/01/15 05:17:53 @@ -166,7 +166,7 @@ SMBFS_VERSION, args.version); return EINVAL; } - smb_makescred(&scred, td, td->td_proc->p_ucred); + smb_makescred(&scred, td, td->td_ucred); error = smb_dev2share(args.dev, SMBM_EXEC, &scred, &ssp); if (error) { printf("invalid device handle %d (%d)\n", args.dev, error); @@ -267,7 +267,7 @@ error = vflush(mp, 1, flags); if (error) return error; - smb_makescred(&scred, td, td->td_proc->p_ucred); + smb_makescred(&scred, td, td->td_ucred); smb_share_put(smp->sm_share, &scred); mp->mnt_data = (qaddr_t)0; @@ -294,7 +294,7 @@ struct smbnode *np; struct smbfattr fattr; struct thread *td = curthread; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct smb_cred scred; int error; @@ -399,7 +399,7 @@ sbp->f_iosize = SSTOVC(ssp)->vc_txmax; /* optimal transfer block size */ sbp->f_spare2 = 0; /* placeholder */ - smb_makescred(&scred, td, td->td_proc->p_ucred); + smb_makescred(&scred, td, td->td_ucred); if (SMB_DIALECT(SSTOVC(ssp)) >= SMB_DIALECT_LANMAN2_0) error = smbfs_smb_statfs2(ssp, sbp, &scred); --- //depot/projects/smpng/sys/fs/smbfs/smbfs_vnops.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/fs/smbfs/smbfs_vnops.c 2002/02/08 12:43:41 @@ -976,7 +976,6 @@ caddr_t id = (caddr_t)1 /* ap->a_id */; /* int flags = ap->a_flags;*/ struct thread *td = curthread; - struct proc *p = td ? td->td_proc : NULL; struct smb_cred scred; u_quad_t size; off_t start, end, oadd; @@ -1027,7 +1026,7 @@ return EOVERFLOW; end = start + oadd; } - smb_makescred(&scred, td, p ? p->p_ucred : NULL); + smb_makescred(&scred, td, td->td_ucred); switch (ap->a_op) { case F_SETLK: switch (fl->l_type) { --- //depot/projects/smpng/sys/fs/specfs/spec_vnops.c 2001/10/11 16:53:37 +++ //depot/user/jhb/proc/fs/specfs/spec_vnops.c 2002/01/15 05:17:53 @@ -177,7 +177,7 @@ * for writing if the device is mounted */ if (vfs_mountedon(vp)) { - error = securelevel_ge(td->td_proc->p_ucred, 1); + error = securelevel_ge(td->td_ucred, 1); if (error) return (error); } @@ -186,7 +186,7 @@ * When running in very secure mode, do not allow * opens for writing of any devices. */ - error = securelevel_ge(td->td_proc->p_ucred, 2); + error = securelevel_ge(td->td_ucred, 2); if (error) return (error); } @@ -722,8 +722,8 @@ /* B_PHYS is not set, but it is nice to fill this in. */ KASSERT(bp->b_rcred == NOCRED, ("leaking read ucred")); KASSERT(bp->b_wcred == NOCRED, ("leaking write ucred")); - bp->b_rcred = crhold(curthread->td_proc->p_ucred); - bp->b_wcred = crhold(curthread->td_proc->p_ucred); + bp->b_rcred = crhold(curthread->td_ucred); + bp->b_wcred = crhold(curthread->td_ucred); bp->b_blkno = blkno; bp->b_lblkno = blkno; pbgetvp(ap->a_vp, bp); --- //depot/projects/smpng/sys/fs/umapfs/umap_vfsops.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/fs/umapfs/umap_vfsops.c 2002/01/15 09:05:41 @@ -105,7 +105,7 @@ /* * Only for root */ - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); #ifdef DEBUG --- //depot/projects/smpng/sys/fs/unionfs/union_subr.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/unionfs/union_subr.c 2002/02/08 14:06:04 @@ -1011,7 +1011,7 @@ } /* VOP_LEASE: dvp is locked */ - VOP_LEASE(dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_WHITEOUT(dvp, &cn, CREATE); if (cn.cn_flags & HASBUF) { @@ -1043,7 +1043,7 @@ struct thread *td; { struct vnode *vp; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct vattr vat; struct vattr *vap = &vat; int fmode = FFLAGS(O_WRONLY|O_CREAT|O_TRUNC|O_EXCL); @@ -1071,7 +1071,7 @@ cn.cn_nameiop = CREATE; cn.cn_flags = (LOCKPARENT|LOCKLEAF|HASBUF|SAVENAME|ISLASTCN); cn.cn_thread = td; - cn.cn_cred = td->td_proc->p_ucred; + cn.cn_cred = td->td_ucred; cn.cn_nameptr = cn.cn_pnbuf; cn.cn_consume = 0; --- //depot/projects/smpng/sys/fs/unionfs/union_vfsops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/fs/unionfs/union_vfsops.c 2002/02/08 14:06:04 @@ -223,7 +223,7 @@ goto bad; } - um->um_cred = crhold(td->td_proc->p_ucred); + um->um_cred = crhold(td->td_ucred); FILEDESC_LOCK(td->td_proc->p_fd); um->um_cmode = UN_DIRMODE &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); --- //depot/projects/smpng/sys/gnu/ext2fs/ext2_vfsops.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/gnu/ext2fs/ext2_vfsops.c 2002/01/15 09:05:41 @@ -235,10 +235,10 @@ * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, - td->td_proc->p_ucred, td)) != 0) { + td->td_ucred, td)) != 0) { VOP_UNLOCK(devvp, 0, td); return (error); } @@ -288,12 +288,12 @@ * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - if ((error = VOP_ACCESS(devvp, accessmode, td->td_proc->p_ucred, td)) != 0) { + if ((error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td)) != 0) { vput(devvp); return (error); } @@ -642,7 +642,7 @@ return (error); if (vcount(devvp) > 1 && devvp != rootvp) return (EBUSY); - if ((error = vinvalbuf(devvp, V_SAVE, td->td_proc->p_ucred, td, 0, 0)) != 0) + if ((error = vinvalbuf(devvp, V_SAVE, td->td_ucred, td, 0, 0)) != 0) return (error); #ifdef READONLY /* turn on this to force it to be read-only */ --- //depot/projects/smpng/sys/gnu/ext2fs/ext2_vnops.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/gnu/ext2fs/ext2_vnops.c 2002/01/15 07:44:40 @@ -1153,7 +1153,7 @@ tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, PRISON_ROOT)) + suser_cred(cnp->cn_cred, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) --- //depot/projects/smpng/sys/i386/conf/X86SMP 2001/12/19 00:24:22 +++ //depot/user/jhb/proc/i386/conf/X86SMP 2002/01/07 11:10:15 @@ -7,7 +7,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols makeoptions NO_MODULES=yes -makeoptions KERNEL=smpng +makeoptions KERNEL=proc options INET #InterNETworking options INET6 #IPv6 communications protocols --- //depot/projects/smpng/sys/i386/conf/X86UP 2001/12/19 00:24:22 +++ //depot/user/jhb/proc/i386/conf/X86UP 2002/01/07 11:10:15 @@ -7,7 +7,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols makeoptions NO_MODULES=yes -makeoptions KERNEL=smpng +makeoptions KERNEL=proc options INET #InterNETworking options INET6 #IPv6 communications protocols --- //depot/projects/smpng/sys/i386/i386/machdep.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/i386/i386/machdep.c 2002/02/08 14:06:04 @@ -2159,7 +2159,7 @@ * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td, 0) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) --- //depot/projects/smpng/sys/i386/i386/mem.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/i386/i386/mem.c 2002/01/15 09:05:41 @@ -116,16 +116,16 @@ case 0: case 1: if (flags & FWRITE) { - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return (error); } break; case 14: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return (error); td->td_frame->tf_eflags |= PSL_IOPL; --- //depot/projects/smpng/sys/i386/i386/sys_machdep.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/i386/i386/sys_machdep.c 2002/01/15 09:05:41 @@ -183,9 +183,9 @@ if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0) return (error); - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); - if ((error = securelevel_gt(td->td_proc->p_ucred, 0)) != 0) + if ((error = securelevel_gt(td->td_ucred, 0)) != 0) return (error); /* * XXX --- //depot/projects/smpng/sys/i386/i386/vm86.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/i386/i386/vm86.c 2002/02/06 23:07:48 @@ -659,7 +659,6 @@ struct thread *td; char *args; { - struct proc *p = td->td_proc; int error = 0; struct i386_vm86_args ua; struct vm86_kernel *vm86; @@ -716,7 +715,7 @@ case VM86_INTCALL: { struct vm86_intcall_args sa; - if ((error = suser(p))) + if ((error = suser(td, 0))) return (error); if ((error = copyin(ua.sub_args, &sa, sizeof(sa)))) return (error); --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_misc.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_misc.c 2002/02/08 14:06:04 @@ -1013,7 +1013,7 @@ #define IBCS2_DATALOCK 4 - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return EPERM; switch(SCARG(uap, cmd)) { case IBCS2_UNLOCK: @@ -1048,7 +1048,7 @@ #define SCO_AD_GETBMAJ 0 #define SCO_AD_GETCMAJ 1 - if (suser_td(td)) + if (suser(td, 0)) return EPERM; switch(SCARG(uap, cmd)) { --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_other.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_other.c 2002/01/15 05:59:25 @@ -50,9 +50,7 @@ switch (uap->cmd) { case IBCS2_SECURE_GETLUID: /* get login uid */ - PROC_LOCK(td->td_proc); - td->td_retval[0] = td->td_proc->p_ucred->cr_uid; - PROC_UNLOCK(td->td_proc); + td->td_retval[0] = td->td_ucred->cr_uid; return 0; case IBCS2_SECURE_SETLUID: /* set login uid */ --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_socksys.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_socksys.c 2002/01/15 09:05:41 @@ -171,7 +171,7 @@ char hname[MAXHOSTNAMELEN], *ptr; int error, sctl[2], hlen; - if ((error = suser_td(td))) + if ((error = suser(td, 0))) return (error); /* W/out a hostname a domain-name is nonsense */ --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_sysi86.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_sysi86.c 2002/01/15 09:05:41 @@ -73,7 +73,7 @@ int name[2]; int error; - if ((error = suser_td(td))) + if ((error = suser(td, 0))) return (error); name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_util.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_util.c 2002/01/15 05:59:25 @@ -140,11 +140,11 @@ return error; } - if ((error = VOP_GETATTR(nd.ni_vp, &vat, td->td_proc->p_ucred, td)) != 0) { + if ((error = VOP_GETATTR(nd.ni_vp, &vat, td->td_ucred, td)) != 0) { goto done; } - if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, td->td_proc->p_ucred, td)) + if ((error = VOP_GETATTR(ndroot.ni_vp, &vatroot, td->td_ucred, td)) != 0) { goto done; } --- //depot/projects/smpng/sys/i386/ibcs2/ibcs2_xenix.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/ibcs2/ibcs2_xenix.c 2002/01/15 05:59:25 @@ -193,7 +193,7 @@ int xenix_eaccess(struct thread *td, struct xenix_eaccess_args *uap) { - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct vnode *vp; struct nameidata nd; int error, flags; --- //depot/projects/smpng/sys/i386/ibcs2/imgact_coff.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/i386/ibcs2/imgact_coff.c 2002/01/15 05:59:25 @@ -183,7 +183,7 @@ goto fail; } - if ((error = VOP_GETATTR(vp, &attr, p->p_ucred, td)) != 0) + if ((error = VOP_GETATTR(vp, &attr, td->td_ucred, td)) != 0) goto fail; if ((vp->v_mount->mnt_flag & MNT_NOEXEC) @@ -196,10 +196,10 @@ goto fail; } - if ((error = VOP_ACCESS(vp, VEXEC, p->p_ucred, td)) != 0) + if ((error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td)) != 0) goto fail; - if ((error = VOP_OPEN(vp, FREAD, p->p_ucred, td)) != 0) + if ((error = VOP_OPEN(vp, FREAD, td->td_ucred, td)) != 0) goto fail; /* --- //depot/projects/smpng/sys/i386/isa/cx.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/isa/cx.c 2002/01/15 09:05:41 @@ -162,7 +162,7 @@ tp = c->ttyp; tp->t_dev = dev; if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) && - suser_td(td)) + suser(td, 0)) return (EBUSY); if (! (tp->t_state & TS_ISOPEN)) { ttychars (tp); --- //depot/projects/smpng/sys/i386/isa/cy.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/i386/isa/cy.c 2002/01/15 09:05:41 @@ -716,7 +716,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto out; } @@ -1635,7 +1635,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1734,7 +1734,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/i386/isa/istallion.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/isa/istallion.c 2002/01/15 09:05:41 @@ -1010,7 +1010,7 @@ } } if ((tp->t_state & TS_XCLUDE) && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto stliopen_end; } @@ -1182,7 +1182,7 @@ switch (cmd) { case TIOCSETA: - if ((error = suser_td(td)) == 0) + if ((error = suser(td, 0)) == 0) *localtios = *((struct termios *) data); break; case TIOCGETA: @@ -1318,7 +1318,7 @@ *((int *) data) = (portp->sigs | TIOCM_LE); break; case TIOCMSDTRWAIT: - if ((error = suser_td(td)) == 0) + if ((error = suser(td, 0)) == 0) portp->dtrwait = *((int *) data) * hz / 100; break; case TIOCMGDTRWAIT: --- //depot/projects/smpng/sys/i386/isa/pcvt/pcvt_drv.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/isa/pcvt/pcvt_drv.c 2002/01/15 09:05:41 @@ -316,7 +316,7 @@ (*linesw[tp->t_line].l_modem)(tp, 1); /* fake connection */ winsz = 1; /* set winsize later */ } - else if (tp->t_state & TS_XCLUDE && suser_td(td)) + else if (tp->t_state & TS_XCLUDE && suser(td, 0)) { return (EBUSY); } --- //depot/projects/smpng/sys/i386/isa/pcvt/pcvt_ext.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/i386/isa/pcvt/pcvt_ext.c 2002/01/15 09:05:41 @@ -2616,10 +2616,10 @@ { struct trapframe *fp = td->td_frame; - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); - error = securelevel_gt(p->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return (error); --- //depot/projects/smpng/sys/i386/isa/rc.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/i386/isa/rc.c 2002/01/15 09:05:41 @@ -764,7 +764,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto out; } @@ -1118,7 +1118,7 @@ break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/i386/isa/spigot.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/i386/isa/spigot.c 2002/01/15 09:05:41 @@ -175,10 +175,10 @@ * require sufficient privilege soon and nothing much can be done * without them. */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) return error; - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return error; #endif @@ -232,10 +232,10 @@ break; case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */ #if !defined(SPIGOT_UNSECURE) - error = suser_td(td); + error = suser(td, 0); if (error != 0) return error; - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return error; #endif --- //depot/projects/smpng/sys/i386/isa/stallion.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/i386/isa/stallion.c 2002/01/15 09:05:41 @@ -832,7 +832,7 @@ } } if ((tp->t_state & TS_XCLUDE) && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto stlopen_end; } @@ -970,7 +970,7 @@ switch (cmd) { case TIOCSETA: - if ((error = suser_td(td)) == 0) + if ((error = suser(td, 0)) == 0) *localtios = *((struct termios *) data); break; case TIOCGETA: @@ -1088,7 +1088,7 @@ *((int *) data) = (stl_getsignals(portp) | TIOCM_LE); break; case TIOCMSDTRWAIT: - if ((error = suser_td(td)) == 0) + if ((error = suser(td, 0)) == 0) portp->dtrwait = *((int *) data) * hz / 100; break; case TIOCMGDTRWAIT: --- //depot/projects/smpng/sys/i386/linux/linux_machdep.c 2001/10/11 12:09:01 +++ //depot/user/jhb/proc/i386/linux/linux_machdep.c 2002/01/15 09:05:41 @@ -558,9 +558,9 @@ if (args->level < 0 || args->level > 3) return (EINVAL); - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); - if ((error = securelevel_gt(td->td_proc->p_ucred, 0)) != 0) + if ((error = securelevel_gt(td->td_ucred, 0)) != 0) return (error); td->td_frame->tf_eflags = (td->td_frame->tf_eflags & ~PSL_IOPL) | (args->level * (PSL_IOPL / 3)); --- //depot/projects/smpng/sys/i4b/driver/i4b_ipr.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/i4b/driver/i4b_ipr.c 2002/01/15 08:44:58 @@ -615,9 +615,15 @@ #ifdef IPR_VJ case IPRIOCSMAXCID: { +#if defined(__FreeBSD_version) && __FreeBSD_version >= 500000 + struct thread *td = curthread; /* XXX */ +#else struct proc *p = curproc; /* XXX */ +#endif -#if defined(__FreeBSD_version) && __FreeBSD_version >= 400005 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 500000 + if((error = suser(td, 0))) +#else if defined(__FreeBSD_version) && __FreeBSD_version >= 400005 if((error = suser(p)) != 0) #else if((error = suser(p->p_ucred, &p->p_acflag)) != 0) --- //depot/projects/smpng/sys/ia64/ia64/mem.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/ia64/ia64/mem.c 2002/01/15 05:03:22 @@ -121,7 +121,7 @@ case 0: case 1: if (flags & FWRITE) { - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error) return error; } --- //depot/projects/smpng/sys/ia64/ia64/ssc.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/ia64/ia64/ssc.c 2002/01/15 08:44:58 @@ -165,7 +165,7 @@ ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } --- //depot/projects/smpng/sys/isa/fd.c 2001/12/19 00:05:01 +++ //depot/user/jhb/proc/isa/fd.c 2002/01/15 09:05:41 @@ -2644,7 +2644,7 @@ * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -2669,7 +2669,7 @@ #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -2751,7 +2751,7 @@ case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -2775,7 +2775,7 @@ #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; --- //depot/projects/smpng/sys/isofs/cd9660/cd9660_vfsops.c 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/isofs/cd9660/cd9660_vfsops.c 2002/01/15 09:05:41 @@ -236,9 +236,9 @@ */ accessmode = VREAD; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_ACCESS(devvp, accessmode, td->td_proc->p_ucred, td); + error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); if (error) - error = suser_td(td); + error = suser(td, 0); if (error) { vput(devvp); return (error); @@ -305,7 +305,7 @@ return error; if (vcount(devvp) > 1 && devvp != rootvp) return EBUSY; - if ((error = vinvalbuf(devvp, V_SAVE, td->td_proc->p_ucred, td, 0, 0))) + if ((error = vinvalbuf(devvp, V_SAVE, td->td_ucred, td, 0, 0))) return (error); vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); --- //depot/projects/smpng/sys/kern/imgact_aout.c 2001/10/11 12:09:01 +++ //depot/user/jhb/proc/kern/imgact_aout.c 2002/01/14 17:15:30 @@ -256,14 +256,16 @@ off_t limit; { struct proc *p = td->td_proc; - register struct ucred *cred = p->p_ucred; + register struct ucred *cred = td->td_ucred; register struct vmspace *vm = p->p_vmspace; int error; if (ctob((UAREA_PAGES + KSTACK_PAGES) + vm->vm_dsize + vm->vm_ssize) >= limit) return (EFAULT); + PROC_LOCK(p); fill_kinfo_proc(p, &p->p_uarea->u_kproc); + PROC_UNLOCK(p); error = cpu_coredump(td, vp, cred); if (error == 0) error = vn_rdwr(UIO_WRITE, vp, vm->vm_daddr, --- //depot/projects/smpng/sys/kern/imgact_elf.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/kern/imgact_elf.c 2002/01/14 17:15:30 @@ -754,7 +754,7 @@ off_t limit; { register struct proc *p = td->td_proc; - register struct ucred *cred = p->p_ucred; + register struct ucred *cred = td->td_ucred; int error = 0; struct sseg_closure seginfo; void *hdr; --- //depot/projects/smpng/sys/kern/kern_acct.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/kern/kern_acct.c 2002/01/15 07:44:40 @@ -119,14 +119,12 @@ struct nameidata nd; int error, flags; - mtx_lock(&Giant); - if (td != curthread) - panic("acct"); /* XXXKSE DIAGNOSTIC */ /* Make sure that the caller is root. */ - error = suser_xxx(td->td_proc->p_ucred, NULL, 0); + error = suser(td, 0); if (error) - goto done2; + return (error); + mtx_lock(&Giant); /* * If accounting is to be started to a file, open that file for * writing and make sure it's a 'normal'. @@ -141,7 +139,7 @@ NDFREE(&nd, NDF_ONLY_PNBUF); VOP_UNLOCK(nd.ni_vp, 0, td); if (nd.ni_vp->v_type != VREG) { - vn_close(nd.ni_vp, FWRITE, td->td_proc->p_ucred, td); + vn_close(nd.ni_vp, FWRITE, td->td_ucred, td); error = EACCES; goto done2; } @@ -154,7 +152,7 @@ if (acctp != NULLVP || savacctp != NULLVP) { callout_stop(&acctwatch_callout); error = vn_close((acctp != NULLVP ? acctp : savacctp), FWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); acctp = savacctp = NULLVP; } if (SCARG(uap, path) == NULL) @@ -199,6 +197,7 @@ * Get process accounting information. */ + PROC_LOCK(p); /* (1) The name of the command that ran */ bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm); @@ -250,13 +249,14 @@ p->p_limit = limcopy(p->p_limit); } p->p_rlimit[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; + PROC_UNLOCK(p); /* * Write the accounting information to the file. */ - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct), - (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, td->td_proc->p_ucred, + (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, td->td_ucred, (int *)0, td)); } --- //depot/projects/smpng/sys/kern/kern_acl.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_acl.c 2002/02/08 14:06:04 @@ -89,7 +89,7 @@ * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_xxx(cred, NULL, PRISON_ROOT) == 0) + if (suser_cred(cred, PRISON_ROOT) == 0) cap_granted = (VEXEC | VREAD | VWRITE | VADMIN); else cap_granted = 0; @@ -579,9 +579,9 @@ error = vn_start_write(vp, &mp, V_WAIT | PCATCH); if (error != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_SETACL(vp, type, &inkernacl, td->td_proc->p_ucred, td); + error = VOP_SETACL(vp, type, &inkernacl, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return(error); @@ -597,9 +597,9 @@ struct acl inkernelacl; int error; - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_GETACL(vp, type, &inkernelacl, td->td_proc->p_ucred, td); + error = VOP_GETACL(vp, type, &inkernelacl, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); if (error == 0) error = copyout(&inkernelacl, aclp, sizeof(struct acl)); @@ -618,10 +618,9 @@ error = vn_start_write(vp, &mp, V_WAIT | PCATCH); if (error) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_SETACL(vp, ACL_TYPE_DEFAULT, 0, td->td_proc->p_ucred, - td); + error = VOP_SETACL(vp, ACL_TYPE_DEFAULT, 0, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); @@ -640,8 +639,7 @@ error = copyin(aclp, &inkernelacl, sizeof(struct acl)); if (error) return(error); - error = VOP_ACLCHECK(vp, type, &inkernelacl, td->td_proc->p_ucred, - td); + error = VOP_ACLCHECK(vp, type, &inkernelacl, td->td_ucred, td); return (error); } --- //depot/projects/smpng/sys/kern/kern_descrip.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_descrip.c 2002/02/08 14:06:04 @@ -165,6 +165,7 @@ FILEDESC_LOCK(fdp); retry: + mtx_assert(&Giant, MA_OWNED); if (old >= fdp->fd_nfiles || fdp->fd_ofiles[old] == NULL || new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur || @@ -268,6 +269,7 @@ } pop = &fdp->fd_ofileflags[uap->fd]; + mtx_assert(&Giant, MA_OWNED); switch (uap->cmd) { case F_DUPFD: newmin = uap->arg; @@ -628,7 +630,7 @@ sigio->sio_pgrp = pgrp; } sigio->sio_pgid = pgid; - sigio->sio_ucred = crhold(curthread->td_proc->p_ucred); + sigio->sio_ucred = crhold(curthread->td_ucred); sigio->sio_myref = sigiop; s = splhigh(); *sigiop = sigio; @@ -978,6 +980,7 @@ register struct file **fpp; register int i, lim, last; + mtx_assert(&Giant, MA_OWNED); FILEDESC_LOCK_ASSERT(fdp, MA_OWNED); lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc); @@ -1040,7 +1043,7 @@ fp->f_mtxp = mtx_pool_alloc(); fp->f_gcflag = 0; fp->f_count = 1; - fp->f_cred = crhold(p->p_ucred); + fp->f_cred = crhold(td->td_ucred); fp->f_ops = &badfileops; fp->f_seqcount = 1; FILEDESC_UNLOCK(p->p_fd); @@ -1425,6 +1428,7 @@ register struct thread *td; { struct vnode *vp; + struct proc *p; struct flock lf; if (fp == NULL) @@ -1437,16 +1441,21 @@ * If the descriptor was in a message, POSIX-style locks * aren't passed with the descriptor. */ - if (td && (td->td_proc->p_flag & P_ADVLOCK) && - fp->f_type == DTYPE_VNODE) { + if (td == NULL) + return (fdrop(fp, NULL)); + p = td->td_proc; + PROC_LOCK(p); + if ((p->p_flag & P_ADVLOCK) && fp->f_type == DTYPE_VNODE) { + PROC_UNLOCK(p); lf.l_whence = SEEK_SET; lf.l_start = 0; lf.l_len = 0; lf.l_type = F_UNLCK; vp = (struct vnode *)fp->f_data; - (void) VOP_ADVLOCK(vp, (caddr_t)td->td_proc->p_leader, - F_UNLCK, &lf, F_POSIX); - } + (void) VOP_ADVLOCK(vp, (caddr_t)p->p_leader, F_UNLCK, &lf, + F_POSIX); + } else + PROC_UNLOCK(p); return (fdrop(fp, td)); } --- //depot/projects/smpng/sys/kern/kern_event.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_event.c 2002/02/08 14:06:04 @@ -196,7 +196,7 @@ p = pfind(kn->kn_id); if (p == NULL) return (ESRCH); - if ((error = p_cansee(curproc, p))) { + if ((error = p_cansee(curthread, p))) { PROC_UNLOCK(p); return (error); } --- //depot/projects/smpng/sys/kern/kern_exec.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_exec.c 2002/02/08 14:06:04 @@ -121,13 +121,15 @@ { struct proc *p = td->td_proc; struct nameidata nd, *ndp; - struct ucred *newcred, *oldcred; + struct ucred *newcred = NULL, *oldcred; register_t *stack_base; int error, len, i; struct image_params image_params, *imgp; struct vattr attr; int (*img_first) __P((struct image_params *)); - struct pargs *pa; + struct pargs *oldargs, *newargs = NULL; + struct procsig *newprocsig = NULL; + struct vnode *tracevp = NULL, *textvp = NULL; imgp = &image_params; @@ -148,6 +150,13 @@ /* XXXKSE */ /* !!!!!!!! we need abort all the other threads of this process before we */ /* proceed beyond his point! */ + /* + * XXXKSE: We may also want to consider adding a thread member to + * imgp. One thing we want to ensure is that the new program runs + * with the credentials of the thread that initiated this exec. + * This is necessary to close stupid races where one thread changes + * creds after another thread has entered exec, etc. + */ /* * Initialize part of the common data @@ -289,16 +298,27 @@ FILEDESC_UNLOCK(p->p_fd); /* + * Malloc things before we need locks. + */ + MALLOC(newprocsig, struct procsig *, sizeof(struct procsig), + M_SUBPROC, M_WAITOK); + newcred = crget(); + i = imgp->endargs - imgp->stringbase; + MALLOC(newargs, struct pargs *, sizeof(struct pargs) + i, + M_PARGS, M_WAITOK); + + /* close files on exec */ + fdcloseexec(td); + + /* * For security and other reasons, signal handlers cannot * be shared after an exec. The new process gets a copy of the old * handlers. In execsigs(), the new process will have its signals * reset. */ + PROC_LOCK(p); + mp_fixme("procsig needs a lock"); if (p->p_procsig->ps_refcnt > 1) { - struct procsig *newprocsig; - - MALLOC(newprocsig, struct procsig *, sizeof(struct procsig), - M_SUBPROC, M_WAITOK); bcopy(p->p_procsig, newprocsig, sizeof(*newprocsig)); p->p_procsig->ps_refcnt--; p->p_procsig = newprocsig; @@ -312,9 +332,6 @@ /* Stop profiling */ stopprofclock(p); - /* close files on exec */ - fdcloseexec(td); - /* reset caught signals */ execsigs(p); @@ -327,7 +344,6 @@ * mark as execed, wakeup the process that vforked (if any) and tell * it that it now has its own resources back */ - PROC_LOCK(p); p->p_flag |= P_EXEC; if (p->p_pptr && (p->p_flag & P_PPWAIT)) { p->p_flag &= ~P_PPWAIT; @@ -341,79 +357,67 @@ * the process is being traced. */ oldcred = p->p_ucred; - newcred = NULL; if ((((attr.va_mode & VSUID) && oldcred->cr_uid != attr.va_uid) || ((attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid)) && (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && (p->p_flag & P_TRACED) == 0) { - PROC_UNLOCK(p); /* * Turn off syscall tracing for set-id programs, except for * root. Record any set-id flags first to make sure that * we do not regain any tracing during a possible block. */ setsugid(p); - if (p->p_tracep && suser_xxx(oldcred, NULL, PRISON_ROOT)) { - struct vnode *vtmp; - - if ((vtmp = p->p_tracep) != NULL) { - p->p_tracep = NULL; - p->p_traceflag = 0; - vrele(vtmp); - } + if (p->p_tracep && suser_cred(oldcred, PRISON_ROOT)) { + p->p_traceflag = 0; + tracevp = p->p_tracep; + p->p_tracep = NULL; } /* * Set the new credentials. */ - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (attr.va_mode & VSUID) change_euid(newcred, attr.va_uid); if (attr.va_mode & VSGID) change_egid(newcred, attr.va_gid); setugidsafety(td); + /* + * Implement correct POSIX saved-id behavior. + */ + change_svuid(newcred, newcred->cr_uid); + change_svgid(newcred, newcred->cr_gid); + p->p_ucred = newcred; + newcred = NULL; } else { if (oldcred->cr_uid == oldcred->cr_ruid && oldcred->cr_gid == oldcred->cr_rgid) p->p_flag &= ~P_SUGID; - PROC_UNLOCK(p); - } - - /* - * Implement correct POSIX saved-id behavior. - * - * XXX: It's not clear that the existing behavior is - * POSIX-compliant. A number of sources indicate that the saved - * uid/gid should only be updated if the new ruid is not equal to - * the old ruid, or the new euid is not equal to the old euid and - * the new euid is not equal to the old ruid. The FreeBSD code - * always updates the saved uid/gid. Also, this code uses the new - * (replaced) euid and egid as the source, which may or may not be - * the right ones to use. - */ - if (newcred == NULL) { + /* + * Implement correct POSIX saved-id behavior. + * + * XXX: It's not clear that the existing behavior is + * POSIX-compliant. A number of sources indicate that the + * saved uid/gid should only be updated if the new ruid is + * not equal to the old ruid, or the new euid is not equal + * to the old euid and the new euid is not equal to the old + * ruid. The FreeBSD code always updates the saved uid/gid. + * Also, this code uses the new (replaced) euid and egid as + * the source, which may or may not be the right ones to use. + */ if (oldcred->cr_svuid != oldcred->cr_uid || oldcred->cr_svgid != oldcred->cr_gid) { - newcred = crdup(oldcred); + crcopy(newcred, oldcred); change_svuid(newcred, newcred->cr_uid); change_svgid(newcred, newcred->cr_gid); + p->p_ucred = newcred; + newcred = NULL; } - } else { - change_svuid(newcred, newcred->cr_uid); - change_svgid(newcred, newcred->cr_gid); } - if (newcred != NULL) { - PROC_LOCK(p); - p->p_ucred = newcred; - PROC_UNLOCK(p); - crfree(oldcred); - } - /* * Store the vp for use in procfs */ - if (p->p_textvp) /* release old reference */ - vrele(p->p_textvp); + textvp = p->p_textvp; VREF(ndp->ni_vp); p->p_textvp = ndp->ni_vp; @@ -421,7 +425,6 @@ * Notify others that we exec'd, and clear the P_INEXEC flag * as we're now a bona fide freshly-execed process. */ - PROC_LOCK(p); KNOTE(&p->p_klist, NOTE_EXEC); p->p_flag &= ~P_INEXEC; @@ -438,29 +441,46 @@ p->p_acflag &= ~AFORK; /* Free any previous argument cache */ - pa = p->p_args; + oldargs = p->p_args; p->p_args = NULL; - PROC_UNLOCK(p); - if (pa != NULL && --pa->ar_ref == 0) - FREE(pa, M_PARGS); /* Set values passed into the program in registers. */ setregs(td, imgp->entry_addr, (u_long)(uintptr_t)stack_base, imgp->ps_strings); /* Cache arguments if they fit inside our allowance */ - i = imgp->endargs - imgp->stringbase; if (ps_arg_cache_limit >= i + sizeof(struct pargs)) { - MALLOC(pa, struct pargs *, sizeof(struct pargs) + i, - M_PARGS, M_WAITOK); - pa->ar_ref = 1; - pa->ar_length = i; - bcopy(imgp->stringbase, pa->ar_args, i); - PROC_LOCK(p); - p->p_args = pa; - PROC_UNLOCK(p); + newargs->ar_ref = 1; + newargs->ar_length = i; + bcopy(imgp->stringbase, newargs->ar_args, i); + p->p_args = newargs; + newargs = NULL; } + PROC_UNLOCK(p); + /* + * Free any resources malloc'd earlier that we didn't use. + */ + if (newprocsig != NULL) + FREE(newprocsig, M_SUBPROC); + if (newcred == NULL) + crfree(oldcred); + else + crfree(newcred); + if (newargs != NULL) + FREE(newargs, M_PARGS); + /* + * Handle deferred decrement of ref counts. + */ + if (textvp != NULL) + vrele(textvp); + if (tracevp != NULL) + vrele(tracevp); + mp_fixme("need a lock for pargs"); + if (oldargs != NULL && --oldargs->ar_ref == 0) + FREE(oldargs, M_PARGS); + + exec_fail_dealloc: /* @@ -834,13 +854,14 @@ exec_check_permissions(imgp) struct image_params *imgp; { - struct proc *p = imgp->proc; struct vnode *vp = imgp->vp; struct vattr *attr = imgp->attr; - int error; + struct thread *td; + int error = 0; + td = curthread; /* XXXKSE */ /* Get file attributes */ - error = VOP_GETATTR(vp, attr, p->p_ucred, curthread); /* XXXKSE */ + error = VOP_GETATTR(vp, attr, td->td_ucred, td); if (error) return (error); @@ -854,9 +875,8 @@ */ if ((vp->v_mount->mnt_flag & MNT_NOEXEC) || ((attr->va_mode & 0111) == 0) || - (attr->va_type != VREG)) { + (attr->va_type != VREG)) return (EACCES); - } /* * Zero length files can't be exec'd @@ -867,7 +887,7 @@ /* * Check for execute permission to file based on current credentials. */ - error = VOP_ACCESS(vp, VEXEC, p->p_ucred, curthread); /* XXXKSE */ + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td); if (error) return (error); @@ -882,11 +902,8 @@ * Call filesystem specific open routine (which does nothing in the * general case). */ - error = VOP_OPEN(vp, FREAD, p->p_ucred, curthread); /* XXXKSE */ - if (error) - return (error); - - return (0); + error = VOP_OPEN(vp, FREAD, td->td_ucred, td); + return (error); } /* --- //depot/projects/smpng/sys/kern/kern_exit.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_exit.c 2002/02/08 14:06:04 @@ -88,6 +88,8 @@ TAILQ_ENTRY(exitlist) next; }; +static struct sx exit_list_lock; + TAILQ_HEAD(exit_list_head, exitlist); static struct exit_list_head exit_list = TAILQ_HEAD_INITIALIZER(exit_list); @@ -125,6 +127,9 @@ register struct vmspace *vm; struct vnode *vtmp; struct exitlist *ep; +#ifdef KTRACE + struct vnode *tracevp; +#endif GIANT_REQUIRED; @@ -163,8 +168,10 @@ * e.g. SYSV IPC stuff * XXX what if one of these generates an error? */ + sx_slock(&exit_list_lock); TAILQ_FOREACH(ep, &exit_list, next) (*ep->function)(p); + sx_sunlock(&exit_list_lock); stopprofclock(p); @@ -268,11 +275,13 @@ /* * release trace file */ + PROC_LOCK(p); p->p_traceflag = 0; /* don't trace the vrele() */ - if ((vtmp = p->p_tracep) != NULL) { - p->p_tracep = NULL; - vrele(vtmp); - } + tracevp = p->p_tracep; + p->p_tracep = NULL; + PROC_UNLOCK(p); + if (tracevp != NULL) + vrele(tracevp); #endif /* * Release reference to text vnode @@ -316,6 +325,7 @@ * Save exit status and final rusage info, adding in child rusage * info and self times. */ + PROC_LOCK(p); p->p_xstat = rv; *p->p_ru = p->p_stats->p_ru; mtx_lock_spin(&sched_lock); @@ -324,20 +334,8 @@ ruadd(p->p_ru, &p->p_stats->p_cru); /* - * Pretend that an mi_switch() to the next process occurs now. We - * must set `switchtime' directly since we will call cpu_switch() - * directly. Set it now so that the rest of the exit time gets - * counted somewhere if possible. - */ - mtx_lock_spin(&sched_lock); - microuptime(PCPU_PTR(switchtime)); - PCPU_SET(switchticks, ticks); - mtx_unlock_spin(&sched_lock); - - /* * notify interested parties of our demise. */ - PROC_LOCK(p); KNOTE(&p->p_klist, NOTE_EXIT); /* @@ -407,6 +405,7 @@ cpu_exit(td); PROC_LOCK(p); + PROC_LOCK(p->p_pptr); mtx_lock_spin(&sched_lock); while (mtx_owned(&Giant)) mtx_unlock(&Giant); @@ -420,9 +419,13 @@ p->p_stat = SZOMB; wakeup(p->p_pptr); + PROC_UNLOCK(p->p_pptr); PROC_UNLOCK(p); cnt.v_swtch++; + microuptime(PCPU_PTR(switchtime)); + PCPU_SET(switchticks, ticks); + cpu_throw(); panic("exit1"); } @@ -480,19 +483,25 @@ mtx_lock(&Giant); q = td->td_proc; - if (uap->pid == 0) + if (uap->pid == 0) { + PROC_LOCK(q); uap->pid = -q->p_pgid; + PROC_UNLOCK(q); + } if (uap->options &~ (WUNTRACED|WNOHANG|WLINUXCLONE)) { - error = EINVAL; - goto done2; + mtx_unlock(&Giant); + return (EINVAL); } loop: nfound = 0; - sx_slock(&proctree_lock); + sx_xlock(&proctree_lock); LIST_FOREACH(p, &q->p_children, p_sibling) { + PROC_LOCK(p); if (uap->pid != WAIT_ANY && - p->p_pid != uap->pid && p->p_pgid != -uap->pid) + p->p_pid != uap->pid && p->p_pgid != -uap->pid) { + PROC_UNLOCK(p); continue; + } /* * This special case handles a kthread spawned by linux_clone @@ -502,7 +511,6 @@ * p_sigparent is not SIGCHLD, and the WLINUXCLONE option * signifies we want to wait for threads and not processes. */ - PROC_LOCK(p); if ((p->p_sigparent != SIGCHLD) ^ ((uap->options & WLINUXCLONE) != 0)) { PROC_UNLOCK(p); @@ -528,10 +536,7 @@ ESTCPULIM(curthread->td_ksegrp->kg_estcpu + p->p_ksegrp.kg_estcpu); } - mtx_unlock_spin(&sched_lock); - PROC_UNLOCK(p); - sx_sunlock(&proctree_lock); td->td_retval[0] = p->p_pid; #ifdef COMPAT_43 @@ -541,39 +546,69 @@ #endif if (uap->status) { status = p->p_xstat; /* convert to int */ + PROC_UNLOCK(p); if ((error = copyout((caddr_t)&status, (caddr_t)uap->status, sizeof(status)))) { - goto done2; + sx_xunlock(&proctree_lock); + mtx_unlock(&Giant); + return (error); } + PROC_LOCK(p); } - if (uap->rusage && (error = copyout((caddr_t)p->p_ru, - (caddr_t)uap->rusage, sizeof (struct rusage)))) { - goto done2; - } + if (uap->rusage) { + struct rusage ru; + + bcopy(p->p_ru, &ru, sizeof(ru)); + PROC_UNLOCK(p); + if ((error = copyout((caddr_t)&ru, + (caddr_t)uap->rusage, + sizeof (struct rusage)))) { + sx_xunlock(&proctree_lock); + mtx_unlock(&Giant); + return (error); + } + } else + PROC_UNLOCK(p); /* * If we got the child via a ptrace 'attach', * we need to give it back to the old parent. */ - sx_xlock(&proctree_lock); - if (p->p_oppid) { - if ((t = pfind(p->p_oppid)) != NULL) { - PROC_LOCK(p); - p->p_oppid = 0; - proc_reparent(p, t); - PROC_UNLOCK(p); - psignal(t, SIGCHLD); - wakeup((caddr_t)t); - PROC_UNLOCK(t); - sx_xunlock(&proctree_lock); - error = 0; - goto done2; - } + if (p->p_oppid && (t = pfind(p->p_oppid)) != NULL) { + PROC_LOCK(p); + p->p_oppid = 0; + proc_reparent(p, t); + PROC_UNLOCK(p); + psignal(t, SIGCHLD); + wakeup((caddr_t)t); + PROC_UNLOCK(t); + sx_xunlock(&proctree_lock); + mtx_unlock(&Giant); + return (0); } + /* + * Remove other references to this process to ensure + * we have an exclusive reference. + */ + leavepgrp(p); + + sx_xlock(&allproc_lock); + LIST_REMOVE(p, p_list); /* off zombproc */ + sx_xunlock(&allproc_lock); + + LIST_REMOVE(p, p_sibling); sx_xunlock(&proctree_lock); + + /* + * As a side effect of this lock, we know that + * all other writes to this proc are visible now, so + * no more locking is needed for p. + */ PROC_LOCK(p); - p->p_xstat = 0; + p->p_xstat = 0; /* XXX: why? */ PROC_UNLOCK(p); + PROC_LOCK(q); ruadd(&q->p_stats->p_cru, p->p_ru); + PROC_UNLOCK(q); FREE(p->p_ru, M_ZOMBIE); p->p_ru = NULL; @@ -583,24 +618,10 @@ (void)chgproccnt(p->p_ucred->cr_ruidinfo, -1, 0); /* - * Finally finished with old proc entry. - * Unlink it from its process group and free it. - */ - leavepgrp(p); - - sx_xlock(&allproc_lock); - LIST_REMOVE(p, p_list); /* off zombproc */ - sx_xunlock(&allproc_lock); - - sx_xlock(&proctree_lock); - LIST_REMOVE(p, p_sibling); - sx_xunlock(&proctree_lock); - - /* * Free up credentials. */ crfree(p->p_ucred); - p->p_ucred = NULL; + p->p_ucred = NULL; /* XXX: why? */ /* * Remove unused arguments @@ -624,49 +645,55 @@ mtx_destroy(&p->p_mtx); zfree(proc_zone, p); nprocs--; - error = 0; - goto done2; + mtx_unlock(&Giant); + return (0); } if (p->p_stat == SSTOP && (p->p_flag & P_WAITED) == 0 && (p->p_flag & P_TRACED || uap->options & WUNTRACED)) { mtx_unlock_spin(&sched_lock); p->p_flag |= P_WAITED; - PROC_UNLOCK(p); - sx_sunlock(&proctree_lock); + sx_xunlock(&proctree_lock); td->td_retval[0] = p->p_pid; #ifdef COMPAT_43 if (compat) { td->td_retval[1] = W_STOPCODE(p->p_xstat); + PROC_UNLOCK(p); error = 0; } else #endif if (uap->status) { status = W_STOPCODE(p->p_xstat); + PROC_UNLOCK(p); error = copyout((caddr_t)&status, (caddr_t)uap->status, sizeof(status)); - } else + } else { + PROC_UNLOCK(p); error = 0; - goto done2; + } + mtx_unlock(&Giant); + return (error); } mtx_unlock_spin(&sched_lock); PROC_UNLOCK(p); } - sx_sunlock(&proctree_lock); + sx_xunlock(&proctree_lock); if (nfound == 0) { - error = ECHILD; - goto done2; + mtx_unlock(&Giant); + return (ECHILD); } if (uap->options & WNOHANG) { td->td_retval[0] = 0; - error = 0; - goto done2; + mtx_unlock(&Giant); + return (0); + } + PROC_LOCK(q); + error = msleep((caddr_t)q, &q->p_mtx, PWAIT | PCATCH, "wait", 0); + PROC_UNLOCK(q); + if (error) { + mtx_unlock(&Giant); + return (error); } - if ((error = tsleep((caddr_t)q, PWAIT | PCATCH, "wait", 0)) != 0) - goto done2; goto loop; -done2: - mtx_unlock(&Giant); - return(error); } /* @@ -690,9 +717,19 @@ } /* - * The next two functions are to handle adding/deleting items on the - * exit callout list - * + * The next three functions manage the exit callout list. + * XXX: This should be an eventhandler list. + */ +static void +init_exit_list(void *data __unused) +{ + + sx_init(&exit_list_lock, "exit list"); +} +SYSINIT(exit_list, SI_SUB_INTRINSIC, SI_ORDER_ANY, init_exit_list, NULL); + + +/* * at_exit(): * Take the arguments given and put them onto the exit callout list, * However first make sure that it's not already there. @@ -715,7 +752,9 @@ if (ep == NULL) return (ENOMEM); ep->function = function; + sx_xlock(&exit_list_lock); TAILQ_INSERT_TAIL(&exit_list, ep, next); + sx_xunlock(&exit_list_lock); return (0); } @@ -729,12 +768,15 @@ { struct exitlist *ep; + sx_xlock(&exit_list_lock); TAILQ_FOREACH(ep, &exit_list, next) { if (ep->function == function) { TAILQ_REMOVE(&exit_list, ep, next); + sx_xunlock(&exit_list_lock); free(ep, M_ATEXIT); return(1); } - } + } + sx_xunlock(&exit_list_lock); return (0); } --- //depot/projects/smpng/sys/kern/kern_fork.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_fork.c 2002/02/08 14:06:04 @@ -93,14 +93,6 @@ }; #endif -static void -init_fork_list(void *data __unused) -{ - - sx_init(&fork_list_lock, "fork list"); -} -SYSINIT(fork_list, SI_SUB_INTRINSIC, SI_ORDER_ANY, init_fork_list, NULL); - /* * MPSAFE */ @@ -190,17 +182,19 @@ { int error, pid; + sx_xlock(&allproc_lock); pid = randompid; error = sysctl_handle_int(oidp, &pid, 0, req); - if (error || !req->newptr) - return (error); - if (pid < 0 || pid > PID_MAX - 100) /* out of range */ - pid = PID_MAX - 100; - else if (pid < 2) /* NOP */ - pid = 0; - else if (pid < 100) /* Make it reasonable */ - pid = 100; - randompid = pid; + if (error == 0 && req->newptr != NULL) { + if (pid < 0 || pid > PID_MAX - 100) /* out of range */ + pid = PID_MAX - 100; + else if (pid < 2) /* NOP */ + pid = 0; + else if (pid < 100) /* Make it reasonable */ + pid = 100; + randompid = pid; + } + sx_xunlock(&allproc_lock); return (error); } @@ -239,6 +233,8 @@ struct forklist *ep; struct filedesc *fd; struct proc *p1 = td->td_proc; + struct sigacts *newsigacts; + struct procsig *newprocsig; GIANT_REQUIRED; @@ -286,6 +282,9 @@ return (0); } + /* Allocate new proc. */ + newproc = zalloc(proc_zone); + /* * Although process entries are dynamically created, we still keep * a global limit on the maximum number we will create. Don't allow @@ -293,47 +292,33 @@ * exceed the limit. The variable nprocs is the current number of * processes, maxproc is the limit. */ - uid = p1->p_ucred->cr_ruid; + sx_xlock(&allproc_lock); + uid = td->td_ucred->cr_ruid; if ((nprocs >= maxproc - 1 && uid != 0) || nprocs >= maxproc) { + sx_xunlock(&allproc_lock); + zfree(proc_zone, newproc); tablefull("proc"); return (EAGAIN); } /* - * Increment the nprocs resource before blocking can occur. There - * are hard-limits as to the number of processes that can run. - */ - nprocs++; - - /* * Increment the count of procs running with this uid. Don't allow * a nonprivileged user to exceed their current limit. */ - ok = chgproccnt(p1->p_ucred->cr_ruidinfo, 1, + PROC_LOCK(p1); + ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, (uid != 0) ? p1->p_rlimit[RLIMIT_NPROC].rlim_cur : 0); + PROC_UNLOCK(p1); if (!ok) { - /* - * Back out the process count - */ - nprocs--; + sx_xunlock(&allproc_lock); + zfree(proc_zone, newproc); return (EAGAIN); } - /* Allocate new proc. */ - newproc = zalloc(proc_zone); - /* - * Setup linkage for kernel based threading + * Increment the nprocs resource before blocking can occur. There + * are hard-limits as to the number of processes that can run. */ - if((flags & RFTHREAD) != 0) { - newproc->p_peers = p1->p_peers; - p1->p_peers = newproc; - newproc->p_leader = p1->p_leader; - } else { - newproc->p_peers = NULL; - newproc->p_leader = newproc; - } - - newproc->p_vmspace = NULL; + nprocs++; /* * Find an unused process ID. We remember a range of unused IDs @@ -342,7 +327,6 @@ * If RFHIGHPID is set (used during system boot), do not allocate * low-numbered pids. */ - sx_xlock(&allproc_lock); trypid = lastpid + 1; if (flags & RFHIGHPID) { if (trypid < 10) { @@ -415,6 +399,33 @@ sx_xunlock(&allproc_lock); /* + * Malloc things while we don't hold any locks. + */ + if (flags & RFSIGSHARE) { + MALLOC(newsigacts, struct sigacts *, + sizeof(struct sigacts), M_SUBPROC, M_WAITOK); + newprocsig = NULL; + } else { + newsigacts = NULL; + MALLOC(newprocsig, struct procsig *, sizeof(struct procsig), + M_SUBPROC, M_WAITOK); + } + + /* + * Copy filedesc. + * XXX: This is busted. fd*() need to not take proc + * arguments or something. + */ + if (flags & RFCFDG) + fd = fdinit(td); + else if (flags & RFFDG) { + FILEDESC_LOCK(p1->p_fd); + fd = fdcopy(td); + FILEDESC_UNLOCK(p1->p_fd); + } else + fd = fdshare(p1); + + /* * Make a proc table entry for the new process. * Start by zeroing the section of proc that is zero-initialized, * then copy the section that is copied directly from the parent. @@ -430,10 +441,11 @@ bzero(&p2->p_ksegrp.kg_startzero, (unsigned) ((caddr_t)&p2->p_ksegrp.kg_endzero - (caddr_t)&p2->p_ksegrp.kg_startzero)); + mtx_init(&p2->p_mtx, "process lock", MTX_DEF); + PROC_LOCK(p2); PROC_LOCK(p1); bcopy(&p1->p_startcopy, &p2->p_startcopy, (unsigned) ((caddr_t)&p2->p_endcopy - (caddr_t)&p2->p_startcopy)); - bcopy(&p1->p_kse.ke_startcopy, &p2->p_kse.ke_startcopy, (unsigned) ((caddr_t)&p2->p_kse.ke_endcopy - (caddr_t)&p2->p_kse.ke_startcopy)); @@ -445,7 +457,6 @@ bcopy(&p1->p_ksegrp.kg_startcopy, &p2->p_ksegrp.kg_startcopy, (unsigned) ((caddr_t)&p2->p_ksegrp.kg_endcopy - (caddr_t)&p2->p_ksegrp.kg_startcopy)); - PROC_UNLOCK(p1); /* * XXXKSE Theoretically only the running thread would get copied @@ -454,8 +465,6 @@ */ proc_linkup(p2); - mtx_init(&p2->p_mtx, "process lock", MTX_DEF); - PROC_LOCK(p2); /* note.. XXXKSE no pcb or u-area yet */ /* @@ -469,10 +478,29 @@ if (p1->p_sflag & PS_PROFIL) startprofclock(p2); mtx_unlock_spin(&sched_lock); - PROC_LOCK(p1); - p2->p_ucred = crhold(p1->p_ucred); + p2->p_ucred = crhold(td->td_ucred); p2->p_thread.td_ucred = crhold(p2->p_ucred); /* XXXKSE */ + /* + * Setup linkage for kernel based threading + */ + if((flags & RFTHREAD) != 0) { + /* + * XXX: This assumes a leader is a parent or grandparent of + * all processes in a task. + */ + if (p1->p_leader != p1) + PROC_LOCK(p1->p_leader); + p2->p_peers = p1->p_peers; + p1->p_peers = p2; + p2->p_leader = p1->p_leader; + if (p1->p_leader != p1) + PROC_UNLOCK(p1->p_leader); + } else { + p2->p_peers = NULL; + p2->p_leader = p2; + } + if (p2->p_args) p2->p_args->ar_ref++; @@ -480,15 +508,6 @@ p2->p_procsig = p1->p_procsig; p2->p_procsig->ps_refcnt++; if (p1->p_sigacts == &p1->p_uarea->u_sigacts) { - struct sigacts *newsigacts; - - PROC_UNLOCK(p1); - PROC_UNLOCK(p2); - /* Create the shared sigacts structure */ - MALLOC(newsigacts, struct sigacts *, - sizeof(struct sigacts), M_SUBPROC, M_WAITOK); - PROC_LOCK(p2); - PROC_LOCK(p1); /* * Set p_sigacts to the new shared structure. * Note that this is updating p1->p_sigacts at the @@ -496,15 +515,12 @@ * the shared p_procsig->ps_sigacts. */ p2->p_sigacts = newsigacts; + newsigacts = NULL; *p2->p_sigacts = p1->p_uarea->u_sigacts; } } else { - PROC_UNLOCK(p1); - PROC_UNLOCK(p2); - MALLOC(p2->p_procsig, struct procsig *, sizeof(struct procsig), - M_SUBPROC, M_WAITOK); - PROC_LOCK(p2); - PROC_LOCK(p1); + p2->p_procsig = newprocsig; + newprocsig = NULL; bcopy(p1->p_procsig, p2->p_procsig, sizeof(*p2->p_procsig)); p2->p_procsig->ps_refcnt = 1; p2->p_sigacts = NULL; /* finished in vm_forkproc() */ @@ -514,22 +530,10 @@ else p2->p_sigparent = SIGCHLD; - /* bump references to the text vnode (for procfs) */ + /* Bump references to the text vnode (for procfs) */ p2->p_textvp = p1->p_textvp; - PROC_UNLOCK(p1); - PROC_UNLOCK(p2); if (p2->p_textvp) VREF(p2->p_textvp); - - if (flags & RFCFDG) - fd = fdinit(td); - else if (flags & RFFDG) { - FILEDESC_LOCK(p1->p_fd); - fd = fdcopy(td); - FILEDESC_UNLOCK(p1->p_fd); - } else - fd = fdshare(p1); - PROC_LOCK(p2); p2->p_fd = fd; /* @@ -538,7 +542,6 @@ * (If PL_SHAREMOD is clear, the structure is shared * copy-on-write.) */ - PROC_LOCK(p1); if (p1->p_limit->p_lflags & PL_SHAREMOD) p2->p_limit = limcopy(p1->p_limit); else { @@ -557,34 +560,12 @@ p2->p_flag |= P_PPWAIT; LIST_INSERT_AFTER(p1, p2, p_pglist); - PROC_UNLOCK(p1); - PROC_UNLOCK(p2); - - /* - * Attach the new process to its parent. - * - * If RFNOWAIT is set, the newly created process becomes a child - * of init. This effectively disassociates the child from the - * parent. - */ - if (flags & RFNOWAIT) - pptr = initproc; - else - pptr = p1; - sx_xlock(&proctree_lock); - PROC_LOCK(p2); - p2->p_pptr = pptr; - PROC_UNLOCK(p2); - LIST_INSERT_HEAD(&pptr->p_children, p2, p_sibling); - sx_xunlock(&proctree_lock); - PROC_LOCK(p2); LIST_INIT(&p2->p_children); LIST_INIT(&p2->p_thread.td_contested); /* XXXKSE only 1 thread? */ callout_init(&p2->p_itcallout, 0); callout_init(&p2->p_thread.td_slpcallout, 1); /* XXXKSE */ - PROC_LOCK(p1); #ifdef KTRACE /* * Copy traceflag and tracefile if enabled. If not inherited, @@ -593,13 +574,8 @@ */ if ((p1->p_traceflag & KTRFAC_INHERIT) && p2->p_tracep == NULL) { p2->p_traceflag = p1->p_traceflag; - if ((p2->p_tracep = p1->p_tracep) != NULL) { - PROC_UNLOCK(p1); - PROC_UNLOCK(p2); + if ((p2->p_tracep = p1->p_tracep) != NULL) VREF(p2->p_tracep); - PROC_LOCK(p2); - PROC_LOCK(p1); - } } #endif @@ -620,6 +596,42 @@ PROC_UNLOCK(p2); /* + * Attach the new process to its parent. + * + * If RFNOWAIT is set, the newly created process becomes a child + * of init. This effectively disassociates the child from the + * parent. + */ + if (flags & RFNOWAIT) + pptr = initproc; + else + pptr = p1; + sx_xlock(&proctree_lock); + PROC_LOCK(p2); + p2->p_pptr = pptr; + PROC_LOCK(pptr); + LIST_INSERT_HEAD(&pptr->p_children, p2, p_sibling); + PROC_UNLOCK(pptr); + PROC_UNLOCK(p2); + sx_xunlock(&proctree_lock); + + /* + * XXXKSE: In KSE, there would be a race here if one thread was + * dieing due to a signal (or calling exit1() for that matter) while + * another thread was calling fork1(). Not sure how KSE wants to work + * around that. The problem is that up until the point above, if p1 + * gets killed, it won't find p2 in its list in order for it to be + * reparented. Alternatively, we could add a new p_flag that gets set + * before we reparent all the children that we check above and just + * use init as our parent if that if that flag is set. (Either that + * or abort the fork if the flag is set since our parent died trying + * to fork us (which is evil)). + */ + + KASSERT(newprocsig == NULL, ("unused newprocsig")); + if (newsigacts != NULL) + FREE(newsigacts, M_SUBPROC); + /* * Finish creating the child process. It will return via a different * execution path later. (ie: directly into user mode) */ @@ -627,16 +639,20 @@ if (flags == (RFFDG | RFPROC)) { cnt.v_forks++; - cnt.v_forkpages += p2->p_vmspace->vm_dsize + p2->p_vmspace->vm_ssize; + cnt.v_forkpages += p2->p_vmspace->vm_dsize + + p2->p_vmspace->vm_ssize; } else if (flags == (RFFDG | RFPROC | RFPPWAIT | RFMEM)) { cnt.v_vforks++; - cnt.v_vforkpages += p2->p_vmspace->vm_dsize + p2->p_vmspace->vm_ssize; + cnt.v_vforkpages += p2->p_vmspace->vm_dsize + + p2->p_vmspace->vm_ssize; } else if (p1 == &proc0) { cnt.v_kthreads++; - cnt.v_kthreadpages += p2->p_vmspace->vm_dsize + p2->p_vmspace->vm_ssize; + cnt.v_kthreadpages += p2->p_vmspace->vm_dsize + + p2->p_vmspace->vm_ssize; } else { cnt.v_rforks++; - cnt.v_rforkpages += p2->p_vmspace->vm_dsize + p2->p_vmspace->vm_ssize; + cnt.v_rforkpages += p2->p_vmspace->vm_dsize + + p2->p_vmspace->vm_ssize; } /* @@ -693,9 +709,18 @@ } /* - * The next two functionms are general routines to handle adding/deleting - * items on the fork callout list. - * + * The next three functions manage the fork callout list. + * XXX: This should be an eventhandler list. + */ +static void +init_fork_list(void *data __unused) +{ + + sx_init(&fork_list_lock, "fork list"); +} +SYSINIT(fork_list, SI_SUB_INTRINSIC, SI_ORDER_ANY, init_fork_list, NULL); + +/* * at_fork(): * Take the arguments given and put them onto the fork callout list, * However first make sure that it's not already there. --- //depot/projects/smpng/sys/kern/kern_intr.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/kern/kern_intr.c 2002/01/10 17:31:18 @@ -131,14 +131,18 @@ strncpy(p->p_comm, ithd->it_name, sizeof(ithd->it_name)); ih = TAILQ_FIRST(&ithd->it_handlers); if (ih == NULL) { + mtx_lock_spin(&sched_lock); td->td_ksegrp->kg_pri.pri_level = PRI_MAX_ITHD; + td->td_ksegrp->kg_pri.pri_native = PRI_MAX_ITHD; + mtx_unlock_spin(&sched_lock); ithd->it_flags &= ~IT_ENTROPY; return; } - entropy = 0; + mtx_lock_spin(&sched_lock); td->td_ksegrp->kg_pri.pri_level = ih->ih_pri; td->td_ksegrp->kg_pri.pri_native = ih->ih_pri; + mtx_unlock_spin(&sched_lock); TAILQ_FOREACH(ih, &ithd->it_handlers, ih_next) { if (strlen(p->p_comm) + strlen(ih->ih_name) + 1 < sizeof(p->p_comm)) { @@ -154,12 +158,10 @@ if (ih->ih_flags & IH_ENTROPY) entropy++; } - if (entropy) ithd->it_flags |= IT_ENTROPY; else ithd->it_flags &= ~IT_ENTROPY; - CTR2(KTR_INTR, "%s: updated %s\n", __func__, p->p_comm); } @@ -183,8 +185,7 @@ ithd->it_enable = enable; ithd->it_flags = flags; TAILQ_INIT(&ithd->it_handlers); - mtx_init(&ithd->it_lock, "ithread", MTX_DEF); - mtx_lock(&ithd->it_lock); + mtx_init(&ithd->it_lock, "ithread", MTX_SPIN); va_start(ap, fmt); vsnprintf(ithd->it_name, sizeof(ithd->it_name), fmt, ap); @@ -198,16 +199,18 @@ return (error); } td = &p->p_thread; /* XXXKSE */ + mtx_lock_spin(&sched_lock); td->td_ksegrp->kg_pri.pri_class = PRI_ITHD; td->td_ksegrp->kg_pri.pri_level = PRI_MAX_ITHD; p->p_stat = SWAIT; + mtx_unlock_spin(&sched_lock); + mtx_lock_spin(&ithd->it_lock); ithd->it_td = td; td->td_ithd = ithd; if (ithread != NULL) *ithread = ithd; - mtx_unlock(&ithd->it_lock); - CTR2(KTR_INTR, "%s: created %s", __func__, ithd->it_name); + mtx_unlock_spin(&ithd->it_lock); return (0); } @@ -222,20 +225,20 @@ td = ithread->it_td; p = td->td_proc; - mtx_lock(&ithread->it_lock); + mtx_lock_spin(&ithread->it_lock); if (!TAILQ_EMPTY(&ithread->it_handlers)) { - mtx_unlock(&ithread->it_lock); + mtx_unlock_spin(&ithread->it_lock); return (EINVAL); } + CTR2(KTR_INTR, "%s: killing %s", __func__, ithread->it_name); ithread->it_flags |= IT_DEAD; mtx_lock_spin(&sched_lock); + mtx_unlock_spin(&ithread->it_lock); if (p->p_stat == SWAIT) { p->p_stat = SRUN; /* XXXKSE */ setrunqueue(td); } mtx_unlock_spin(&sched_lock); - mtx_unlock(&ithread->it_lock); - CTR2(KTR_INTR, "%s: killing %s", __func__, ithread->it_name); return (0); } @@ -266,12 +269,14 @@ if (flags & INTR_ENTROPY) ih->ih_flags |= IH_ENTROPY; - mtx_lock(&ithread->it_lock); + mtx_lock_spin(&ithread->it_lock); if ((flags & INTR_EXCL) !=0 && !TAILQ_EMPTY(&ithread->it_handlers)) goto fail; if (!TAILQ_EMPTY(&ithread->it_handlers) && (TAILQ_FIRST(&ithread->it_handlers)->ih_flags & IH_EXCLUSIVE) != 0) goto fail; + if (ithread->it_flags & IT_DEAD) + goto fail; TAILQ_FOREACH(temp_ih, &ithread->it_handlers, ih_next) if (temp_ih->ih_pri > ih->ih_pri) @@ -281,16 +286,17 @@ else TAILQ_INSERT_BEFORE(temp_ih, ih, ih_next); ithread_update(ithread); - mtx_unlock(&ithread->it_lock); + CTR3(KTR_INTR, "%s: added %s to %s", __func__, ih->ih_name, + ithread->it_name); + ithread->it_flags |= IT_RESTART; + mtx_unlock_spin(&ithread->it_lock); if (cookiep != NULL) *cookiep = ih; - CTR3(KTR_INTR, "%s: added %s to %s", __func__, ih->ih_name, - ithread->it_name); return (0); fail: - mtx_unlock(&ithread->it_lock); + mtx_unlock_spin(&ithread->it_lock); free(ih, M_ITHREAD); return (EINVAL); } @@ -312,37 +318,21 @@ handler->ih_name)); CTR3(KTR_INTR, "%s: removing %s from %s", __func__, handler->ih_name, ithread->it_name); - mtx_lock(&ithread->it_lock); + mtx_lock_spin(&ithread->it_lock); #ifdef INVARIANTS TAILQ_FOREACH(ih, &ithread->it_handlers, ih_next) if (ih == handler) goto ok; - mtx_unlock(&ithread->it_lock); + mtx_unlock_spin(&ithread->it_lock); panic("interrupt handler \"%s\" not found in interrupt thread \"%s\"", ih->ih_name, ithread->it_name); + return (EINVAL); ok: #endif - /* - * If the interrupt thread is already running, then just mark this - * handler as being dead and let the ithread do the actual removal. - */ - mtx_lock_spin(&sched_lock); - if (ithread->it_td->td_proc->p_stat != SWAIT) { - handler->ih_flags |= IH_DEAD; - - /* - * Ensure that the thread will process the handler list - * again and remove this handler if it has already passed - * it on the list. - */ - ithread->it_need = 1; - } else - TAILQ_REMOVE(&ithread->it_handlers, handler, ih_next); - mtx_unlock_spin(&sched_lock); - if ((handler->ih_flags & IH_DEAD) != 0) - msleep(handler, &ithread->it_lock, PUSER, "itrmh", 0); + TAILQ_REMOVE(&ithread->it_handlers, handler, ih_next); ithread_update(ithread); - mtx_unlock(&ithread->it_lock); + ithread->it_flags |= IT_RESTART; + mtx_unlock_spin(&ithread->it_lock); free(handler, M_ITHREAD); return (0); } @@ -357,9 +347,13 @@ /* * If no ithread or no handlers, then we have a stray interrupt. */ - if ((ithread == NULL) || TAILQ_EMPTY(&ithread->it_handlers)) + if (ithread == NULL) + return (EINVAL); + mtx_lock_spin(&ithread->it_lock); + if (TAILQ_EMPTY(&ithread->it_handlers)) { + mtx_unlock_spin(&ithread->it_lock); return (EINVAL); - + } /* * If any of the handlers for this ithread claim to be good * sources of entropy, then gather some. @@ -370,23 +364,23 @@ random_harvest(&entropy, sizeof(entropy), 2, 0, RANDOM_INTERRUPT); } - td = ithread->it_td; p = td->td_proc; KASSERT(p != NULL, ("ithread %s has no process", ithread->it_name)); - CTR4(KTR_INTR, "%s: pid %d: (%s) need = %d", __func__, p->p_pid, p->p_comm, - ithread->it_need); + CTR4(KTR_INTR, "%s: pid %d: (%s) need = %d", __func__, p->p_pid, + p->p_comm, (ithread->it_flags & IT_NEED)); /* - * Set it_need to tell the thread to keep running if it is already - * running. Then, grab sched_lock and see if we actually need to - * put this thread on the runqueue. If so and the do_switch flag is - * true and it is safe to switch, then switch to the ithread - * immediately. Otherwise, set the needresched flag to guarantee - * that this ithread will run before any userland processes. + * Set IT_NEED to tell the thread to keep running if it is already + * running. Then, see if we actually need to put this thread on the + * runqueue. If so and the do_switch flag is true and it is safe to + * switch, then switch to the ithread immediately. Otherwise, set + * the needresched flag to guarantee that this ithread will run + * before any userland processes. */ - ithread->it_need = 1; mtx_lock_spin(&sched_lock); + ithread->it_flags |= IT_NEED; + mtx_unlock_spin(&ithread->it_lock); if (p->p_stat == SWAIT) { CTR2(KTR_INTR, "%s: setrunqueue %d", __func__, p->p_pid); p->p_stat = SRUN; @@ -400,11 +394,10 @@ } else curthread->td_kse->ke_flags |= KEF_NEEDRESCHED; } else { - CTR4(KTR_INTR, "%s: pid %d: it_need %d, state %d", - __func__, p->p_pid, ithread->it_need, p->p_stat); + CTR4(KTR_INTR, "%s: pid %d: it_need %d, state %d", __func__, + p->p_pid, (ithread->it_flags & IT_NEED), p->p_stat); } mtx_unlock_spin(&sched_lock); - return (0); } @@ -450,14 +443,17 @@ atomic_add_int(&cnt.v_intr, 1); /* one more global interrupt */ CTR3(KTR_INTR, "swi_sched pid %d(%s) need=%d", - it->it_td->td_proc->p_pid, it->it_td->td_proc->p_comm, it->it_need); + it->it_td->td_proc->p_pid, it->it_td->td_proc->p_comm, + (it->it_flags & IT_NEED)); /* - * Set ih_need for this handler so that if the ithread is already + * Set IH_NEED for this handler so that if the ithread is already * running it will execute this handler on the next pass. Otherwise, * it will execute it the next time it runs. */ - atomic_store_rel_int(&ih->ih_need, 1); + mtx_lock_spin(&it->it_lock); + ih->ih_flags |= IH_NEED; + mtx_unlock_spin(&it->it_lock); if (!(flags & SWI_DELAY)) { error = ithread_schedule(it, !cold); KASSERT(error == 0, ("stray software interrupt")); @@ -474,6 +470,9 @@ struct intrhand *ih; /* and our interrupt handler chain */ struct thread *td; struct proc *p; + driver_intr_t *ih_handler; + void *ih_argument; + int ih_flags; td = curthread; p = td->td_proc; @@ -485,6 +484,7 @@ * As long as we have interrupts outstanding, go through the * list of handlers, giving each one a go at it. */ + mtx_lock_spin(&ithd->it_lock); for (;;) { /* * If we are an orphaned thread, then just die. @@ -500,62 +500,64 @@ } CTR4(KTR_INTR, "%s: pid %d: (%s) need=%d", __func__, - p->p_pid, p->p_comm, ithd->it_need); - while (ithd->it_need) { + p->p_pid, p->p_comm, (ithd->it_flags & IT_NEED)); + while (ithd->it_flags & IT_NEED) { /* * Service interrupts. If another interrupt * arrives while we are running, they will set - * it_need to denote that we should make + * IT_NEED to denote that we should make * another pass. */ - atomic_store_rel_int(&ithd->it_need, 0); restart: + ithd->it_flags &= ~(IT_NEED | IT_RESTART); TAILQ_FOREACH(ih, &ithd->it_handlers, ih_next) { - if (ithd->it_flags & IT_SOFT && !ih->ih_need) + if (ithd->it_flags & IT_SOFT && + !(ih->ih_flags & IH_NEED)) continue; - atomic_store_rel_int(&ih->ih_need, 0); + ih->ih_flags &= ~IH_NEED; + ih_handler = ih->ih_handler; + ih_argument = ih->ih_argument; + ih_flags = ih->ih_flags; CTR6(KTR_INTR, "%s: pid %d ih=%p: %p(%p) flg=%x", __func__, - p->p_pid, (void *)ih, - (void *)ih->ih_handler, ih->ih_argument, - ih->ih_flags); - - if ((ih->ih_flags & IH_DEAD) != 0) { - mtx_lock(&ithd->it_lock); - TAILQ_REMOVE(&ithd->it_handlers, ih, - ih_next); - wakeup(ih); - mtx_unlock(&ithd->it_lock); - goto restart; - } - if ((ih->ih_flags & IH_MPSAFE) == 0) + p->p_pid, (void *)ih, (void *)ih_handler, + ih_argument, ih_flags); + mtx_unlock_spin(&ithd->it_lock); + if ((ih_flags & IH_MPSAFE) == 0) mtx_lock(&Giant); - ih->ih_handler(ih->ih_argument); - if ((ih->ih_flags & IH_MPSAFE) == 0) + ih_handler(ih_argument); + if ((ih_flags & IH_MPSAFE) == 0) mtx_unlock(&Giant); + mtx_lock_spin(&ithd->it_lock); + if (ithd->it_flags & IT_RESTART) + goto restart; } + /* + * Ensure none of the handlers returned with Giant held. + */ + mtx_assert(&Giant, MA_NOTOWNED); } + mtx_unlock_spin(&ithd->it_lock); /* - * Processed all our interrupts. Now get the sched - * lock. This may take a while and it_need may get - * set again, so we have to check it again. + * Should we call this earlier in the loop above? + */ + if (ithd->it_enable != NULL) + ithd->it_enable(ithd->it_vector); + /* + * Processed all our interrupts. Now get the sched_lock. */ - mtx_assert(&Giant, MA_NOTOWNED); mtx_lock_spin(&sched_lock); - if (!ithd->it_need) { - /* - * Should we call this earlier in the loop above? - */ - if (ithd->it_enable != NULL) - ithd->it_enable(ithd->it_vector); + if ((ithd->it_flags & IT_NEED) == 0) { p->p_stat = SWAIT; /* we're idle */ p->p_stats->p_ru.ru_nvcsw++; CTR2(KTR_INTR, "%s: pid %d: done", __func__, p->p_pid); mi_switch(); - CTR2(KTR_INTR, "%s: pid %d: resumed", __func__, p->p_pid); + CTR2(KTR_INTR, "%s: pid %d: resumed", __func__, + p->p_pid); } mtx_unlock_spin(&sched_lock); + mtx_lock_spin(&ithd->it_lock); } } --- //depot/projects/smpng/sys/kern/kern_jail.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_jail.c 2002/02/08 14:06:04 @@ -87,7 +87,7 @@ pr->pr_ip = j.ip_number; PROC_LOCK(p); /* Implicitly fail if already in jail. */ - error = suser_xxx(p->p_ucred, NULL, 0); + error = suser_cred(p->p_ucred, 0); if (error) goto badcred; oldcred = p->p_ucred; --- //depot/projects/smpng/sys/kern/kern_ktrace.c 2001/10/24 09:22:42 +++ //depot/user/jhb/proc/kern/kern_ktrace.c 2002/02/06 21:41:07 @@ -57,9 +57,9 @@ #ifdef KTRACE static struct ktr_header *ktrgetheader __P((int type)); static void ktrwrite __P((struct vnode *, struct ktr_header *, struct uio *)); -static int ktrcanset __P((struct proc *,struct proc *)); -static int ktrsetchildren __P((struct proc *,struct proc *,int,int,struct vnode *)); -static int ktrops __P((struct proc *,struct proc *,int,int,struct vnode *)); +static int ktrcanset __P((struct thread *,struct proc *)); +static int ktrsetchildren __P((struct thread *,struct proc *,int,int,struct vnode *)); +static int ktrops __P((struct thread *,struct proc *,int,int,struct vnode *)); static struct ktr_header * @@ -311,7 +311,7 @@ vp = nd.ni_vp; VOP_UNLOCK(vp, 0, td); if (vp->v_type != VREG) { - (void) vn_close(vp, FREAD|FWRITE, curp->p_ucred, td); + (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td); curp->p_traceflag &= ~KTRFAC_ACTIVE; return (EACCES); } @@ -322,16 +322,20 @@ if (ops == KTROP_CLEARFILE) { sx_slock(&allproc_lock); LIST_FOREACH(p, &allproc, p_list) { + PROC_LOCK(p); if (p->p_tracep == vp) { - if (ktrcanset(curp, p) && p->p_tracep == vp) { + if (ktrcanset(td, p) && p->p_tracep == vp) { p->p_tracep = NULL; p->p_traceflag = 0; + PROC_UNLOCK(p); (void) vn_close(vp, FREAD|FWRITE, - p->p_ucred, td); + td->td_ucred, td); } else { + PROC_UNLOCK(p); error = EPERM; } - } + } else + PROC_UNLOCK(p); } sx_sunlock(&allproc_lock); goto done; @@ -357,9 +361,9 @@ } LIST_FOREACH(p, &pg->pg_members, p_pglist) if (descend) - ret |= ktrsetchildren(curp, p, ops, facs, vp); + ret |= ktrsetchildren(td, p, ops, facs, vp); else - ret |= ktrops(curp, p, ops, facs, vp); + ret |= ktrops(td, p, ops, facs, vp); } else { /* * by pid @@ -370,16 +374,17 @@ goto done; } PROC_UNLOCK(p); + /* XXX: UNLOCK above has a race */ if (descend) - ret |= ktrsetchildren(curp, p, ops, facs, vp); + ret |= ktrsetchildren(td, p, ops, facs, vp); else - ret |= ktrops(curp, p, ops, facs, vp); + ret |= ktrops(td, p, ops, facs, vp); } if (!ret) error = EPERM; done: if (vp != NULL) - (void) vn_close(vp, FWRITE, curp->p_ucred, td); + (void) vn_close(vp, FWRITE, td->td_ucred, td); curp->p_traceflag &= ~KTRFAC_ACTIVE; return (error); #else @@ -431,30 +436,32 @@ #ifdef KTRACE static int -ktrops(curp, p, ops, facs, vp) - struct proc *p, *curp; +ktrops(td, p, ops, facs, vp) + struct thread *td; + struct proc *p; int ops, facs; struct vnode *vp; { + struct vnode *vtmp = NULL, *newvp = NULL; - if (!ktrcanset(curp, p)) + PROC_LOCK(p); + if (!ktrcanset(td, p)) { + PROC_UNLOCK(p); return (0); + } if (ops == KTROP_SET) { if (p->p_tracep != vp) { struct vnode *vtmp; /* - * if trace file already in use, relinquish + * if trace file already in use, relinquish below */ - VREF(vp); - while ((vtmp = p->p_tracep) != NULL) { - p->p_tracep = NULL; - vrele(vtmp); - } - p->p_tracep = vp; + newvp = vp; + vtmp = p->p_tracep; + p->p_tracep = NULL; } p->p_traceflag |= facs; - if (curp->p_ucred->cr_uid == 0) + if (td->td_ucred->cr_uid == 0) p->p_traceflag |= KTRFAC_ROOT; } else { /* KTROP_CLEAR */ @@ -463,19 +470,36 @@ /* no more tracing */ p->p_traceflag = 0; - if ((vtmp = p->p_tracep) != NULL) { - p->p_tracep = NULL; - vrele(vtmp); - } + vtmp = p->p_tracep; + p->p_tracep = NULL; } } + PROC_UNLOCK(p); + + /* Release old trace file if requested. */ + if (vtmp != NULL) + vrele(vtmp); + /* Setup new trace file if requested. */ + /* + * XXX: Doing this before the PROC_UNLOCK above would result in + * fewer lock operations but would break old behavior where the + * above vrele() would not be traced when changing trace files. + */ + if (newvp != NULL) { + VREF(newvp); + PROC_LOCK(p); + p->p_tracep = newvp; + PROC_UNLOCK(p); + } + return (1); } static int -ktrsetchildren(curp, top, ops, facs, vp) - struct proc *curp, *top; +ktrsetchildren(td, top, ops, facs, vp) + struct thread *td; + struct proc *top; int ops, facs; struct vnode *vp; { @@ -485,7 +509,7 @@ p = top; sx_slock(&proctree_lock); for (;;) { - ret |= ktrops(curp, p, ops, facs, vp); + ret |= ktrops(td, p, ops, facs, vp); /* * If this process has children, descend to them next, * otherwise do any siblings, and if done with this level, @@ -542,11 +566,11 @@ } vn_start_write(vp, &mp, V_WAIT); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - (void)VOP_LEASE(vp, td, p->p_ucred, LEASE_WRITE); - error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, p->p_ucred); + (void)VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); + error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, td->td_ucred); if (error == 0 && uio != NULL) { - (void)VOP_LEASE(vp, td, p->p_ucred, LEASE_WRITE); - error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, p->p_ucred); + (void)VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); + error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, td->td_ucred); } VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); @@ -577,15 +601,17 @@ * so, only root may further change it. */ static int -ktrcanset(callp, targetp) - struct proc *callp, *targetp; +ktrcanset(td, targetp) + struct thread *td; + struct proc *targetp; { + PROC_LOCK_ASSERT(targetp, MA_OWNED); if (targetp->p_traceflag & KTRFAC_ROOT && - suser_xxx(NULL, callp, PRISON_ROOT)) + suser(td, PRISON_ROOT)) return (0); - if (p_candebug(callp, targetp) != 0) + if (p_candebug(td, targetp) != 0) return (0); return (1); --- //depot/projects/smpng/sys/kern/kern_linker.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/kern/kern_linker.c 2002/02/06 23:07:48 @@ -711,7 +711,7 @@ mtx_lock(&Giant); - if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) + if ((error = suser(td, 0)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -757,7 +757,7 @@ mtx_lock(&Giant); - if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) + if ((error = suser(td, 0)) != 0) goto out; lf = linker_find_file_by_id(SCARG(uap, fileid)); @@ -1352,9 +1352,9 @@ NDFREE(&nd, NDF_ONLY_PNBUF); type = nd.ni_vp->v_type; if (vap) - VOP_GETATTR(nd.ni_vp, vap, td->td_proc->p_ucred, td); + VOP_GETATTR(nd.ni_vp, vap, td->td_ucred, td); VOP_UNLOCK(nd.ni_vp, 0, td); - vn_close(nd.ni_vp, FREAD, td->td_proc->p_ucred, td); + vn_close(nd.ni_vp, FREAD, td->td_ucred, td); if (type == VREG) return(result); } @@ -1377,7 +1377,7 @@ struct mod_depend *verinfo) { struct thread *td = curthread; /* XXX */ - struct ucred *cred = td ? td->td_proc->p_ucred : NULL; + struct ucred *cred = td ? td->td_ucred : NULL; struct nameidata nd; struct vattr vattr, mattr; u_char *hints = NULL; --- //depot/projects/smpng/sys/kern/kern_mib.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_mib.c 2002/02/08 14:06:04 @@ -161,7 +161,7 @@ char tmphostname[MAXHOSTNAMELEN]; int error; - pr = req->td->td_proc->p_ucred->cr_prison; + pr = req->td->td_ucred->cr_prison; if (pr != NULL) { if (!jail_set_hostname_allowed && req->newptr) return (EPERM); @@ -211,7 +211,7 @@ struct prison *pr; int error, level; - pr = req->td->td_proc->p_ucred->cr_prison; + pr = req->td->td_ucred->cr_prison; /* * If the process is in jail, return the maximum of the global and --- //depot/projects/smpng/sys/kern/kern_mutex.c 2002/02/08 14:19:21 +++ //depot/user/jhb/proc/kern/kern_mutex.c 2002/02/08 14:06:04 @@ -372,7 +372,7 @@ * Put us on the list of threads blocked on this mutex. */ if (TAILQ_EMPTY(&m->mtx_blocked)) { - td1 = mtx_owner(m); + td1 = (struct thread *)(m->mtx_lock & MTX_FLAGMASK); LIST_INSERT_HEAD(&td1->td_contested, m, mtx_contested); TAILQ_INSERT_TAIL(&m->mtx_blocked, td, td_blkq); } else { --- //depot/projects/smpng/sys/kern/kern_ntptime.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/kern/kern_ntptime.c 2002/01/15 09:05:41 @@ -300,7 +300,7 @@ mtx_lock(&Giant); modes = ntv.modes; if (modes) - error = suser_td(td); + error = suser(td, 0); if (error) goto done2; s = splclock(); --- //depot/projects/smpng/sys/kern/kern_proc.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/kern/kern_proc.c 2002/02/06 21:41:07 @@ -461,6 +461,7 @@ /* * Fill in an kinfo_proc structure for the specified process. + * Must be called with the target process locked. */ void fill_kinfo_proc(p, kp) @@ -475,7 +476,7 @@ kp->ki_structsize = sizeof(*kp); kp->ki_paddr = p; - PROC_LOCK(p); + PROC_LOCK_ASSERT(p, MA_OWNED); kp->ki_addr =/* p->p_addr; */0; /* XXXKSE */ kp->ki_args = p->p_args; kp->ki_tracep = p->p_tracep; @@ -586,7 +587,6 @@ kp->ki_lock = p->p_lock; if (p->p_pptr) kp->ki_ppid = p->p_pptr->p_pid; - PROC_UNLOCK(p); } /* @@ -608,6 +608,9 @@ } +/* + * Must be called with the process locked and will return with it unlocked. + */ static int sysctl_out_proc(struct proc *p, struct sysctl_req *req, int doingzomb) { @@ -616,7 +619,9 @@ struct proc *np; pid_t pid = p->p_pid; + PROC_LOCK_ASSERT(p, MA_OWNED); fill_kinfo_proc(p, &kinfo_proc); + PROC_UNLOCK(p); error = SYSCTL_OUT(req, (caddr_t)&kinfo_proc, sizeof(kinfo_proc)); if (error) return (error); @@ -652,7 +657,7 @@ p = pfind((pid_t)name[0]); if (!p) return (0); - if (p_cansee(curproc, p)) { + if (p_cansee(curthread, p)) { PROC_UNLOCK(p); return (0); } @@ -680,16 +685,21 @@ else p = LIST_FIRST(&zombproc); for (; p != 0; p = LIST_NEXT(p, p_list)) { + PROC_LOCK(p); /* * Show a user only appropriate processes. */ - if (p_cansee(curproc, p)) + if (p_cansee(curthread, p)) { + PROC_UNLOCK(p); continue; + } /* * Skip embryonic processes. */ - if (p->p_stat == SIDL) + if (p->p_stat == SIDL) { + PROC_UNLOCK(p); continue; + } /* * TODO - make more efficient (see notes below). * do by session. @@ -699,8 +709,10 @@ case KERN_PROC_PGRP: /* could do this by traversing pgrp */ if (p->p_pgrp == NULL || - p->p_pgrp->pg_id != (pid_t)name[0]) + p->p_pgrp->pg_id != (pid_t)name[0]) { + PROC_UNLOCK(p); continue; + } break; case KERN_PROC_TTY: @@ -708,26 +720,29 @@ p->p_session == NULL || p->p_session->s_ttyp == NULL || dev2udev(p->p_session->s_ttyp->t_dev) != - (udev_t)name[0]) + (udev_t)name[0]) { + PROC_UNLOCK(p); continue; + } break; case KERN_PROC_UID: if (p->p_ucred == NULL || - p->p_ucred->cr_uid != (uid_t)name[0]) + p->p_ucred->cr_uid != (uid_t)name[0]) { + PROC_UNLOCK(p); continue; + } break; case KERN_PROC_RUID: if (p->p_ucred == NULL || - p->p_ucred->cr_ruid != (uid_t)name[0]) + p->p_ucred->cr_ruid != (uid_t)name[0]) { + PROC_UNLOCK(p); continue; + } break; } - if (p_cansee(curproc, p)) - continue; - error = sysctl_out_proc(p, req, doingzomb); if (error) { sx_sunlock(&allproc_lock); @@ -761,7 +776,7 @@ if (!p) return (0); - if ((!ps_argsopen) && p_cansee(curproc, p)) { + if ((!ps_argsopen) && p_cansee(curthread, p)) { PROC_UNLOCK(p); return (0); } --- //depot/projects/smpng/sys/kern/kern_prot.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_prot.c 2002/02/08 14:06:04 @@ -169,7 +169,7 @@ else if ((pt = pfind(uap->pid)) == NULL) error = ESRCH; else { - error = p_cansee(p, pt); + error = p_cansee(td, pt); if (error == 0) td->td_retval[0] = pt->p_pgrp->pg_id; PROC_UNLOCK(pt); @@ -205,7 +205,7 @@ else if ((pt = pfind(uap->pid)) == NULL) error = ESRCH; else { - error = p_cansee(p, pt); + error = p_cansee(td, pt); if (error == 0) td->td_retval[0] = pt->p_session->s_sid; PROC_UNLOCK(pt); @@ -228,14 +228,11 @@ struct thread *td; struct getuid_args *uap; { - struct proc *p = td->td_proc; - mtx_lock(&Giant); - td->td_retval[0] = p->p_ucred->cr_ruid; + td->td_retval[0] = td->td_ucred->cr_ruid; #if defined(COMPAT_43) || defined(COMPAT_SUNOS) - td->td_retval[1] = p->p_ucred->cr_uid; + td->td_retval[1] = td->td_ucred->cr_uid; #endif - mtx_unlock(&Giant); return (0); } @@ -253,9 +250,8 @@ struct thread *td; struct geteuid_args *uap; { - mtx_lock(&Giant); - td->td_retval[0] = td->td_proc->p_ucred->cr_uid; - mtx_unlock(&Giant); + + td->td_retval[0] = td->td_ucred->cr_uid; return (0); } @@ -273,14 +269,11 @@ struct thread *td; struct getgid_args *uap; { - struct proc *p = td->td_proc; - mtx_lock(&Giant); - td->td_retval[0] = p->p_ucred->cr_rgid; + td->td_retval[0] = td->td_ucred->cr_rgid; #if defined(COMPAT_43) || defined(COMPAT_SUNOS) - td->td_retval[1] = p->p_ucred->cr_groups[0]; + td->td_retval[1] = td->td_ucred->cr_groups[0]; #endif - mtx_unlock(&Giant); return (0); } @@ -303,11 +296,8 @@ struct thread *td; struct getegid_args *uap; { - struct proc *p = td->td_proc; - mtx_lock(&Giant); - td->td_retval[0] = p->p_ucred->cr_groups[0]; - mtx_unlock(&Giant); + td->td_retval[0] = td->td_ucred->cr_groups[0]; return (0); } @@ -326,29 +316,23 @@ register struct getgroups_args *uap; { struct ucred *cred; - struct proc *p = td->td_proc; u_int ngrp; int error; - mtx_lock(&Giant); - error = 0; - cred = p->p_ucred; + cred = td->td_ucred; if ((ngrp = uap->gidsetsize) == 0) { td->td_retval[0] = cred->cr_ngroups; - goto done2; + return (0); } - if (ngrp < cred->cr_ngroups) { - error = EINVAL; - goto done2; - } + if (ngrp < cred->cr_ngroups) + return (EINVAL); ngrp = cred->cr_ngroups; - if ((error = copyout((caddr_t)cred->cr_groups, - (caddr_t)uap->gidset, ngrp * sizeof(gid_t)))) - goto done2; + error = copyout((caddr_t)cred->cr_groups, (caddr_t)uap->gidset, + ngrp * sizeof(gid_t)); + if (error) + return (error); td->td_retval[0] = ngrp; -done2: - mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -411,56 +395,45 @@ struct proc *curp = td->td_proc; register struct proc *targp; /* target process */ register struct pgrp *pgrp; /* target pgrp */ - int error; + int error = 0; if (uap->pgid < 0) return (EINVAL); mtx_lock(&Giant); + sx_slock(&proctree_lock); if (uap->pid != 0 && uap->pid != curp->p_pid) { - if ((targp = pfind(uap->pid)) == NULL || !inferior(targp)) { - if (targp) - PROC_UNLOCK(targp); + if ((targp = pfind(uap->pid)) == NULL || !inferior(targp)) error = ESRCH; - goto done2; + else if ((error = p_cansee(td, targp)) == 0) { + if (targp->p_pgrp == NULL || + targp->p_session != curp->p_session) + error = EPERM; + else if (targp->p_flag & P_EXEC) + error = EACCES; } - if ((error = p_cansee(curproc, targp))) { - PROC_UNLOCK(targp); - goto done2; - } - if (targp->p_pgrp == NULL || - targp->p_session != curp->p_session) { - PROC_UNLOCK(targp); - error = EPERM; - goto done2; - } - if (targp->p_flag & P_EXEC) { - PROC_UNLOCK(targp); - error = EACCES; + if (error != 0) { + if (targp != NULL) + PROC_UNLOCK(targp); goto done2; } } else { targp = curp; PROC_LOCK(curp); /* XXX: not needed */ } - if (SESS_LEADER(targp)) { - PROC_UNLOCK(targp); + if (SESS_LEADER(targp)) error = EPERM; - goto done2; - } - if (uap->pgid == 0) + else if (uap->pgid == 0) uap->pgid = targp->p_pid; else if (uap->pgid != targp->p_pid) { if ((pgrp = pgfind(uap->pgid)) == 0 || - pgrp->pg_session != curp->p_session) { - PROC_UNLOCK(targp); + pgrp->pg_session != curp->p_session) error = EPERM; - goto done2; - } } /* XXX: We should probably hold the lock across enterpgrp. */ PROC_UNLOCK(targp); - error = enterpgrp(targp, uap->pgid, 0); + if (error == 0) + error = enterpgrp(targp, uap->pgid, 0); done2: sx_sunlock(&proctree_lock); mtx_unlock(&Giant); @@ -498,9 +471,10 @@ uid_t uid; int error; + mtx_lock(&Giant); uid = uap->uid; - mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; /* @@ -527,10 +501,14 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } - newcred = crdup(oldcred); + crcopy(newcred, oldcred); #ifdef _POSIX_SAVED_IDS /* * Do we have "appropriate privileges" (are we root or uid == euid) @@ -540,7 +518,7 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ uid == oldcred->cr_uid || #endif - suser_xxx(oldcred, NULL, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -572,10 +550,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -599,26 +577,31 @@ euid = uap->euid; mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } /* * Everything's okay, do it. Copy credentials so other references do * not see our changes. */ - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (oldcred->cr_uid != euid) { change_euid(newcred, euid); setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -642,7 +625,8 @@ gid = uap->gid; mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; /* @@ -663,10 +647,14 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } - newcred = crdup(oldcred); + crcopy(newcred, oldcred); #ifdef _POSIX_SAVED_IDS /* * Do we have "appropriate privileges" (are we root or gid == egid) @@ -676,7 +664,7 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ gid == oldcred->cr_groups[0] || #endif - suser_xxx(oldcred, NULL, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -707,10 +695,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -734,22 +722,27 @@ egid = uap->egid; mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - newcred = crdup(oldcred); + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } + crcopy(newcred, oldcred); if (oldcred->cr_groups[0] != egid) { change_egid(newcred, egid); setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -768,24 +761,39 @@ struct setgroups_args *uap; { struct proc *p = td->td_proc; - struct ucred *newcred, *oldcred; + struct ucred *newcred, *tempcred, *oldcred; u_int ngrp; int error; ngrp = uap->gidsetsize; + if (ngrp > NGROUPS) + return (EINVAL); mtx_lock(&Giant); + tempcred = crget(); + error = copyin((caddr_t)uap->gidset, (caddr_t)tempcred->cr_groups, + ngrp * sizeof(gid_t)); + if (error != 0) { + crfree(tempcred); + mtx_unlock(&Giant); + return (error); + } + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - if (ngrp > NGROUPS) { - error = EINVAL; - goto done2; + error = suser_cred(oldcred, PRISON_ROOT); + if (error) { + PROC_UNLOCK(p); + crfree(newcred); + crfree(tempcred); + mtx_unlock(&Giant); + return (error); } + /* * XXX A little bit lazy here. We could test if anything has * changed before crcopy() and setting P_SUGID. */ - newcred = crdup(oldcred); + crcopy(newcred, oldcred); if (ngrp < 1) { /* * setgroups(0, NULL) is a legitimate way of clearing the @@ -795,19 +803,17 @@ */ newcred->cr_ngroups = 1; } else { - if ((error = copyin((caddr_t)uap->gidset, - (caddr_t)newcred->cr_groups, ngrp * sizeof(gid_t)))) { - crfree(newcred); - goto done2; - } + bcopy(tempcred->cr_groups, newcred->cr_groups, + ngrp * sizeof(gid_t)); newcred->cr_ngroups = ngrp; } setsugid(p); p->p_ucred = newcred; + PROC_UNLOCK(p); + crfree(tempcred); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -833,15 +839,20 @@ euid = uap->euid; ruid = uap->ruid; mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - newcred = crdup(oldcred); + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } + crcopy(newcred, oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { change_euid(newcred, euid); setsugid(p); @@ -856,10 +867,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -885,15 +896,21 @@ egid = uap->egid; rgid = uap->rgid; mtx_lock(&Giant); - error = 0; + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - newcred = crdup(oldcred); + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } + + crcopy(newcred, oldcred); if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { change_egid(newcred, egid); setsugid(p); @@ -908,10 +925,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); -done2: mtx_unlock(&Giant); - return (error); + return (0); } /* @@ -944,6 +961,8 @@ ruid = uap->ruid; suid = uap->suid; mtx_lock(&Giant); + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && ruid != oldcred->cr_svuid && @@ -954,9 +973,14 @@ (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - newcred = crdup(oldcred); + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } + + crcopy(newcred, oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { change_euid(newcred, euid); setsugid(p); @@ -970,11 +994,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); - error = 0; -done2: mtx_unlock(&Giant); - return (error); + return (0); } /* @@ -1007,6 +1030,8 @@ rgid = uap->rgid; sgid = uap->sgid; mtx_lock(&Giant); + newcred = crget(); + PROC_LOCK(p); oldcred = p->p_ucred; if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid && @@ -1017,9 +1042,14 @@ (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) - goto done2; - newcred = crdup(oldcred); + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + PROC_UNLOCK(p); + crfree(newcred); + mtx_unlock(&Giant); + return (error); + } + + crcopy(newcred, oldcred); if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { change_egid(newcred, egid); setsugid(p); @@ -1033,11 +1063,10 @@ setsugid(p); } p->p_ucred = newcred; + PROC_UNLOCK(p); crfree(oldcred); - error = 0; -done2: mtx_unlock(&Giant); - return (error); + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -1057,11 +1086,9 @@ struct getresuid_args *uap; { struct ucred *cred; - struct proc *p = td->td_proc; int error1 = 0, error2 = 0, error3 = 0; - mtx_lock(&Giant); - cred = p->p_ucred; + cred = td->td_ucred; if (uap->ruid) error1 = copyout((caddr_t)&cred->cr_ruid, (caddr_t)uap->ruid, sizeof(cred->cr_ruid)); @@ -1071,7 +1098,6 @@ if (uap->suid) error3 = copyout((caddr_t)&cred->cr_svuid, (caddr_t)uap->suid, sizeof(cred->cr_svuid)); - mtx_unlock(&Giant); return (error1 ? error1 : error2 ? error2 : error3); } @@ -1092,11 +1118,9 @@ struct getresgid_args *uap; { struct ucred *cred; - struct proc *p = td->td_proc; int error1 = 0, error2 = 0, error3 = 0; - mtx_lock(&Giant); - cred = p->p_ucred; + cred = td->td_ucred; if (uap->rgid) error1 = copyout((caddr_t)&cred->cr_rgid, (caddr_t)uap->rgid, sizeof(cred->cr_rgid)); @@ -1106,7 +1130,6 @@ if (uap->sgid) error3 = copyout((caddr_t)&cred->cr_svgid, (caddr_t)uap->sgid, sizeof(cred->cr_svgid)); - mtx_unlock(&Giant); return (error1 ? error1 : error2 ? error2 : error3); } @@ -1134,7 +1157,9 @@ * a user without an exec - programs cannot know *everything* * that libc *might* have put in their data segment. */ + PROC_LOCK(p); td->td_retval[0] = (p->p_flag & P_SUGID) ? 1 : 0; + PROC_UNLOCK(p); return (0); } @@ -1147,23 +1172,27 @@ struct __setugid_args *uap; { #ifdef REGRESSION - int error; + struct proc *p; - mtx_lock(&Giant); - error = 0; + p = td->td_proc; switch (uap->flag) { case 0: - td->td_proc->p_flag &= ~P_SUGID; - break; + mtx_lock(&Giant); + PROC_LOCK(p); + p->p_flag &= ~P_SUGID; + PROC_UNLOCK(p); + mtx_unlock(&Giant); + return (0); case 1: - td->td_proc->p_flag |= P_SUGID; - break; + mtx_lock(&Giant); + PROC_LOCK(p); + p->p_flag |= P_SUGID; + PROC_UNLOCK(p); + mtx_unlock(&Giant); + return (0); default: - error = EINVAL; - break; + return (EINVAL); } - mtx_unlock(&Giant); - return (error); #else /* !REGRESSION */ return (ENOSYS); @@ -1205,58 +1234,35 @@ /* * Test whether the specified credentials imply "super-user" privilege. - * Return 0 or EPERM. + * Return 0 or EPERM. The flag argument is currently used only to + * specify jail interaction. */ int -suser(p) - struct proc *p; +suser_cred(cred, flag) + struct ucred *cred; + int flag; { - return (suser_xxx(0, p, 0)); + if (!suser_enabled) + return (EPERM); + if (cred->cr_uid != 0) + return (EPERM); + if (jailed(cred) && !(flag & PRISON_ROOT)) + return (EPERM); + return (0); } /* - * version for when the thread pointer is available and not the proc. - * (saves having to include proc.h into every file that needs to do the change.) + * Shortcut to hide contents of struct td and struct proc from the + * caller, promoting binary compatibility. */ int -suser_td(td) - struct thread *td; -{ - return (suser_xxx(0, td->td_proc, 0)); -} - -/* - * wrapper to use if you have the thread on hand but not the proc. - */ -int -suser_xxx_td(cred, td, flag) - struct ucred *cred; +suser(td, flag) struct thread *td; int flag; { - return(suser_xxx(cred, td->td_proc, flag)); -} -int -suser_xxx(cred, proc, flag) - struct ucred *cred; - struct proc *proc; - int flag; -{ - if (!suser_enabled) - return (EPERM); - if (!cred && !proc) { - printf("suser_xxx(): THINK!\n"); - return (EPERM); - } - if (cred == NULL) - cred = proc->p_ucred; - if (cred->cr_uid != 0) - return (EPERM); - if (jailed(cred) && !(flag & PRISON_ROOT)) - return (EPERM); - return (0); + return (suser_cred(td->td_ucred, flag)); } /* @@ -1330,26 +1336,27 @@ if ((error = prison_check(u1, u2))) return (error); if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (suser_xxx(u1, NULL, PRISON_ROOT) != 0) + if (suser_cred(u1, PRISON_ROOT) != 0) return (ESRCH); } return (0); } /*- - * Determine if p1 "can see" the subject specified by p2. + * Determine if td "can see" the subject specified by p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect p1->p_ucred and p2->p_ucred must - * be held. Normally, p1 will be curproc, and a lock must be held - * for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect p->p_ucred must be held. td really + * should be curthread. + * References: td and p must be valid for the lifetime of the call */ int -p_cansee(struct proc *p1, struct proc *p2) +p_cansee(struct thread *td, struct proc *p) { /* Wrap cr_cansee() for all functionality. */ - return (cr_cansee(p1->p_ucred, p2->p_ucred)); + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + return (cr_cansee(td->td_ucred, p->p_ucred)); } /*- @@ -1363,6 +1370,7 @@ { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); /* * Jail semantics limit the scope of signalling to proc in the * same jail as cred, if cred is in jail. @@ -1396,7 +1404,7 @@ break; default: /* Not permitted without privilege. */ - error = suser_xxx(cred, NULL, PRISON_ROOT); + error = suser_cred(cred, PRISON_ROOT); if (error) return (error); } @@ -1411,7 +1419,7 @@ cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { /* Not permitted without privilege. */ - error = suser_xxx(cred, NULL, PRISON_ROOT); + error = suser_cred(cred, PRISON_ROOT); if (error) return (error); } @@ -1421,18 +1429,20 @@ /*- - * Determine whether p1 may deliver the specified signal to p2. + * Determine whether td may deliver the specified signal to p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must be + * held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_cansignal(struct proc *p1, struct proc *p2, int signum) +p_cansignal(struct thread *td, struct proc *p, int signum) { - if (p1 == p2) + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if (td->td_proc == p) return (0); /* @@ -1440,38 +1450,41 @@ * session always be able to deliver SIGCONT to one another, * overriding the remaining protections. */ - if (signum == SIGCONT && p1->p_session == p2->p_session) + /* XXX: This will require an additional lock of some sort. */ + if (signum == SIGCONT && td->td_proc->p_session == p->p_session) return (0); - return (cr_cansignal(p1->p_ucred, p2, signum)); + return (cr_cansignal(td->td_ucred, p, signum)); } /*- - * Determine whether p1 may reschedule p2. + * Determine whether td may reschedule p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_cansched(struct proc *p1, struct proc *p2) +p_cansched(struct thread *td, struct proc *p) { int error; - if (p1 == p2) + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if (td->td_proc == p) return (0); - if ((error = prison_check(p1->p_ucred, p2->p_ucred))) + if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); - if (p1->p_ucred->cr_ruid == p2->p_ucred->cr_ruid) + if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) return (0); - if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) + if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) return (0); - if (suser_xxx(0, p1, PRISON_ROOT) == 0) + if (suser(td, PRISON_ROOT) == 0) return (0); #ifdef CAPABILITIES - if (!cap_check(NULL, p1, CAP_SYS_NICE, PRISON_ROOT)) + if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT)) return (0); #endif @@ -1495,71 +1508,73 @@ "Unprivileged processes may use process debugging facilities"); /*- - * Determine whether p1 may debug p2. + * Determine whether td may debug p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_candebug(struct proc *p1, struct proc *p2) +p_candebug(struct thread *td, struct proc *p) { int credentialchanged, error, grpsubset, i, uidsubset; + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); if (!unprivileged_proc_debug) { - error = suser_xxx(NULL, p1, PRISON_ROOT); + error = suser(td, PRISON_ROOT); if (error) return (error); } - if (p1 == p2) + if (td->td_proc == p) return (0); - if ((error = prison_check(p1->p_ucred, p2->p_ucred))) + if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); /* - * Is p2's group set a subset of p1's effective group set? This - * includes p2's egid, group access list, rgid, and svgid. + * Is p's group set a subset of td's effective group set? This + * includes p's egid, group access list, rgid, and svgid. */ grpsubset = 1; - for (i = 0; i < p2->p_ucred->cr_ngroups; i++) { - if (!groupmember(p2->p_ucred->cr_groups[i], p1->p_ucred)) { + for (i = 0; i < p->p_ucred->cr_ngroups; i++) { + if (!groupmember(p->p_ucred->cr_groups[i], td->td_ucred)) { grpsubset = 0; break; } } grpsubset = grpsubset && - groupmember(p2->p_ucred->cr_rgid, p1->p_ucred) && - groupmember(p2->p_ucred->cr_svgid, p1->p_ucred); + groupmember(p->p_ucred->cr_rgid, td->td_ucred) && + groupmember(p->p_ucred->cr_svgid, td->td_ucred); /* - * Are the uids present in p2's credential equal to p1's - * effective uid? This includes p2's euid, svuid, and ruid. + * Are the uids present in p's credential equal to td's + * effective uid? This includes p's euid, svuid, and ruid. */ - uidsubset = (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid && - p1->p_ucred->cr_uid == p2->p_ucred->cr_svuid && - p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid); + uidsubset = (td->td_ucred->cr_uid == p->p_ucred->cr_uid && + td->td_ucred->cr_uid == p->p_ucred->cr_svuid && + td->td_ucred->cr_uid == p->p_ucred->cr_ruid); /* * Has the credential of the process changed since the last exec()? */ - credentialchanged = (p2->p_flag & P_SUGID); + credentialchanged = (p->p_flag & P_SUGID); /* - * If p2's gids aren't a subset, or the uids aren't a subset, + * If p's gids aren't a subset, or the uids aren't a subset, * or the credential has changed, require appropriate privilege - * for p1 to debug p2. For POSIX.1e capabilities, this will + * for td to debug p. For POSIX.1e capabilities, this will * require CAP_SYS_PTRACE. */ if (!grpsubset || !uidsubset || credentialchanged) { - error = suser_xxx(NULL, p1, PRISON_ROOT); + error = suser(td, PRISON_ROOT); if (error) return (error); } /* Can't trace init when securelevel > 0. */ - if (p2 == initproc) { - error = securelevel_gt(p1->p_ucred, 0); + if (p == initproc) { + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); } @@ -1570,7 +1585,7 @@ * basic correctness/functionality decision. Therefore, this check * should be moved to the caller's of p_candebug(). */ - if ((p2->p_flag & P_INEXEC) != 0) + if ((p->p_flag & P_INEXEC) != 0) return (EAGAIN); return (0); @@ -1615,6 +1630,7 @@ mtx_lock(&cr->cr_mtx); KASSERT(cr->cr_ref > 0, ("bad ucred refcount: %d", cr->cr_ref)); + KASSERT(cr->cr_ref != 0xdeadc0de, ("dangling reference to ucred")); if (--cr->cr_ref == 0) { mtx_destroy(&cr->cr_mtx); /* @@ -1734,18 +1750,19 @@ int error; char logintmp[MAXLOGNAME]; - mtx_lock(&Giant); - if ((error = suser_xxx(0, p, PRISON_ROOT)) != 0) - goto done2; + error = suser(td, PRISON_ROOT); + if (error) + return (error); error = copyinstr((caddr_t) uap->namebuf, (caddr_t) logintmp, sizeof(logintmp), (size_t *)0); if (error == ENAMETOOLONG) error = EINVAL; - else if (!error) + else if (!error) { + mtx_lock(&Giant); (void)memcpy(p->p_pgrp->pg_session->s_login, logintmp, sizeof(logintmp)); -done2: - mtx_unlock(&Giant); + mtx_unlock(&Giant); + } return (error); } @@ -1753,6 +1770,8 @@ setsugid(p) struct proc *p; { + + PROC_LOCK_ASSERT(p, MA_OWNED); p->p_flag |= P_SUGID; if (!(p->p_pfsflags & PF_ISUGID)) p->p_stops = 0; --- //depot/projects/smpng/sys/kern/kern_resource.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_resource.c 2002/02/08 14:06:04 @@ -59,7 +59,7 @@ #include #include -static int donice __P((struct proc *curp, struct proc *chgp, int n)); +static int donice __P((struct thread *td, struct proc *chgp, int n)); static MALLOC_DEFINE(M_UIDINFO, "uidinfo", "uidinfo structures"); #define UIHASH(uid) (&uihashtbl[(uid) & uihash]) @@ -87,7 +87,6 @@ struct thread *td; register struct getpriority_args *uap; { - struct proc *curp = td->td_proc; register struct proc *p; register int low = PRIO_MAX + 1; int error = 0; @@ -102,7 +101,7 @@ p = pfind(uap->who); if (p == NULL) break; - if (p_cansee(curp, p) == 0) + if (p_cansee(td, p) == 0) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; PROC_UNLOCK(p); } @@ -112,25 +111,30 @@ register struct pgrp *pg; if (uap->who == 0) - pg = curp->p_pgrp; + pg = td->td_proc->p_pgrp; else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - if (!p_cansee(curp, p) && p->p_ksegrp.kg_nice /* XXXKSE */ < low) + PROC_LOCK(p); + if (!p_cansee(td, p) && p->p_ksegrp.kg_nice /* XXXKSE */ < low) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; + PROC_UNLOCK(p); } break; } case PRIO_USER: if (uap->who == 0) - uap->who = curp->p_ucred->cr_uid; + uap->who = td->td_ucred->cr_uid; sx_slock(&allproc_lock); - LIST_FOREACH(p, &allproc, p_list) - if (!p_cansee(curp, p) && + LIST_FOREACH(p, &allproc, p_list) { + PROC_LOCK(p); + if (!p_cansee(td, p) && p->p_ucred->cr_uid == uap->who && p->p_ksegrp.kg_nice /* XXXKSE */ < low) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; + PROC_UNLOCK(p); + } sx_sunlock(&allproc_lock); break; @@ -169,14 +173,16 @@ switch (uap->which) { case PRIO_PROCESS: - if (uap->who == 0) - error = donice(curp, curp, uap->prio); - else { + if (uap->who == 0) { + PROC_LOCK(curp); + error = donice(td, curp, uap->prio); + PROC_UNLOCK(curp); + } else { p = pfind(uap->who); if (p == 0) break; - if (p_cansee(curp, p) == 0) - error = donice(curp, p, uap->prio); + if (p_cansee(td, p) == 0) + error = donice(td, p, uap->prio); PROC_UNLOCK(p); } found++; @@ -190,24 +196,28 @@ else if ((pg = pgfind(uap->who)) == NULL) break; LIST_FOREACH(p, &pg->pg_members, p_pglist) { - if (!p_cansee(curp, p)) { - error = donice(curp, p, uap->prio); + PROC_LOCK(p); + if (!p_cansee(td, p)) { + error = donice(td, p, uap->prio); found++; } + PROC_UNLOCK(p); } break; } case PRIO_USER: if (uap->who == 0) - uap->who = curp->p_ucred->cr_uid; + uap->who = td->td_ucred->cr_uid; sx_slock(&allproc_lock); FOREACH_PROC_IN_SYSTEM(p) { + PROC_LOCK(p); if (p->p_ucred->cr_uid == uap->who && - !p_cansee(curp, p)) { - error = donice(curp, p, uap->prio); + !p_cansee(td, p)) { + error = donice(td, p, uap->prio); found++; } + PROC_UNLOCK(p); } sx_sunlock(&allproc_lock); break; @@ -223,20 +233,22 @@ } static int -donice(curp, chgp, n) - register struct proc *curp, *chgp; +donice(td, chgp, n) + struct thread *td; + register struct proc *chgp; register int n; { int error; - if ((error = p_cansched(curp, chgp))) + PROC_LOCK_ASSERT(chgp, MA_OWNED); + if ((error = p_cansched(td, chgp))) return (error); if (n > PRIO_MAX) n = PRIO_MAX; if (n < PRIO_MIN) n = PRIO_MIN; if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && - suser_xxx(curp->p_ucred, NULL, 0)) + suser(td, 0)) return (EACCES); chgp->p_ksegrp.kg_nice /* XXXKSE */ = n; (void)resetpriority(&chgp->p_ksegrp); /* XXXKSE */ @@ -268,41 +280,40 @@ struct proc *curp = td->td_proc; register struct proc *p; struct rtprio rtp; - int error; + int error, cierror = 0; - mtx_lock(&Giant); + /* Perform copyin before acquiring locks if needed. */ + if (uap->function == RTP_SET) + cierror = copyin(uap->rtp, &rtp, sizeof(struct rtprio)); if (uap->pid == 0) { p = curp; PROC_LOCK(p); } else { p = pfind(uap->pid); - } - - if (p == NULL) { - error = ESRCH; - goto done2; + if (p == NULL) + return (ESRCH); } switch (uap->function) { case RTP_LOOKUP: - if ((error = p_cansee(curp, p))) + if ((error = p_cansee(td, p))) break; mtx_lock_spin(&sched_lock); pri_to_rtp(&p->p_ksegrp.kg_pri /* XXXKSE */ , &rtp); mtx_unlock_spin(&sched_lock); + PROC_UNLOCK(p); error = copyout(&rtp, uap->rtp, sizeof(struct rtprio)); break; case RTP_SET: - if ((error = p_cansched(curp, p)) || - (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio)))) + if ((error = p_cansched(td, p)) || (error = cierror)) break; /* disallow setting rtprio in most cases if not superuser */ - if (suser_xxx(curp->p_ucred, NULL, 0) != 0) { + if (suser(td, 0) != 0) { /* can't set someone else's */ if (uap->pid) { - error = EPERM; - break; + PROC_UNLOCK(p); + return (EPERM); } /* can't set realtime priority */ /* @@ -316,21 +327,19 @@ if (RTP_PRIO_IS_REALTIME(rtp.type)) #endif if (rtp.type != RTP_PRIO_NORMAL) { - error = EPERM; - break; + PROC_UNLOCK(p); + return (EPERM); } } mtx_lock_spin(&sched_lock); error = rtp_to_pri(&rtp, &p->p_ksegrp.kg_pri); mtx_unlock_spin(&sched_lock); + PROC_UNLOCK(p); break; default: error = EINVAL; break; } - PROC_UNLOCK(p); -done2: - mtx_unlock(&Giant); return (error); } @@ -497,7 +506,7 @@ if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = suser_xxx(0, p, PRISON_ROOT))) + if ((error = suser(td, PRISON_ROOT))) return (error); if (limp->rlim_cur > limp->rlim_max) limp->rlim_cur = limp->rlim_max; --- //depot/projects/smpng/sys/kern/kern_shutdown.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/kern_shutdown.c 2002/02/08 14:06:04 @@ -148,7 +148,7 @@ int error; mtx_lock(&Giant); - if ((error = suser_td(td)) == 0) + if ((error = suser(td, 0)) == 0) boot(uap->opt); mtx_unlock(&Giant); return (error); --- //depot/projects/smpng/sys/kern/kern_sig.c 2002/01/11 16:20:35 +++ //depot/user/jhb/proc/kern/kern_sig.c 2002/02/06 21:41:07 @@ -80,7 +80,7 @@ static int do_sigprocmask __P((struct proc *p, int how, sigset_t *set, sigset_t *oset, int old)); static char *expand_name __P((const char *, uid_t, pid_t)); -static int killpg1 __P((struct proc *cp, int sig, int pgid, int all)); +static int killpg1 __P((struct thread *td, int sig, int pgid, int all)); static int sig_ffs __P((sigset_t *set)); static int sigprop __P((int sig)); static void stop __P((struct proc *)); @@ -464,7 +464,7 @@ * through p_sigmask (unless they were caught, * and are now ignored by default). */ - PROC_LOCK(p); + PROC_LOCK_ASSERT(p, MA_OWNED); ps = p->p_sigacts; while (SIGNOTEMPTY(p->p_sigcatch)) { sig = sig_ffs(&p->p_sigcatch); @@ -490,7 +490,6 @@ p->p_procsig->ps_flag &= ~PS_NOCLDWAIT; if (ps->ps_sigact[_SIG_IDX(SIGCHLD)] == SIG_IGN) ps->ps_sigact[_SIG_IDX(SIGCHLD)] = SIG_DFL; - PROC_UNLOCK(p); } /* @@ -973,8 +972,8 @@ * cp is calling process. */ int -killpg1(cp, sig, pgid, all) - register struct proc *cp; +killpg1(td, sig, pgid, all) + register struct thread *td; int sig, pgid, all; { register struct proc *p; @@ -988,11 +987,12 @@ sx_slock(&allproc_lock); LIST_FOREACH(p, &allproc, p_list) { PROC_LOCK(p); - if (p->p_pid <= 1 || p->p_flag & P_SYSTEM || p == cp) { + if (p->p_pid <= 1 || p->p_flag & P_SYSTEM || + p == td->td_proc) { PROC_UNLOCK(p); continue; } - if (p_cansignal(cp, p, sig) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1005,7 +1005,7 @@ /* * zero pgid means send to my process group. */ - pgrp = cp->p_pgrp; + pgrp = td->td_proc->p_pgrp; else { pgrp = pgfind(pgid); if (pgrp == NULL) @@ -1024,7 +1024,7 @@ continue; } mtx_unlock_spin(&sched_lock); - if (p_cansignal(cp, p, sig) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1050,7 +1050,6 @@ register struct thread *td; register struct kill_args *uap; { - register struct proc *cp = td->td_proc; register struct proc *p; int error = 0; @@ -1062,7 +1061,7 @@ /* kill single process */ if ((p = pfind(uap->pid)) == NULL) { error = ESRCH; - } else if (p_cansignal(cp, p, uap->signum)) { + } else if (p_cansignal(td, p, uap->signum)) { PROC_UNLOCK(p); error = EPERM; } else { @@ -1074,13 +1073,13 @@ } else { switch (uap->pid) { case -1: /* broadcast signal */ - error = killpg1(cp, uap->signum, 0, 1); + error = killpg1(td, uap->signum, 0, 1); break; case 0: /* signal own process group */ - error = killpg1(cp, uap->signum, 0, 0); + error = killpg1(td, uap->signum, 0, 0); break; default: /* negative explicit process group */ - error = killpg1(cp, uap->signum, -uap->pid, 0); + error = killpg1(td, uap->signum, -uap->pid, 0); break; } } @@ -1109,7 +1108,7 @@ if ((u_int)uap->signum > _SIG_MAXSIG) return (EINVAL); mtx_lock(&Giant); - error = killpg1(td->td_proc, uap->signum, uap->pgid, 0); + error = killpg1(td, uap->signum, uap->pgid, 0); mtx_unlock(&Giant); return (error); } @@ -1832,7 +1831,7 @@ log(LOG_INFO, "pid %d (%s), uid %d: exited on signal %d%s\n", p->p_pid, p->p_comm, - p->p_ucred ? p->p_ucred->cr_uid : -1, + td->td_ucred ? td->td_ucred->cr_uid : -1, sig &~ WCOREFLAG, sig & WCOREFLAG ? " (core dumped)" : ""); } else { @@ -1939,7 +1938,7 @@ { struct proc *p = td->td_proc; register struct vnode *vp; - register struct ucred *cred = p->p_ucred; + register struct ucred *cred = td->td_ucred; struct flock lf; struct nameidata nd; struct vattr vattr; @@ -1972,7 +1971,7 @@ PROC_UNLOCK(p); restart: - name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); + name = expand_name(p->p_comm, td->td_ucred->cr_uid, p->p_pid); if (name == NULL) return (EINVAL); NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, td); /* XXXKSE */ --- //depot/projects/smpng/sys/kern/kern_sysctl.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/kern/kern_sysctl.c 2002/01/15 08:44:58 @@ -463,7 +463,7 @@ { int error; - error = suser(req->td->td_proc); + error = suser(req->td, 0); if (error) return error; sysctl_sysctl_debug_dump_node(&sysctl__children, 0); @@ -1074,7 +1074,7 @@ if (error) return (error); } else { - error = securelevel_gt(req->td->td_proc->p_ucred, 0); + error = securelevel_gt(req->td->td_ucred, 0); if (error) return (error); } @@ -1089,7 +1089,7 @@ flags = PRISON_ROOT; else flags = 0; - error = suser_xxx(NULL, req->td->td_proc, flags); + error = suser(req->td, flags); if (error) return (error); } --- //depot/projects/smpng/sys/kern/kern_time.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/kern/kern_time.c 2002/02/06 23:07:48 @@ -66,7 +66,7 @@ static int nanosleep1 __P((struct thread *td, struct timespec *rqt, struct timespec *rmt)); -static int settime __P((struct proc *, struct timeval *)); +static int settime __P((struct thread *, struct timeval *)); static void timevalfix __P((struct timeval *)); static void no_lease_updatetime __P((int)); @@ -79,8 +79,8 @@ void (*lease_updatetime) __P((int)) = no_lease_updatetime; static int -settime(p, tv) - struct proc *p; +settime(td, tv) + struct thread *td; struct timeval *tv; { struct timeval delta, tv1, tv2; @@ -104,7 +104,7 @@ * than one second, nor more than once per second. This allows * a miscreant to make the clock march double-time, but no worse. */ - if (securelevel_gt(p->p_ucred, 1) != 0) { + if (securelevel_gt(td->td_ucred, 1) != 0) { if (delta.tv_sec < 0 || delta.tv_usec < 0) { /* * Update maxtime to latest time we've seen. @@ -186,23 +186,18 @@ struct timespec ats; int error; - mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) - goto done2; - if (SCARG(uap, clock_id) != CLOCK_REALTIME) { - error = EINVAL; - goto done2; - } + if ((error = suser(td, 0)) != 0) + return (error); + if (SCARG(uap, clock_id) != CLOCK_REALTIME) + return (EINVAL); if ((error = copyin(SCARG(uap, tp), &ats, sizeof(ats))) != 0) - goto done2; - if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) { - error = EINVAL; - goto done2; - } + return (error); + if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) + return (EINVAL); /* XXX Don't convert nsec->usec and back */ TIMESPEC_TO_TIMEVAL(&atv, &ats); - error = settime(td->td_proc, &atv); -done2: + mtx_lock(&Giant); + error = settime(td, &atv); mtx_unlock(&Giant); return (error); } @@ -374,7 +369,7 @@ mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td, 0))) goto done2; /* Verify all parameters before changing time. */ if (uap->tv) { @@ -391,7 +386,7 @@ (error = copyin((caddr_t)uap->tzp, (caddr_t)&atz, sizeof(atz)))) { goto done2; } - if (uap->tv && (error = settime(td->td_proc, &atv))) + if (uap->tv && (error = settime(td, &atv))) goto done2; if (uap->tzp) tz = atz; @@ -425,7 +420,7 @@ mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td, 0))) goto done2; error = copyin((caddr_t)uap->delta, (caddr_t)&atv, sizeof(struct timeval)); --- //depot/projects/smpng/sys/kern/kern_xxx.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/kern/kern_xxx.c 2002/01/15 09:05:41 @@ -97,7 +97,7 @@ name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; mtx_lock(&Giant); - if ((error = suser_xxx(0, td->td_proc, PRISON_ROOT)) == 0) { + if ((error = suser(td, PRISON_ROOT)) == 0) { error = userland_sysctl(td, name, 2, 0, 0, 0, uap->hostname, uap->len, 0); } @@ -143,7 +143,7 @@ int error; mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td, 0))) hostid = uap->hostid; mtx_unlock(&Giant); return (error); @@ -298,7 +298,7 @@ int error, domainnamelen; mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td, 0))) goto done2; if ((u_int)uap->len > sizeof (domainname) - 1) { error = EINVAL; --- //depot/projects/smpng/sys/kern/link_aout.c 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/kern/link_aout.c 2002/02/06 23:07:48 @@ -194,7 +194,6 @@ { struct nameidata nd; struct thread *td = curthread; /* XXX */ - struct proc *p = td->td_proc; int error = 0; int resid, flags; struct exec header; @@ -212,7 +211,7 @@ * Read the a.out header from the file. */ error = vn_rdwr(UIO_READ, nd.ni_vp, (void*) &header, sizeof header, 0, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) goto out; @@ -237,7 +236,7 @@ */ error = vn_rdwr(UIO_READ, nd.ni_vp, (void*) af->address, header.a_text + header.a_data, 0, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) goto out; bzero(af->address + header.a_text + header.a_data, header.a_bss); @@ -269,7 +268,7 @@ if (error && lf) linker_file_unload(lf); VOP_UNLOCK(nd.ni_vp, 0, td); - vn_close(nd.ni_vp, FREAD, p->p_ucred, td); + vn_close(nd.ni_vp, FREAD, td->td_ucred, td); return error; } --- //depot/projects/smpng/sys/kern/link_elf.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/kern/link_elf.c 2002/02/06 23:07:48 @@ -517,7 +517,6 @@ { struct nameidata nd; struct thread* td = curthread; /* XXX */ - struct proc* p = td->td_proc; /* XXX */ Elf_Ehdr *hdr; caddr_t firstpage; int nbytes, i; @@ -567,7 +566,7 @@ } hdr = (Elf_Ehdr *)firstpage; error = vn_rdwr(UIO_READ, nd.ni_vp, firstpage, PAGE_SIZE, 0, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); nbytes = PAGE_SIZE - resid; if (error) goto out; @@ -706,7 +705,7 @@ caddr_t segbase = mapbase + segs[i]->p_vaddr - base_vaddr; error = vn_rdwr(UIO_READ, nd.ni_vp, segbase, segs[i]->p_filesz, segs[i]->p_offset, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) { goto out; } @@ -766,7 +765,7 @@ } error = vn_rdwr(UIO_READ, nd.ni_vp, (caddr_t)shdr, nbytes, hdr->e_shoff, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) goto out; symtabindex = -1; @@ -791,12 +790,12 @@ } error = vn_rdwr(UIO_READ, nd.ni_vp, ef->symbase, symcnt, shdr[symtabindex].sh_offset, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) goto out; error = vn_rdwr(UIO_READ, nd.ni_vp, ef->strbase, strcnt, shdr[symstrindex].sh_offset, - UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, td); + UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td); if (error) goto out; @@ -828,7 +827,7 @@ if (firstpage) free(firstpage, M_LINKER); VOP_UNLOCK(nd.ni_vp, 0, td); - vn_close(nd.ni_vp, FREAD, p->p_ucred, td); + vn_close(nd.ni_vp, FREAD, td->td_ucred, td); return error; } --- //depot/projects/smpng/sys/kern/subr_prf.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/subr_prf.c 2002/02/08 14:06:04 @@ -833,7 +833,7 @@ int error; if (!unprivileged_read_msgbuf) { - error = suser_td(req->td); + error = suser(req->td, 0); if (error) return (error); } --- //depot/projects/smpng/sys/kern/subr_witness.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/subr_witness.c 2002/02/08 14:06:04 @@ -210,6 +210,7 @@ { "ng_node", &lock_class_mtx_spin }, { "ng_worklist", &lock_class_mtx_spin }, { "ithread table lock", &lock_class_mtx_spin }, + { "ithread", &lock_class_mtx_spin }, { "sched lock", &lock_class_mtx_spin }, { "callout", &lock_class_mtx_spin }, /* --- //depot/projects/smpng/sys/kern/sys_process.c 2001/10/23 16:38:14 +++ //depot/user/jhb/proc/kern/sys_process.c 2002/02/06 23:07:48 @@ -103,8 +103,12 @@ * usage in that process can be messed up. */ vm = p->p_vmspace; - if ((p->p_flag & P_WEXIT)) + PROC_LOCK_ASSERT(p, MA_OWNED); + if ((p->p_flag & P_WEXIT)) { + PROC_UNLOCK(p); return (EFAULT); + } + PROC_UNLOCK(p); if (vm->vm_refcnt < 1) return (EFAULT); ++vm->vm_refcnt; @@ -272,31 +276,70 @@ } r; int error = 0; int write; + int proctree_locked = 0; + /* + * Do copyin() early before getting locks and lock proctree before + * locking the process. + */ + switch (uap->req) { + case PT_TRACE_ME: + case PT_ATTACH: + case PT_STEP: + case PT_CONTINUE: + case PT_DETACH: + sx_xlock(&proctree_lock); + proctree_locked = 1; + break; +#ifdef PT_SETREGS + case PT_SETREGS: + error = copyin(uap->addr, &r.reg, sizeof r.reg); + if (error) + return (error); + break; +#endif /* PT_SETREGS */ +#ifdef PT_SETFPREGS + case PT_SETFPREGS: + error = copyin(uap->addr, &r.fpreg, sizeof r.fpreg); + if (error) + return (error); + break; +#endif /* PT_SETFPREGS */ +#ifdef PT_SETDBREGS + case PT_SETDBREGS: + error = copyin(uap->addr, &r.dbreg, sizeof r.dbreg); + if (error) + return (error); + break; +#endif /* PT_SETDBREGS */ + default: + } + write = 0; if (uap->req == PT_TRACE_ME) { p = curp; PROC_LOCK(p); } else { - if ((p = pfind(uap->pid)) == NULL) + if ((p = pfind(uap->pid)) == NULL) { + if (proctree_locked) + sx_xunlock(&proctree_lock); return (ESRCH); + } } - if (p_cansee(curp, p)) { - PROC_UNLOCK(p); - return (ESRCH); + if (p_cansee(td, p)) { + error = ESRCH; + goto fail; } - if ((error = p_candebug(curp, p)) != 0) { - PROC_UNLOCK(p); - return (error); - } + if ((error = p_candebug(td, p)) != 0) + goto fail; /* * Don't debug system processes! */ if ((p->p_flag & P_SYSTEM) != 0) { - PROC_UNLOCK(p); - return (EINVAL); + error = EINVAL; + goto fail; } /* @@ -310,14 +353,14 @@ case PT_ATTACH: /* Self */ if (p->p_pid == curp->p_pid) { - PROC_UNLOCK(p); - return (EINVAL); + error = EINVAL; + goto fail; } /* Already traced */ if (p->p_flag & P_TRACED) { - PROC_UNLOCK(p); - return (EBUSY); + error = EBUSY; + goto fail; } /* OK */ @@ -351,34 +394,30 @@ #endif /* not being traced... */ if ((p->p_flag & P_TRACED) == 0) { - PROC_UNLOCK(p); - return (EPERM); + error = EPERM; + goto fail; } /* not being traced by YOU */ if (p->p_pptr != curp) { - PROC_UNLOCK(p); - return (EBUSY); + error = EBUSY; + goto fail; } /* not currently stopped */ - mtx_lock_spin(&sched_lock); if (p->p_stat != SSTOP || (p->p_flag & P_WAITED) == 0) { - mtx_unlock_spin(&sched_lock); - PROC_UNLOCK(p); - return (EBUSY); + error = EBUSY; + goto fail; } - mtx_unlock_spin(&sched_lock); /* OK */ break; default: - PROC_UNLOCK(p); - return (EINVAL); + error = EINVAL; + goto fail; } - PROC_UNLOCK(p); #ifdef FIX_SSTEP /* * Single step fixup ala procfs @@ -395,39 +434,33 @@ switch (uap->req) { case PT_TRACE_ME: /* set my trace flag and "owner" so it can read/write me */ - sx_xlock(&proctree_lock); - PROC_LOCK(p); p->p_flag |= P_TRACED; p->p_oppid = p->p_pptr->p_pid; - PROC_UNLOCK(p); - sx_xunlock(&proctree_lock); return (0); case PT_ATTACH: /* security check done above */ - sx_xlock(&proctree_lock); - PROC_LOCK(p); p->p_flag |= P_TRACED; p->p_oppid = p->p_pptr->p_pid; if (p->p_pptr != curp) proc_reparent(p, curp); - PROC_UNLOCK(p); - sx_xunlock(&proctree_lock); uap->data = SIGSTOP; goto sendsig; /* in PT_CONTINUE below */ case PT_STEP: case PT_CONTINUE: case PT_DETACH: - if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG)) - return (EINVAL); + if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG)) { + error = EINVAL; + goto fail; + } - PHOLD(p); + _PHOLD(p); if (uap->req == PT_STEP) { if ((error = ptrace_single_step(&p->p_thread))) { - PRELE(p); - return (error); + _PRELE(p); + goto fail; } } @@ -435,18 +468,18 @@ fill_kinfo_proc(p, &p->p_uarea->u_kproc); if ((error = ptrace_set_pc(&p->p_thread, (u_long)(uintfptr_t)uap->addr))) { - PRELE(p); - return (error); + _PRELE(p); + goto fail; } } - PRELE(p); + _PRELE(p); if (uap->req == PT_DETACH) { /* reset process parent */ - sx_xlock(&proctree_lock); if (p->p_oppid != p->p_pptr->p_pid) { struct proc *pp; + PROC_UNLOCK(p); pp = pfind(p->p_oppid); if (pp != NULL) PROC_UNLOCK(pp); @@ -454,33 +487,27 @@ pp = initproc; PROC_LOCK(p); proc_reparent(p, pp); - } else - PROC_LOCK(p); + } p->p_flag &= ~(P_TRACED | P_WAITED); p->p_oppid = 0; - PROC_UNLOCK(p); - sx_xunlock(&proctree_lock); - /* should we send SIGCHLD? */ } sendsig: + if (proctree_locked) + sx_xunlock(&proctree_lock); /* deliver or queue signal */ - PROC_LOCK(p); - mtx_lock_spin(&sched_lock); if (p->p_stat == SSTOP) { p->p_xstat = uap->data; + mtx_lock_spin(&sched_lock); setrunnable(&p->p_thread); /* XXXKSE */ mtx_unlock_spin(&sched_lock); - } else { - mtx_unlock_spin(&sched_lock); - if (uap->data) - psignal(p, uap->data); - - } + } else if (uap->data) + psignal(p, uap->data); PROC_UNLOCK(p); + return (0); case PT_WRITE_I: @@ -522,20 +549,19 @@ #ifdef PT_SETREGS case PT_SETREGS: - error = copyin(uap->addr, &r.reg, sizeof r.reg); - if (error == 0) { - PHOLD(p); - error = proc_write_regs(&p->p_thread, &r.reg); - PRELE(p); - } + _PHOLD(p); + error = proc_write_regs(&p->p_thread, &r.reg); + _PRELE(p); + PROC_UNLOCK(p); return (error); #endif /* PT_SETREGS */ #ifdef PT_GETREGS case PT_GETREGS: - PHOLD(p); + _PHOLD(p); error = proc_read_regs(&p->p_thread, &r.reg); - PRELE(p); + _PRELE(p); + PROC_UNLOCK(p); if (error == 0) error = copyout(&r.reg, uap->addr, sizeof r.reg); return (error); @@ -543,12 +569,10 @@ #ifdef PT_SETFPREGS case PT_SETFPREGS: - error = copyin(uap->addr, &r.fpreg, sizeof r.fpreg); - if (error == 0) { - PHOLD(p); - error = proc_write_fpregs(&p->p_thread, &r.fpreg); - PRELE(p); - } + _PHOLD(p); + error = proc_write_fpregs(&p->p_thread, &r.fpreg); + _PRELE(p); + PROC_UNLOCK(p); return (error); #endif /* PT_SETFPREGS */ @@ -564,20 +588,19 @@ #ifdef PT_SETDBREGS case PT_SETDBREGS: - error = copyin(uap->addr, &r.dbreg, sizeof r.dbreg); - if (error == 0) { - PHOLD(p); - error = proc_write_dbregs(&p->p_thread, &r.dbreg); - PRELE(p); - } + _PHOLD(p); + error = proc_write_dbregs(&p->p_thread, &r.dbreg); + _PRELE(p); + PROC_UNLOCK(p); return (error); #endif /* PT_SETDBREGS */ #ifdef PT_GETDBREGS case PT_GETDBREGS: - PHOLD(p); + _PHOLD(p); error = proc_read_dbregs(&p->p_thread, &r.dbreg); - PRELE(p); + _PRELE(p); + PROC_UNLOCK(p); if (error == 0) error = copyout(&r.dbreg, uap->addr, sizeof r.dbreg); return (error); @@ -590,6 +613,12 @@ KASSERT(0, ("unreachable code\n")); return (0); + +fail: + PROC_UNLOCK(p); + if (proctree_locked) + sx_xunlock(&proctree_lock); + return (error); } int --- //depot/projects/smpng/sys/kern/sysv_ipc.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/kern/sysv_ipc.c 2002/01/15 09:05:41 @@ -76,12 +76,12 @@ struct ipc_perm *perm; int mode; { - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; /* Check for user match. */ if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { if (mode & IPC_M) - return (suser_td(td) == 0 ? 0 : EPERM); + return (suser(td, 0) == 0 ? 0 : EPERM); /* Check for group match. */ mode >>= 3; if (!groupmember(perm->gid, cred) && @@ -93,5 +93,5 @@ if (mode & IPC_M) return (0); return ((mode & perm->mode) == mode || - suser_td(td) == 0 ? 0 : EACCES); + suser(td, 0) == 0 ? 0 : EACCES); } --- //depot/projects/smpng/sys/kern/sysv_msg.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/kern/sysv_msg.c 2002/01/15 09:05:41 @@ -288,17 +288,12 @@ { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) { - error = EINVAL; - goto done2; - } error = (*msgcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } @@ -353,12 +348,10 @@ #ifdef MSG_DEBUG_OK printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { @@ -428,7 +421,7 @@ if ((error = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0) goto done2; if (msqbuf.msg_qbytes > msqptr->msg_qbytes) { - error = suser_td(td); + error = suser(td, 0); if (error) goto done2; } @@ -498,19 +491,17 @@ int msqid, error = 0; int key = uap->key; int msgflg = uap->msgflg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; register struct msqid_ds *msqptr = NULL; #ifdef MSG_DEBUG_OK printf("msgget(0x%x, 0%o)\n", key, msgflg); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (key != IPC_PRIVATE) { for (msqid = 0; msqid < msginfo.msgmni; msqid++) { msqptr = &msqids[msqid]; @@ -630,12 +621,10 @@ printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz, msgflg); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { @@ -974,12 +963,10 @@ msgsz, msgtyp, msgflg); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { --- //depot/projects/smpng/sys/kern/sysv_sem.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/kern/sysv_sem.c 2002/02/06 23:07:48 @@ -274,17 +274,12 @@ { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) { - error = EINVAL; - goto done2; - } error = (*semcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } @@ -489,7 +484,7 @@ int cmd = uap->cmd; union semun *arg = uap->arg; union semun real_arg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; int i, rval, error; struct semid_ds sbuf; register struct semid_ds *semaptr; @@ -498,23 +493,21 @@ #ifdef SEM_DEBUG printf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - switch(cmd) { case SEM_STAT: if (semid < 0 || semid >= seminfo.semmsl) - return(EINVAL); + UGAR(EINVAL); semaptr = &sema[semid]; if ((semaptr->sem_perm.mode & SEM_ALLOC) == 0 ) - return(EINVAL); + UGAR(EINVAL); if ((error = ipcperm(td, &semaptr->sem_perm, IPC_R))) - return(error); + UGAR(error); if ((error = copyin(arg, &real_arg, sizeof(real_arg))) != 0) - return(error); + UGAR(error); error = copyout((caddr_t)semaptr, real_arg.buf, sizeof(struct semid_ds)); rval = IXSEQ_TO_IPCID(semid,semaptr->sem_perm); @@ -706,17 +699,15 @@ int key = uap->key; int nsems = uap->nsems; int semflg = uap->semflg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; #ifdef SEM_DEBUG printf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (key != IPC_PRIVATE) { for (semid = 0; semid < seminfo.semmni; semid++) { if ((sema[semid].sem_perm.mode & SEM_ALLOC) && @@ -847,12 +838,10 @@ printf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops); #endif + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - semid = IPCID_TO_IX(semid); /* Convert back to zero origin */ if (semid < 0 || semid >= seminfo.semmsl) { --- //depot/projects/smpng/sys/kern/sysv_shm.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/kern/sysv_shm.c 2002/02/06 23:07:48 @@ -261,7 +261,7 @@ int error = 0; mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(p->p_ucred)) { + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) { error = ENOSYS; goto done2; } @@ -313,11 +313,9 @@ int rv; int error = 0; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(p->p_ucred)) { - error = ENOSYS; - goto done2; - } shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; if (shmmap_s == NULL) { size = shminfo.shmseg * sizeof(struct shmmap_state); @@ -425,11 +423,9 @@ struct shmid_ds *shmseg; struct oshmid_ds outbuf; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } shmseg = shm_find_segment_by_shmid(uap->shmid); if (shmseg == NULL) { error = EINVAL; @@ -486,11 +482,9 @@ struct shmid_ds inbuf; struct shmid_ds *shmseg; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } switch (uap->cmd) { case IPC_INFO: error = copyout( (caddr_t)&shminfo, uap->buf, sizeof( shminfo ) ); @@ -620,7 +614,7 @@ int mode; { int i, segnum, shmid, size; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct shmid_ds *shmseg; struct shm_handle *shm_handle; @@ -706,11 +700,9 @@ int segnum, mode; int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } mode = uap->shmflg & ACCESSPERMS; if (uap->key != IPC_PRIVATE) { again: @@ -748,17 +740,12 @@ { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) { - error = EINVAL; - goto done2; - } error = (*shmcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } --- //depot/projects/smpng/sys/kern/tty.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/kern/tty.c 2002/01/15 07:44:40 @@ -713,10 +713,12 @@ int flag; void *data; { - register struct proc *p; + struct thread *td; + struct proc *p; int s, error; - p = curproc; /* XXX */ + td = curthread; /* XXX */ + p = td->td_proc; /* If the ioctl involves modification, hang if in the background. */ switch (cmd) { @@ -822,7 +824,7 @@ ISSET(constty->t_state, TS_CONNECTED)) return (EBUSY); #ifndef UCONSOLE - if ((error = suser_xxx(p->p_ucred, NULL, 0)) != 0) + if ((error = suser(td, 0)) != 0) return (error); #endif constty = tp; @@ -994,9 +996,9 @@ splx(s); break; case TIOCSTI: /* simulate terminal input */ - if ((flag & FREAD) == 0 && suser_xxx(p->p_ucred, NULL, 0)) + if ((flag & FREAD) == 0 && suser(td, 0)) return (EPERM); - if (!isctty(p, tp) && suser_xxx(p->p_ucred, NULL, 0)) + if (!isctty(p, tp) && suser(td, 0)) return (EACCES); s = spltty(); (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp); @@ -1044,7 +1046,7 @@ } break; case TIOCSDRAINWAIT: - error = suser_xxx(p->p_ucred, NULL, 0); + error = suser(td, 0); if (error) return (error); tp->t_timeout = *(int *)data * hz; --- //depot/projects/smpng/sys/kern/tty_cons.c 2001/12/11 15:57:19 +++ //depot/user/jhb/proc/kern/tty_cons.c 2002/01/15 09:05:41 @@ -360,7 +360,7 @@ return ((*devsw(dev)->d_open)(dev, openflag, 0, td)); } cnd->cnd_vp = NULL; - vn_close(vp, openflag, td->td_proc->p_ucred, td); + vn_close(vp, openflag, td->td_ucred, td); } if (cnd->cnd_name[0] == '\0') strncpy(cnd->cnd_name, devtoname(cnd->cnd_cn->cn_dev), @@ -374,7 +374,7 @@ if (nd.ni_vp->v_type == VCHR) cnd->cnd_vp = nd.ni_vp; else - vn_close(nd.ni_vp, openflag, td->td_proc->p_ucred, td); + vn_close(nd.ni_vp, openflag, td->td_ucred, td); } return (cnd->cnd_vp != NULL); } @@ -403,7 +403,7 @@ if ((vp = cnd->cnd_vp) == NULL) continue; cnd->cnd_vp = NULL; - vn_close(vp, openflag, td->td_proc->p_ucred, td); + vn_close(vp, openflag, td->td_ucred, td); } cn_is_open = 0; return (0); @@ -456,7 +456,7 @@ * output from the "virtual" console. */ if (cmd == TIOCCONS && constty) { - error = suser_td(td); + error = suser(td, 0); if (error) return (error); constty = NULL; --- //depot/projects/smpng/sys/kern/tty_pty.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/kern/tty_pty.c 2002/02/06 23:07:48 @@ -169,7 +169,6 @@ int flag, devtype; struct thread *td; { - struct proc *p = td->td_proc; register struct tty *tp; int error; struct pt_ioctl *pti; @@ -185,9 +184,9 @@ tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser_xxx(p->p_ucred, NULL, 0)) { + } else if (tp->t_state & TS_XCLUDE && suser_cred(td->td_ucred, 0)) { return (EBUSY); - } else if (pti->pt_prison != p->p_ucred->cr_prison) { + } else if (pti->pt_prison != td->td_ucred->cr_prison) { return (EBUSY); } if (tp->t_oproc) /* Ctrlr still around. */ @@ -333,7 +332,6 @@ int flag, devtype; struct thread *td; { - struct proc *p = td->td_proc; register struct tty *tp; struct pt_ioctl *pti; @@ -350,7 +348,7 @@ (void)(*linesw[tp->t_line].l_modem)(tp, 1); tp->t_lflag &= ~EXTPROC; pti = dev->si_drv1; - pti->pt_prison = p->p_ucred->cr_prison; + pti->pt_prison = td->td_ucred->cr_prison; pti->pt_flags = 0; pti->pt_send = 0; pti->pt_ucntl = 0; --- //depot/projects/smpng/sys/kern/tty_tty.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/kern/tty_tty.c 2002/01/14 16:16:26 @@ -172,7 +172,7 @@ if (ttyvp == NULL) /* try operation to get EOF/failure */ return (seltrue(dev, events, td)); - return (VOP_POLL(ttyvp, events, td->td_proc->p_ucred, td)); + return (VOP_POLL(ttyvp, events, td->td_ucred, td)); } static void ctty_clone __P((void *arg, char *name, int namelen, dev_t *dev)); --- //depot/projects/smpng/sys/kern/uipc_socket.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/uipc_socket.c 2002/02/08 14:06:04 @@ -157,7 +157,7 @@ if (prp == 0 || prp->pr_usrreqs->pru_attach == 0) return (EPROTONOSUPPORT); - if (jailed(td->td_proc->p_ucred) && jail_socket_unixiproute_only && + if (jailed(td->td_ucred) && jail_socket_unixiproute_only && prp->pr_domain->dom_family != PF_LOCAL && prp->pr_domain->dom_family != PF_INET && prp->pr_domain->dom_family != PF_ROUTE) { --- //depot/projects/smpng/sys/kern/uipc_syscalls.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/uipc_syscalls.c 2002/02/08 14:06:04 @@ -133,7 +133,7 @@ goto done2; fhold(fp); error = socreate(uap->domain, &so, uap->type, uap->protocol, - td->td_proc->p_ucred, td); + td->td_ucred, td); FILEDESC_LOCK(fdp); if (error) { if (fdp->fd_ofiles[fd] == fp) { @@ -490,11 +490,11 @@ mtx_lock(&Giant); error = socreate(uap->domain, &so1, uap->type, uap->protocol, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error) goto done2; error = socreate(uap->domain, &so2, uap->type, uap->protocol, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error) goto free1; error = falloc(td, &fp1, &fd); @@ -1804,7 +1804,7 @@ auio.uio_td = td; vn_lock(vp, LK_SHARED | LK_NOPAUSE | LK_RETRY, td); error = VOP_READ(vp, &auio, IO_VMIO | ((MAXBSIZE / bsize) << 16), - td->td_proc->p_ucred); + td->td_ucred); VOP_UNLOCK(vp, 0, td); vm_page_flag_clear(pg, PG_ZERO); vm_page_io_finish(pg); --- //depot/projects/smpng/sys/kern/uipc_usrreq.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/uipc_usrreq.c 2002/02/08 14:06:04 @@ -93,7 +93,7 @@ static void unp_discard __P((struct file *)); static void unp_freerights __P((struct file **, int)); static int unp_internalize __P((struct mbuf **, struct thread *)); -static int unp_listen __P((struct unpcb *, struct proc *)); +static int unp_listen __P((struct unpcb *, struct thread *)); static int uipc_abort(struct socket *so) @@ -202,7 +202,7 @@ if (unp == 0 || unp->unp_vnode == 0) return EINVAL; - return unp_listen(unp, td->td_proc); + return unp_listen(unp, td); } static int @@ -634,7 +634,7 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); FILEDESC_UNLOCK(td->td_proc->p_fd); - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); @@ -682,7 +682,7 @@ error = ENOTSOCK; goto bad; } - error = VOP_ACCESS(vp, VWRITE, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td); if (error) goto bad; so2 = vp->v_socket; @@ -716,9 +716,9 @@ * (which is now). */ memset(&unp3->unp_peercred, '\0', sizeof(unp3->unp_peercred)); - unp3->unp_peercred.cr_uid = td->td_proc->p_ucred->cr_uid; - unp3->unp_peercred.cr_ngroups = td->td_proc->p_ucred->cr_ngroups; - memcpy(unp3->unp_peercred.cr_groups, td->td_proc->p_ucred->cr_groups, + unp3->unp_peercred.cr_uid = td->td_ucred->cr_uid; + unp3->unp_peercred.cr_ngroups = td->td_ucred->cr_ngroups; + memcpy(unp3->unp_peercred.cr_groups, td->td_ucred->cr_groups, sizeof(unp3->unp_peercred.cr_groups)); unp3->unp_flags |= UNP_HAVEPC; /* @@ -855,7 +855,7 @@ for (unp = LIST_FIRST(head), i = 0; unp && i < n; unp = LIST_NEXT(unp, unp_link)) { if (unp->unp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_proc->p_ucred, + if (cr_cansee(req->td->td_ucred, unp->unp_socket->so_cred)) continue; unp_list[i++] = unp; @@ -1142,14 +1142,14 @@ cmcred = (struct cmsgcred *) CMSG_DATA(mtod(*controlp, struct cmsghdr *)); cmcred->cmcred_pid = p->p_pid; - cmcred->cmcred_uid = p->p_ucred->cr_ruid; - cmcred->cmcred_gid = p->p_ucred->cr_rgid; - cmcred->cmcred_euid = p->p_ucred->cr_uid; - cmcred->cmcred_ngroups = MIN(p->p_ucred->cr_ngroups, + cmcred->cmcred_uid = td->td_ucred->cr_ruid; + cmcred->cmcred_gid = td->td_ucred->cr_rgid; + cmcred->cmcred_euid = td->td_ucred->cr_uid; + cmcred->cmcred_ngroups = MIN(td->td_ucred->cr_ngroups, CMGROUP_MAX); for (i = 0; i < cmcred->cmcred_ngroups; i++) cmcred->cmcred_groups[i] = - p->p_ucred->cr_groups[i]; + td->td_ucred->cr_groups[i]; break; case SCM_RIGHTS: @@ -1430,15 +1430,15 @@ } static int -unp_listen(unp, p) +unp_listen(unp, td) struct unpcb *unp; - struct proc *p; + struct thread *td; { bzero(&unp->unp_peercred, sizeof(unp->unp_peercred)); - unp->unp_peercred.cr_uid = p->p_ucred->cr_uid; - unp->unp_peercred.cr_ngroups = p->p_ucred->cr_ngroups; - bcopy(p->p_ucred->cr_groups, unp->unp_peercred.cr_groups, + unp->unp_peercred.cr_uid = td->td_ucred->cr_uid; + unp->unp_peercred.cr_ngroups = td->td_ucred->cr_ngroups; + bcopy(td->td_ucred->cr_groups, unp->unp_peercred.cr_groups, sizeof(unp->unp_peercred.cr_groups)); unp->unp_flags |= UNP_HAVEPCCACHED; return (0); --- //depot/projects/smpng/sys/kern/vfs_lookup.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/vfs_lookup.c 2002/02/08 14:06:04 @@ -104,7 +104,7 @@ struct thread *td = cnp->cn_thread; struct proc *p = td->td_proc; - ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_proc->p_ucred; + ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred; KASSERT(cnp->cn_cred && p, ("namei: bad cred/proc")); KASSERT((cnp->cn_nameiop & (~OPMASK)) == 0, ("namei: nameiop contaminated with flags")); --- //depot/projects/smpng/sys/kern/vfs_subr.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/vfs_subr.c 2002/02/08 14:06:04 @@ -818,7 +818,7 @@ splx(s); - vfs_object_create(vp, td, td->td_proc->p_ucred); + vfs_object_create(vp, td, td->td_ucred); #if 0 vnodeallocs++; @@ -1244,7 +1244,7 @@ if (VOP_ISLOCKED(vp, NULL) == 0 && vn_start_write(vp, &mp, V_NOWAIT) == 0) { vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - (void) VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_LAZY, td); + (void) VOP_FSYNC(vp, td->td_ucred, MNT_LAZY, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); } @@ -3121,7 +3121,7 @@ return (0); privcheck: - if (!suser_xxx(cred, NULL, PRISON_ROOT)) { + if (!suser_cred(cred, PRISON_ROOT)) { /* XXX audit: privilege used */ if (privused != NULL) *privused = 1; --- //depot/projects/smpng/sys/kern/vfs_syscalls.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/vfs_syscalls.c 2002/02/08 14:06:04 @@ -198,7 +198,7 @@ return (ENAMETOOLONG); if (usermount == 0) { - error = suser_td(td); + error = suser(td, 0); if (error) return (error); } @@ -206,14 +206,14 @@ * Do not allow NFS export by non-root users. */ if (fsflags & MNT_EXPORTED) { - error = suser_td(td); + error = suser(td, 0); if (error) return (error); } /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users */ - if (suser_xxx(td->td_proc->p_ucred, 0, 0)) + if (suser(td, 0)) fsflags |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -244,8 +244,8 @@ * Only root, or the user that did the original mount is * permitted to update it. */ - if (mp->mnt_stat.f_owner != td->td_proc->p_ucred->cr_uid) { - error = suser_td(td); + if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { + error = suser(td, 0); if (error) { vput(vp); return (error); @@ -274,19 +274,19 @@ * If the user is not root, ensure that they own the directory * onto which we are attempting to mount. */ - error = VOP_GETATTR(vp, &va, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, &va, td->td_ucred, td); if (error) { vput(vp); return (error); } - if (va.va_uid != td->td_proc->p_ucred->cr_uid) { - error = suser_td(td); + if (va.va_uid != td->td_ucred->cr_uid) { + error = suser(td, 0); if (error) { vput(vp); return (error); } } - if ((error = vinvalbuf(vp, V_SAVE, td->td_proc->p_ucred, td, 0, 0)) + if ((error = vinvalbuf(vp, V_SAVE, td->td_ucred, td, 0, 0)) != 0) { vput(vp); return (error); @@ -302,7 +302,7 @@ linker_file_t lf; /* Only load modules for root (very important!) */ - error = suser_td(td); + error = suser(td, 0); if (error) { vput(vp); return error; @@ -352,7 +352,7 @@ strncpy(mp->mnt_stat.f_fstypename, fstype, MFSNAMELEN); mp->mnt_stat.f_fstypename[MFSNAMELEN - 1] = '\0'; mp->mnt_vnodecovered = vp; - mp->mnt_stat.f_owner = td->td_proc->p_ucred->cr_uid; + mp->mnt_stat.f_owner = td->td_ucred->cr_uid; strncpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); mp->mnt_stat.f_mntonname[MNAMELEN - 1] = '\0'; mp->mnt_iosize_max = DFLTPHYS; @@ -516,8 +516,8 @@ * Only root, or the user that did the original mount is * permitted to unmount this filesystem. */ - if (mp->mnt_stat.f_owner != td->td_proc->p_ucred->cr_uid) { - error = suser_td(td); + if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { + error = suser(td, 0); if (error) { vput(vp); return (error); @@ -588,7 +588,7 @@ vput(fsrootvp); } if (((mp->mnt_flag & MNT_RDONLY) || - (error = VFS_SYNC(mp, MNT_WAIT, td->td_proc->p_ucred, td)) == 0) || + (error = VFS_SYNC(mp, MNT_WAIT, td->td_ucred, td)) == 0) || (flags & MNT_FORCE)) { error = VFS_UNMOUNT(mp, flags, td); } @@ -667,7 +667,7 @@ mp->mnt_flag &= ~MNT_ASYNC; vfs_msync(mp, MNT_NOWAIT); VFS_SYNC(mp, MNT_NOWAIT, - ((td != NULL) ? td->td_proc->p_ucred : NOCRED), td); + ((td != NULL) ? td->td_ucred : NOCRED), td); mp->mnt_flag |= asyncflag; vn_finished_write(mp); } @@ -721,7 +721,7 @@ int error; struct nameidata nd; - if (jailed(td->td_proc->p_ucred) && !prison_quotas) + if (jailed(td->td_ucred) && !prison_quotas) return (EPERM); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), td); if ((error = namei(&nd)) != 0) @@ -772,7 +772,7 @@ if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_proc->p_ucred, 0, 0)) { + if (suser(td, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -815,7 +815,7 @@ if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_proc->p_ucred, 0, 0)) { + if (suser(td, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -923,7 +923,7 @@ if (vp->v_type != VDIR) error = ENOTDIR; else - error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td); while (!error && (mp = vp->v_mountedhere) != NULL) { if (vfs_busy(mp, 0, 0, td)) continue; @@ -1046,7 +1046,7 @@ struct nameidata nd; struct vnode *vp; - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser(td, PRISON_ROOT); if (error) return (error); FILEDESC_LOCK(fdp); @@ -1093,7 +1093,7 @@ if (vp->v_type != VDIR) error = ENOTDIR; else - error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td); if (error) vput(vp); else @@ -1237,11 +1237,11 @@ if (flags & O_TRUNC) { if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) goto bad; - VOP_LEASE(vp, td, p->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); VATTR_NULL(&vat); vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_SETATTR(vp, &vat, p->p_ucred, td); + error = VOP_SETATTR(vp, &vat, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); if (error) @@ -1329,10 +1329,10 @@ switch (SCARG(uap, mode) & S_IFMT) { case S_IFCHR: case S_IFBLK: - error = suser_td(td); + error = suser(td, 0); break; default: - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser(td, PRISON_ROOT); break; } if (error) @@ -1380,7 +1380,7 @@ goto restart; } if (!error) { - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); if (whiteout) error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE); else { @@ -1444,7 +1444,7 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); if (error == 0) vput(nd.ni_vp); @@ -1497,8 +1497,8 @@ vrele(nd.ni_vp); error = EEXIST; } else { - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd); } NDFREE(&nd, NDF_ONLY_PNBUF); @@ -1561,7 +1561,7 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, path); NDFREE(&nd, NDF_ONLY_PNBUF); if (error == 0) @@ -1612,7 +1612,7 @@ return (error); goto restart; } - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE); NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); @@ -1668,10 +1668,10 @@ return (error); goto restart; } - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (!error) { - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); } NDFREE(&nd, NDF_ONLY_PNBUF); @@ -1704,7 +1704,7 @@ syscallarg(int) whence; } */ *uap; { - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; struct file *fp; struct vnode *vp; struct vattr vattr; @@ -1838,7 +1838,6 @@ int error; struct nameidata nd; - cred = td->td_proc->p_ucred; /* * Create and modify a temporary credential instead of one that * is potentially shared. This could also mess up socket @@ -1847,11 +1846,16 @@ * XXX - Depending on how "threads" are finally implemented, it * may be better to explicitly pass the credential to namei() * rather than to modify the potentially shared process structure. + * XXX - Once NDINIT() is changed to use td_ucred, we can safely + * just change the thread's ucred temporarily and restore it before + * returning without problems. */ - tmpcred = crdup(cred); + tmpcred = crget(); + cred = td->td_ucred; + crcopy(tmpcred, cred); tmpcred->cr_uid = cred->cr_ruid; tmpcred->cr_groups[0] = cred->cr_rgid; - td->td_proc->p_ucred = tmpcred; + td->td_ucred = tmpcred; NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE, SCARG(uap, path), td); if ((error = namei(&nd)) != 0) @@ -1862,7 +1866,7 @@ NDFREE(&nd, NDF_ONLY_PNBUF); vput(vp); out1: - td->td_proc->p_ucred = cred; + td->td_ucred = cred; crfree(tmpcred); return (error); } @@ -1894,7 +1898,7 @@ return (error); vp = nd.ni_vp; - error = vn_access(vp, SCARG(uap, flags), td->td_proc->p_ucred, td); + error = vn_access(vp, SCARG(uap, flags), td->td_ucred, td); NDFREE(&nd, NDF_ONLY_PNBUF); vput(vp); return (error); @@ -2258,7 +2262,7 @@ auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; auio.uio_resid = SCARG(uap, count); - error = VOP_READLINK(vp, &auio, td->td_proc->p_ucred); + error = VOP_READLINK(vp, &auio, td->td_ucred); } vput(vp); td->td_retval[0] = SCARG(uap, count) - auio.uio_resid; @@ -2285,19 +2289,18 @@ * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = suser_xxx(td->td_proc->p_ucred, td->td_proc, - PRISON_ROOT); + error = suser(td, PRISON_ROOT); if (error) return (error); } if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); VATTR_NULL(&vattr); vattr.va_flags = flags; - error = VOP_SETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); @@ -2376,11 +2379,11 @@ if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); VATTR_NULL(&vattr); vattr.va_mode = mode & ALLPERMS; - error = VOP_SETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2492,12 +2495,12 @@ if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); VATTR_NULL(&vattr); vattr.va_uid = uid; vattr.va_gid = gid; - error = VOP_SETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2640,14 +2643,14 @@ if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); VATTR_NULL(&vattr); vattr.va_atime = ts[0]; vattr.va_mtime = ts[1]; if (nullflag) vattr.va_vaflags |= VA_UTIMES_NULL; - error = VOP_SETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2793,15 +2796,15 @@ return (error); } NDFREE(&nd, NDF_ONLY_PNBUF); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (vp->v_type == VDIR) error = EISDIR; else if ((error = vn_writechk(vp)) == 0 && - (error = VOP_ACCESS(vp, VWRITE, td->td_proc->p_ucred, td)) == 0) { + (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { VATTR_NULL(&vattr); vattr.va_size = SCARG(uap, length); - error = VOP_SETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); } vput(vp); vn_finished_write(mp); @@ -2847,7 +2850,7 @@ fdrop(fp, td); return (error); } - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (vp->v_type == VDIR) error = EISDIR; @@ -3043,12 +3046,12 @@ error = -1; out: if (!error) { - VOP_LEASE(tdvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(tdvp, td, td->td_ucred, LEASE_WRITE); if (fromnd.ni_dvp != tdvp) { - VOP_LEASE(fromnd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(fromnd.ni_dvp, td, td->td_ucred, LEASE_WRITE); } if (tvp) { - VOP_LEASE(tvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(tvp, td, td->td_ucred, LEASE_WRITE); } error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd, tond.ni_dvp, tond.ni_vp, &tond.ni_cnd); @@ -3140,7 +3143,7 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); @@ -3209,8 +3212,8 @@ return (error); goto restart; } - VOP_LEASE(nd.ni_dvp, td, td->td_proc->p_ucred, LEASE_WRITE); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); vn_finished_write(mp); out: @@ -3536,11 +3539,11 @@ error = EINVAL; goto out; } - error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, &vattr, td->td_ucred, td); if (error) goto out; - if (td->td_proc->p_ucred->cr_uid != vattr.va_uid) { - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + if (td->td_ucred->cr_uid != vattr.va_uid) { + error = suser(td, PRISON_ROOT); if (error) goto out; } @@ -3609,7 +3612,7 @@ /* * Must be super user */ - error = suser_td(td); + error = suser(td, 0); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->fname, td); @@ -3665,7 +3668,7 @@ /* * Must be super user */ - error = suser_td(td); + error = suser(td, 0); if (error) return (error); @@ -3716,7 +3719,7 @@ if (fmode & FREAD) mode |= VREAD; if (mode) { - error = VOP_ACCESS(vp, mode, p->p_ucred, td); + error = VOP_ACCESS(vp, mode, td->td_ucred, td); if (error) goto bad; } @@ -3726,23 +3729,23 @@ vrele(vp); return (error); } - VOP_LEASE(vp, td, p->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */ VATTR_NULL(vap); vap->va_size = 0; - error = VOP_SETATTR(vp, vap, p->p_ucred, td); + error = VOP_SETATTR(vp, vap, td->td_ucred, td); vn_finished_write(mp); if (error) goto bad; } - error = VOP_OPEN(vp, fmode, p->p_ucred, td); + error = VOP_OPEN(vp, fmode, td->td_ucred, td); if (error) goto bad; /* * Make sure that a VM object is created for VMIO support. */ if (vn_canvmio(vp) == TRUE) { - if ((error = vfs_object_create(vp, td, p->p_ucred)) != 0) + if ((error = vfs_object_create(vp, td, td->td_ucred)) != 0) goto bad; } if (fmode & FWRITE) @@ -3803,7 +3806,7 @@ fp->f_flag |= FHASLOCK; } if ((vp->v_type == VREG) && (VOP_GETVOBJECT(vp, NULL) != 0)) - vfs_object_create(vp, td, p->p_ucred); + vfs_object_create(vp, td, td->td_ucred); VOP_UNLOCK(vp, 0, td); fdrop(fp, td); @@ -3841,7 +3844,7 @@ /* * Must be super user */ - error = suser_td(td); + error = suser(td, 0); if (error) return (error); @@ -3888,7 +3891,7 @@ /* * Must be super user */ - error = suser_td(td); + error = suser(td, 0); if (error) return (error); @@ -3905,7 +3908,7 @@ if ((error = VFS_STATFS(mp, sp, td)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_proc->p_ucred, 0, 0)) { + if (suser(td, 0)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -4014,7 +4017,7 @@ if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); iovlen = iovcnt * sizeof(struct iovec); @@ -4046,7 +4049,7 @@ } cnt = auio.uio_resid; error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, - td->td_proc->p_ucred, td); + td->td_ucred, td); cnt -= auio.uio_resid; td->td_retval[0] = cnt; done: @@ -4128,7 +4131,7 @@ u_int iovlen, cnt; int error, i; - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_READ); + VOP_LEASE(vp, td, td->td_ucred, LEASE_READ); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); iovlen = iovcnt * sizeof (struct iovec); @@ -4160,7 +4163,7 @@ } cnt = auio.uio_resid; error = VOP_GETEXTATTR(vp, attrnamespace, attrname, &auio, - td->td_proc->p_ucred, td); + td->td_ucred, td); cnt -= auio.uio_resid; td->td_retval[0] = cnt; done: @@ -4240,11 +4243,11 @@ if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); - VOP_LEASE(vp, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL, - td->td_proc->p_ucred, td); + td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); --- //depot/projects/smpng/sys/kern/vfs_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/kern/vfs_vnops.c 2002/02/08 14:06:04 @@ -83,7 +83,7 @@ { struct thread *td = ndp->ni_cnd.cn_thread; - return (vn_open_cred(ndp, flagp, cmode, td->td_proc->p_ucred)); + return (vn_open_cred(ndp, flagp, cmode, td->td_ucred)); } /* @@ -501,7 +501,7 @@ u_short mode; vap = &vattr; - error = VOP_GETATTR(vp, vap, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, vap, td->td_ucred, td); if (error) return (error); @@ -584,7 +584,7 @@ } sb->st_flags = vap->va_flags; - if (suser_xxx(td->td_proc->p_ucred, 0, 0)) + if (suser(td, 0)) sb->st_gen = 0; else sb->st_gen = vap->va_gen; @@ -617,7 +617,7 @@ case VREG: case VDIR: if (com == FIONREAD) { - error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, &vattr, td->td_ucred, td); if (error) return (error); *(int *)data = vattr.va_size - fp->f_offset; @@ -640,7 +640,7 @@ *(int *)data = devsw(vp->v_rdev)->d_flags & D_TYPEMASK; return (0); } - error = VOP_IOCTL(vp, com, data, fp->f_flag, td->td_proc->p_ucred, td); + error = VOP_IOCTL(vp, com, data, fp->f_flag, td->td_ucred, td); if (error == 0 && com == TIOCSCTTY) { /* Do nothing if reassigning same control tty */ @@ -851,7 +851,7 @@ mp->mnt_kern_flag |= MNTK_SUSPEND; if (mp->mnt_writeopcount > 0) (void) tsleep(&mp->mnt_writeopcount, PUSER - 1, "suspwt", 0); - VFS_SYNC(mp, MNT_WAIT, td->td_proc->p_ucred, td); + VFS_SYNC(mp, MNT_WAIT, td->td_ucred, td); mp->mnt_kern_flag |= MNTK_SUSPENDED; } --- //depot/projects/smpng/sys/net/if.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/if.c 2002/02/08 14:06:04 @@ -1177,7 +1177,7 @@ break; case SIOCSIFFLAGS: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); ifr->ifr_prevflags = ifp->if_flags; @@ -1202,7 +1202,7 @@ break; case SIOCSIFCAP: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); if (ifr->ifr_reqcap & ~ifp->if_capabilities) @@ -1211,7 +1211,7 @@ break; case SIOCSIFMETRIC: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); ifp->if_metric = ifr->ifr_metric; @@ -1219,7 +1219,7 @@ break; case SIOCSIFPHYS: - error = suser_td(td); + error = suser(td, 0); if (error) return error; if (!ifp->if_ioctl) @@ -1233,7 +1233,7 @@ { u_long oldmtu = ifp->if_mtu; - error = suser_td(td); + error = suser(td, 0); if (error) return (error); if (ifr->ifr_mtu < IF_MINMTU || ifr->ifr_mtu > IF_MAXMTU) @@ -1258,7 +1258,7 @@ case SIOCADDMULTI: case SIOCDELMULTI: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); @@ -1288,7 +1288,7 @@ case SIOCSLIFPHYADDR: case SIOCSIFMEDIA: case SIOCSIFGENERIC: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); if (ifp->if_ioctl == NULL) @@ -1313,7 +1313,7 @@ break; case SIOCSIFLLADDR: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); error = if_setlladdr(ifp, @@ -1352,7 +1352,7 @@ switch (cmd) { case SIOCIFCREATE: case SIOCIFDESTROY: - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); return ((cmd == SIOCIFCREATE) ? if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)) : @@ -1529,8 +1529,8 @@ if (space < sizeof(ifr)) break; - if (jailed(curproc->p_ucred) && - prison_if(curproc->p_ucred, sa)) + if (jailed(curthread->td_ucred) && + prison_if(curthread->td_ucred, sa)) continue; addrs++; #ifdef COMPAT_43 --- //depot/projects/smpng/sys/net/if_ppp.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/if_ppp.c 2002/02/08 14:06:04 @@ -376,7 +376,7 @@ break; case PPPIOCSFLAGS: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; flags = *(int *)data & SC_MASK; s = splsoftnet(); @@ -390,7 +390,7 @@ break; case PPPIOCSMRU: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return (error); mru = *(int *)data; if (mru >= PPP_MRU && mru <= PPP_MAXMRU) @@ -403,7 +403,7 @@ #ifdef VJC case PPPIOCSMAXCID: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (sc->sc_comp) { s = splsoftnet(); @@ -414,14 +414,14 @@ #endif case PPPIOCXFERUNIT: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; sc->sc_xfer = p->p_pid; break; #ifdef PPP_COMPRESS case PPPIOCSCOMPRESS: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; odp = (struct ppp_option_data *) data; nb = odp->length; @@ -497,7 +497,7 @@ if (cmd == PPPIOCGNPMODE) { npi->mode = sc->sc_npmode[npx]; } else { - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (npi->mode != sc->sc_npmode[npx]) { s = splsoftnet(); @@ -573,7 +573,7 @@ u_long cmd; caddr_t data; { - struct proc *p = curproc; /* XXX */ + struct thread *td = curthread; /* XXX */ register struct ppp_softc *sc = &ppp_softc[ifp->if_unit]; register struct ifaddr *ifa = (struct ifaddr *)data; register struct ifreq *ifr = (struct ifreq *)data; @@ -623,7 +623,7 @@ break; case SIOCSIFMTU: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (ifr->ifr_mtu > PPP_MAXMTU) error = EINVAL; --- //depot/projects/smpng/sys/net/if_sl.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/if_sl.c 2002/02/08 14:06:04 @@ -340,7 +340,7 @@ register struct sl_softc *sc; int s, error; - error = suser_td(curthread); + error = suser(curthread, 0); if (error) return (error); --- //depot/projects/smpng/sys/net/if_tap.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/if_tap.c 2002/02/08 14:06:04 @@ -399,7 +399,7 @@ int unit, error; struct resource *r = NULL; - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); unit = dev2unit(dev) & TAPMAXUNIT; --- //depot/projects/smpng/sys/net/if_tun.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/if_tun.c 2002/02/08 14:06:04 @@ -533,7 +533,7 @@ if (tunp->mtu < IF_MINMTU) return (EINVAL); if (tp->tun_if.if_mtu != tunp->mtu - && (error = suser_td(td)) != 0) + && (error = suser(td, 0)) != 0) return (error); tp->tun_if.if_mtu = tunp->mtu; tp->tun_if.if_type = tunp->type; --- //depot/projects/smpng/sys/net/net_osdep.h 2001/07/17 20:39:48 +++ //depot/user/jhb/proc/net/net_osdep.h 2002/01/15 09:05:41 @@ -79,6 +79,10 @@ * struct proc *p; * if (p && !suser(p)) * privileged; + * FreeBSD 5 + * struct thread *td; + * if (suser(td, 0)) + * privileged; * OpenBSD, BSDI [34], FreeBSD 2 * struct socket *so; * if (so->so_state & SS_PRIV) --- //depot/projects/smpng/sys/net/ppp_tty.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/ppp_tty.c 2002/02/08 14:06:04 @@ -175,7 +175,7 @@ register struct ppp_softc *sc; int error, s; - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) return (error); s = spltty(); @@ -444,7 +444,7 @@ error = 0; switch (cmd) { case PPPIOCSASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) break; sc->sc_asyncmap[0] = *(u_int *)data; break; @@ -454,7 +454,7 @@ break; case PPPIOCSRASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) break; sc->sc_rasyncmap = *(u_int *)data; break; @@ -464,7 +464,7 @@ break; case PPPIOCSXASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) break; s = spltty(); bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap)); --- //depot/projects/smpng/sys/net/raw_usrreq.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/net/raw_usrreq.c 2002/01/15 09:05:41 @@ -157,7 +157,7 @@ if (rp == 0) return EINVAL; - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; return raw_attach(so, proto); } --- //depot/projects/smpng/sys/net/rtsock.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/net/rtsock.c 2002/02/08 14:06:04 @@ -333,7 +333,7 @@ * Verify that the caller has the appropriate privilege; RTM_GET * is the only operation the non-superuser is allowed. */ - if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0) + if (rtm->rtm_type != RTM_GET && (error = suser(curthread, 0)) != 0) senderr(error); switch (rtm->rtm_type) { @@ -968,8 +968,8 @@ while ((ifa = TAILQ_NEXT(ifa, ifa_link)) != 0) { if (af && af != ifa->ifa_addr->sa_family) continue; - if (jailed(curproc->p_ucred) && - prison_if(curproc->p_ucred, ifa->ifa_addr)) + if (jailed(curthread->td_ucred) && + prison_if(curthread->td_ucred, ifa->ifa_addr)) continue; ifaaddr = ifa->ifa_addr; netmask = ifa->ifa_netmask; --- //depot/projects/smpng/sys/netatalk/at_control.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/netatalk/at_control.c 2002/01/15 09:05:41 @@ -99,7 +99,7 @@ /* * If we are not superuser, then we don't get to do these ops. */ - if ( suser_td(td) ) { + if ( suser(td, 0) ) { return( EPERM ); } --- //depot/projects/smpng/sys/netatalk/ddp_usrreq.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netatalk/ddp_usrreq.c 2002/02/08 14:06:04 @@ -254,7 +254,7 @@ return( EINVAL ); } if ( sat->sat_port < ATPORT_RESERVED && - suser_td(td) ) { + suser(td, 0) ) { return( EACCES ); } } --- //depot/projects/smpng/sys/netatm/atm_usrreq.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/netatm/atm_usrreq.c 2002/01/15 09:05:41 @@ -192,7 +192,7 @@ struct atmcfgreq *acp = (struct atmcfgreq *)data; struct atm_pif *pip; - if (td && (suser_td(td) != 0)) + if (td && (suser(td, 0) != 0)) ATM_RETERR(EPERM); switch (acp->acr_opcode) { @@ -225,7 +225,7 @@ struct atmaddreq *aap = (struct atmaddreq *)data; Atm_endpoint *epp; - if (td && (suser_td(td) != 0)) + if (td && (suser(td, 0) != 0)) ATM_RETERR(EPERM); switch (aap->aar_opcode) { @@ -275,7 +275,7 @@ struct sigmgr *smp; Atm_endpoint *epp; - if (td && (suser_td(td) != 0)) + if (td && (suser(td, 0) != 0)) ATM_RETERR(EPERM); switch (adp->adr_opcode) { @@ -328,7 +328,7 @@ struct sigmgr *smp; struct ifnet *ifp2; - if (td && (suser_td(td) != 0)) + if (td && (suser(td, 0) != 0)) ATM_RETERR(EPERM); switch (asp->asr_opcode) { --- //depot/projects/smpng/sys/netgraph/ng_ksocket.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/netgraph/ng_ksocket.c 2002/01/14 15:36:00 @@ -588,7 +588,7 @@ /* Create the socket */ error = socreate(family, &priv->so, type, protocol, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error != 0) return (error); --- //depot/projects/smpng/sys/netgraph/ng_socket.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netgraph/ng_socket.c 2002/02/08 14:06:04 @@ -166,7 +166,7 @@ { struct ngpcb *const pcbp = sotongpcb(so); - if (suser_td(td)) + if (suser(td, 0)) return (EPERM); if (pcbp != NULL) return (EISCONN); --- //depot/projects/smpng/sys/netgraph/ng_tty.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netgraph/ng_tty.c 2002/02/08 14:06:04 @@ -190,7 +190,7 @@ int s, error; /* Super-user only */ - if ((error = suser_td(td))) + if ((error = suser(td, 0))) return (error); s = splnet(); (void) spltty(); /* XXX is this necessary? */ --- //depot/projects/smpng/sys/netinet/in.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/netinet/in.c 2002/01/15 09:05:41 @@ -204,7 +204,7 @@ switch (cmd) { case SIOCALIFADDR: case SIOCDLIFADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; /*fall through*/ case SIOCGLIFADDR: @@ -263,7 +263,7 @@ case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; if (ifp == 0) @@ -301,7 +301,7 @@ break; case SIOCSIFBRDADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; /* FALLTHROUGH */ --- //depot/projects/smpng/sys/netinet/in_pcb.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netinet/in_pcb.c 2002/02/08 14:06:04 @@ -178,7 +178,6 @@ struct sockaddr *nam; struct thread *td; { - struct proc *p = td->td_proc; register struct socket *so = inp->inp_socket; unsigned short *lastport; struct sockaddr_in *sin; @@ -206,7 +205,7 @@ return (EAFNOSUPPORT); #endif if (sin->sin_addr.s_addr != INADDR_ANY) - if (prison_ip(p->p_ucred, 0, &sin->sin_addr.s_addr)) + if (prison_ip(td->td_ucred, 0, &sin->sin_addr.s_addr)) return(EINVAL); lport = sin->sin_port; if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { @@ -228,10 +227,10 @@ if (lport) { struct inpcb *t; /* GROSS */ - if (ntohs(lport) < IPPORT_RESERVED && p && - suser_xxx(0, p, PRISON_ROOT)) + if (ntohs(lport) < IPPORT_RESERVED && td && + suser(td, PRISON_ROOT)) return (EACCES); - if (p && jailed(p->p_ucred)) + if (td && jailed(td->td_ucred)) prison = 1; if (so->so_cred->cr_uid != 0 && !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { @@ -257,7 +256,7 @@ } } if (prison && - prison_ip(p->p_ucred, 0, &sin->sin_addr.s_addr)) + prison_ip(td->td_ucred, 0, &sin->sin_addr.s_addr)) return (EADDRNOTAVAIL); t = in_pcblookup_local(pcbinfo, sin->sin_addr, lport, prison ? 0 : wild); @@ -281,7 +280,7 @@ int count; if (inp->inp_laddr.s_addr != INADDR_ANY) - if (prison_ip(p->p_ucred, 0, &inp->inp_laddr.s_addr )) { + if (prison_ip(td->td_ucred, 0, &inp->inp_laddr.s_addr )) { inp->inp_laddr.s_addr = INADDR_ANY; return (EINVAL); } @@ -292,7 +291,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if (p && (error = suser_xxx(0, p, PRISON_ROOT))) { + if (td && (error = suser(td, PRISON_ROOT))) { inp->inp_laddr.s_addr = INADDR_ANY; return error; } @@ -352,7 +351,7 @@ } } inp->inp_lport = lport; - if (prison_ip(p->p_ucred, 0, &inp->inp_laddr.s_addr)) { + if (prison_ip(td->td_ucred, 0, &inp->inp_laddr.s_addr)) { inp->inp_laddr.s_addr = INADDR_ANY; inp->inp_lport = 0; return (EINVAL); @@ -1032,11 +1031,11 @@ } int -prison_xinpcb(struct proc *p, struct inpcb *inp) +prison_xinpcb(struct thread *td, struct inpcb *inp) { - if (!jailed(p->p_ucred)) + if (!jailed(td->td_ucred)) return (0); - if (ntohl(inp->inp_laddr.s_addr) == prison_getip(p->p_ucred)) + if (ntohl(inp->inp_laddr.s_addr) == prison_getip(td->td_ucred)) return (0); return (1); } --- //depot/projects/smpng/sys/netinet/in_pcb.h 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/netinet/in_pcb.h 2002/01/14 15:41:28 @@ -335,7 +335,7 @@ int in_setpeeraddr __P((struct socket *so, struct sockaddr **nam)); int in_setsockaddr __P((struct socket *so, struct sockaddr **nam)); void in_pcbremlists __P((struct inpcb *inp)); -int prison_xinpcb __P((struct proc *p, struct inpcb *inp)); +int prison_xinpcb __P((struct thread *td, struct inpcb *inp)); #endif /* _KERNEL */ #endif /* !_NETINET_IN_PCB_H_ */ --- //depot/projects/smpng/sys/netinet/ip_divert.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/netinet/ip_divert.c 2002/01/15 09:05:41 @@ -344,7 +344,7 @@ inp = sotoinpcb(so); if (inp) panic("div_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; error = soreserve(so, div_sendspace, div_recvspace); @@ -486,8 +486,7 @@ s = splnet(); for (inp = LIST_FIRST(divcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - if (inp->inp_gencnt <= gencnt && !prison_xinpcb( - req->td->td_proc, inp)) + if (inp->inp_gencnt <= gencnt && !prison_xinpcb(req->td, inp)) inp_list[i++] = inp; } splx(s); --- //depot/projects/smpng/sys/netinet/ip_dummynet.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/netinet/ip_dummynet.c 2002/01/14 15:36:00 @@ -1830,7 +1830,7 @@ /* Disallow sets in really-really secure mode. */ if (sopt->sopt_dir == SOPT_SET) { - error = securelevel_ge(sopt->sopt_td->td_proc->p_ucred, 3); + error = securelevel_ge(sopt->sopt_td->td_ucred, 3); if (error) return (error); } --- //depot/projects/smpng/sys/netinet/ip_fw.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/netinet/ip_fw.c 2002/01/14 15:36:00 @@ -1938,7 +1938,7 @@ */ if (sopt->sopt_name == IP_FW_ADD || (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG)) { - error = securelevel_ge(sopt->sopt_td->td_proc->p_ucred, 3); + error = securelevel_ge(sopt->sopt_td->td_ucred, 3); if (error) return (error); } --- //depot/projects/smpng/sys/netinet/ip_output.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netinet/ip_output.c 2002/02/08 14:06:04 @@ -1288,7 +1288,7 @@ if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ break; priv = (sopt->sopt_td != NULL && - suser_td(sopt->sopt_td) != 0) ? 0 : 1; + suser(sopt->sopt_td, 0) != 0) ? 0 : 1; req = mtod(m, caddr_t); len = m->m_len; optname = sopt->sopt_name; --- //depot/projects/smpng/sys/netinet/raw_ip.c 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/netinet/raw_ip.c 2002/02/06 23:03:03 @@ -466,7 +466,7 @@ inp = sotoinpcb(so); if (inp) panic("rip_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; error = soreserve(so, rip_sendspace, rip_recvspace); @@ -628,7 +628,7 @@ for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_proc->p_ucred, + if (cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred)) continue; inp_list[i++] = inp; --- //depot/projects/smpng/sys/netinet/tcp_subr.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netinet/tcp_subr.c 2002/02/08 14:06:04 @@ -848,7 +848,7 @@ for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_proc->p_ucred, + if (cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred)) continue; inp_list[i++] = inp; @@ -906,7 +906,7 @@ struct inpcb *inp; int error, s; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser(req->td, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -919,7 +919,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_proc->p_ucred, inp->inp_socket->so_cred); + error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); if (error) goto out; bzero(&xuc, sizeof(xuc)); @@ -946,7 +946,7 @@ struct inpcb *inp; int error, s, mapped = 0; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser(req->td, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -975,7 +975,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_proc->p_ucred, inp->inp_socket->so_cred); + error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); if (error) goto out; bzero(&xuc, sizeof(xuc)); --- //depot/projects/smpng/sys/netinet/tcp_usrreq.c 2001/11/27 10:31:40 +++ //depot/user/jhb/proc/netinet/tcp_usrreq.c 2002/01/14 15:36:00 @@ -330,8 +330,8 @@ goto out; } - if (td && jailed(td->td_proc->p_ucred)) - prison_remote_ip(td->td_proc->p_ucred, 0, &sinp->sin_addr.s_addr); + if (td && jailed(td->td_ucred)) + prison_remote_ip(td->td_ucred, 0, &sinp->sin_addr.s_addr); if ((error = tcp_connect(tp, nam, td)) != 0) goto out; --- //depot/projects/smpng/sys/netinet/udp_usrreq.c 2001/11/12 16:32:44 +++ //depot/user/jhb/proc/netinet/udp_usrreq.c 2002/01/15 07:44:40 @@ -583,7 +583,7 @@ for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_proc->p_ucred, + if (cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred)) continue; inp_list[i++] = inp; @@ -635,7 +635,7 @@ struct inpcb *inp; int error, s; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser(req->td, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -648,7 +648,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_proc->p_ucred, inp->inp_socket->so_cred); + error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); if (error) goto out; bzero(&xuc, sizeof(xuc)); @@ -690,8 +690,8 @@ if (addr) { sin = (struct sockaddr_in *)addr; - if (td && jailed(td->td_proc->p_ucred)) - prison_remote_ip(td->td_proc->p_ucred, 0, &sin->sin_addr.s_addr); + if (td && jailed(td->td_ucred)) + prison_remote_ip(td->td_ucred, 0, &sin->sin_addr.s_addr); laddr = inp->inp_laddr; if (inp->inp_faddr.s_addr != INADDR_ANY) { error = EISCONN; @@ -860,8 +860,8 @@ return EISCONN; s = splnet(); sin = (struct sockaddr_in *)nam; - if (td && jailed(td->td_proc->p_ucred)) - prison_remote_ip(td->td_proc->p_ucred, 0, &sin->sin_addr.s_addr); + if (td && jailed(td->td_ucred)) + prison_remote_ip(td->td_ucred, 0, &sin->sin_addr.s_addr); error = in_pcbconnect(inp, nam, td); splx(s); if (error == 0) --- //depot/projects/smpng/sys/netinet6/in6.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/netinet6/in6.c 2002/01/15 09:05:41 @@ -376,7 +376,7 @@ int privileged; privileged = 0; - if (td == NULL || !suser_td(td)) + if (td == NULL || !suser(td, 0)) privileged++; switch (cmd) { --- //depot/projects/smpng/sys/netinet6/in6_pcb.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/netinet6/in6_pcb.c 2002/01/15 07:44:40 @@ -183,7 +183,7 @@ /* GROSS */ if (ntohs(lport) < IPV6PORT_RESERVED && td && - suser_xxx(0, td->td_proc, PRISON_ROOT)) + suser(td, PRISON_ROOT)) return(EACCES); if (so->so_cred->cr_uid != 0 && !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { --- //depot/projects/smpng/sys/netinet6/in6_prefix.c 2001/07/17 20:39:48 +++ //depot/user/jhb/proc/netinet6/in6_prefix.c 2002/02/08 12:43:41 @@ -649,7 +649,7 @@ if (rap->ra_flags.anycast != 0) ifra.ifra_flags |= IN6_IFF_ANYCAST; error = in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, rpp->rp_ifp, - curproc); + curthread); if (error != 0) { log(LOG_ERR, "in6_prefix.c: add_each_addr: addition of an addr" "%s/%d failed because in6_control failed for error %d\n", --- //depot/projects/smpng/sys/netinet6/in6_src.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netinet6/in6_src.c 2002/02/08 14:06:04 @@ -349,7 +349,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if (td && (error = suser_td(td))) + if (td && (error = suser(td, 0))) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */ --- //depot/projects/smpng/sys/netinet6/ip6_input.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/netinet6/ip6_input.c 2002/02/06 23:07:48 @@ -1135,12 +1135,20 @@ struct ip6_hdr *ip6; struct mbuf *m; { +#if __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ +#else struct proc *p = curproc; /* XXX */ +#endif int privileged = 0; int rthdr_exist = 0; +#if __FreeBSD__ >= 5 + if (!suser(td, 0)) +#else if (p && !suser(p)) +#endif privileged++; #ifdef SO_TIMESTAMP --- //depot/projects/smpng/sys/netinet6/ip6_output.c 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/netinet6/ip6_output.c 2002/01/15 09:05:41 @@ -1285,7 +1285,7 @@ } error = optval = 0; - privileged = (td == 0 || suser_td(td)) ? 0 : 1; + privileged = (td == 0 || suser(td, 0)) ? 0 : 1; if (level == IPPROTO_IPV6) { switch (op) { @@ -1735,7 +1735,7 @@ } /* set options specified by user. */ - if (td && !suser_td(td)) + if (td && !suser(td, 0)) priv = 1; if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) { ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */ @@ -1991,7 +1991,7 @@ * all multicast addresses. Only super user is allowed * to do this. */ - if (suser_td(td)) + if (suser(td, 0)) { error = EACCES; break; @@ -2098,7 +2098,7 @@ } mreq = mtod(m, struct ipv6_mreq *); if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) { - if (suser_td(td)) { + if (suser(td, 0)) { error = EACCES; break; } --- //depot/projects/smpng/sys/netinet6/raw_ip6.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/netinet6/raw_ip6.c 2002/01/15 09:05:41 @@ -544,7 +544,7 @@ inp = sotoinpcb(so); if (inp) panic("rip6_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return error; error = soreserve(so, rip_sendspace, rip_recvspace); --- //depot/projects/smpng/sys/netinet6/udp6_output.c 2001/09/27 18:02:49 +++ //depot/user/jhb/proc/netinet6/udp6_output.c 2002/01/15 09:05:41 @@ -140,7 +140,7 @@ struct sockaddr_in6 tmp; priv = 0; - if (td && !suser_td(td)) + if (td && !suser(td, 0)) priv = 1; if (control) { if ((error = ip6_setpktoptions(control, &opt, priv, 0)) != 0) --- //depot/projects/smpng/sys/netinet6/udp6_usrreq.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netinet6/udp6_usrreq.c 2002/02/08 14:06:04 @@ -465,7 +465,7 @@ struct inpcb *inp; int error, s; - error = suser(req->td->td_proc); + error = suser(req->td, 0); if (error) return (error); --- //depot/projects/smpng/sys/netipx/ipx.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/netipx/ipx.c 2002/01/15 09:05:41 @@ -108,7 +108,7 @@ return (0); } - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td, 0)) != 0) return (error); switch (cmd) { --- //depot/projects/smpng/sys/netipx/ipx_pcb.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/netipx/ipx_pcb.c 2002/01/15 09:05:41 @@ -99,7 +99,7 @@ int error; if (aport < IPXPORT_RESERVED && - td != NULL && (error = suser_td(td)) != 0) + td != NULL && (error = suser(td, 0)) != 0) return (error); if (ipx_pcblookup(&zeroipx_addr, lport, 0)) return (EADDRINUSE); --- //depot/projects/smpng/sys/netipx/ipx_usrreq.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/netipx/ipx_usrreq.c 2002/01/15 09:05:41 @@ -602,7 +602,7 @@ int s; struct ipxpcb *ipxp = sotoipxpcb(so); - if (td != NULL && (error = suser_td(td)) != 0) + if (td != NULL && (error = suser(td, 0)) != 0) return (error); s = splnet(); error = ipx_pcballoc(so, &ipxrawpcb, td); --- //depot/projects/smpng/sys/netncp/ncp_subr.h 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/netncp/ncp_subr.h 2002/01/15 07:44:40 @@ -84,7 +84,7 @@ #define checkbad(fn) {error=(fn);if(error) goto bad;} -#define ncp_suser(cred) suser_xxx(cred, NULL, 0) +#define ncp_suser(cred) suser_cred(cred, 0) #define ncp_isowner(conn,cred) ((cred)->cr_uid == (conn)->nc_owner->cr_uid) --- //depot/projects/smpng/sys/netsmb/smb_conn.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/netsmb/smb_conn.c 2002/01/14 15:17:07 @@ -833,7 +833,7 @@ struct smb_share_info ssi; int error, itype; - smb_makescred(&scred, td, td->td_proc->p_ucred); + smb_makescred(&scred, td, td->td_ucred); error = smb_sm_lockvclist(LK_SHARED, td); if (error) return error; --- //depot/projects/smpng/sys/netsmb/smb_dev.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/netsmb/smb_dev.c 2002/02/08 14:06:04 @@ -123,8 +123,7 @@ nsmb_dev_open(dev_t dev, int oflags, int devtype, struct thread *td) { struct smb_dev *sdp; - struct proc *p = td->td_proc; - struct ucred *cred = p->p_ucred; + struct ucred *cred = td->td_ucred; int s; sdp = SMB_GETDEV(dev); --- //depot/projects/smpng/sys/netsmb/smb_subr.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/netsmb/smb_subr.c 2002/01/14 15:17:07 @@ -60,7 +60,7 @@ { if (td) { scred->scr_td = td; - scred->scr_cred = cred ? cred : td->td_proc->p_ucred; + scred->scr_cred = cred ? cred : td->td_ucred; } else { scred->scr_td = NULL; scred->scr_cred = cred ? cred : NULL; --- //depot/projects/smpng/sys/netsmb/smb_subr.h 2001/12/10 15:20:41 +++ //depot/user/jhb/proc/netsmb/smb_subr.h 2002/01/15 07:44:40 @@ -70,7 +70,7 @@ SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \ SIGISMEMBER(set, SIGQUIT)) -#define smb_suser(cred) suser_xxx(cred, NULL, 0) +#define smb_suser(cred) suser_cred(cred, 0) /* * Compatibility wrappers for simple locks --- //depot/projects/smpng/sys/netsmb/smb_trantcp.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/netsmb/smb_trantcp.c 2002/01/14 15:17:07 @@ -227,7 +227,7 @@ int error, s; error = socreate(AF_INET, &so, SOCK_STREAM, IPPROTO_TCP, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error) return error; nbp->nbp_tso = so; --- //depot/projects/smpng/sys/nfsclient/bootp_subr.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/nfsclient/bootp_subr.c 2002/01/14 15:17:07 @@ -587,8 +587,7 @@ /* * Create socket and set its recieve timeout. */ - error = socreate(AF_INET, &so, SOCK_DGRAM, 0, td->td_proc->p_ucred, - td); + error = socreate(AF_INET, &so, SOCK_DGRAM, 0, td->td_ucred, td); if (error != 0) goto out; @@ -973,8 +972,7 @@ struct ifaddr *ifa; struct sockaddr_dl *sdl; - error = socreate(AF_INET, &ifctx->so, SOCK_DGRAM, 0, - td->td_proc->p_ucred, td); + error = socreate(AF_INET, &ifctx->so, SOCK_DGRAM, 0, td->td_ucred, td); if (error != 0) panic("nfs_boot: socreate, error=%d", error); --- //depot/projects/smpng/sys/nfsclient/krpc_subr.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/nfsclient/krpc_subr.c 2002/01/14 15:17:07 @@ -216,8 +216,7 @@ /* * Create socket and set its recieve timeout. */ - if ((error = socreate(AF_INET, &so, SOCK_DGRAM, 0, - td->td_proc->p_ucred, td))) + if ((error = socreate(AF_INET, &so, SOCK_DGRAM, 0, td->td_ucred, td))) goto out; tv.tv_sec = 1; --- //depot/projects/smpng/sys/nfsclient/nfs_bio.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/nfsclient/nfs_bio.c 2002/02/08 14:06:04 @@ -105,7 +105,7 @@ vp = ap->a_vp; td = curthread; /* XXX */ - cred = curthread->td_proc->p_ucred; /* XXX */ + cred = curthread->td_ucred; /* XXX */ nmp = VFSTONFS(vp->v_mount); pages = ap->a_m; count = ap->a_count; @@ -266,7 +266,7 @@ vp = ap->a_vp; np = VTONFS(vp); td = curthread; /* XXX */ - cred = curthread->td_proc->p_ucred; /* XXX */ + cred = curthread->td_ucred; /* XXX */ nmp = VFSTONFS(vp->v_mount); pages = ap->a_m; count = ap->a_count; --- //depot/projects/smpng/sys/nfsclient/nfs_lock.c 2001/11/14 10:48:09 +++ //depot/user/jhb/proc/nfsclient/nfs_lock.c 2002/01/15 08:44:58 @@ -140,7 +140,7 @@ msg.lm_fh_len = NFS_ISV3(vp) ? VTONFS(vp)->n_fhsize : NFSX_V2FH; bcopy(VTONFS(vp)->n_fhp, msg.lm_fh, msg.lm_fh_len); msg.lm_nfsv3 = NFS_ISV3(vp); - msg.lm_cred = *(p->p_ucred); + msg.lm_cred = *(td->td_ucred); /* * Open the lock fifo. If for any reason we don't find the fifo, it @@ -156,7 +156,7 @@ NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, _PATH_LCKFIFO, td); fmode = FFLAGS(O_WRONLY); - error = vn_open_cred(&nd, &fmode, 0, proc0.p_ucred); + error = vn_open_cred(&nd, &fmode, 0, thread0->td_ucred); if (error != 0) { return (error == ENOENT ? EOPNOTSUPP : error); } @@ -166,10 +166,10 @@ ioflg = IO_UNIT; for (;;) { - VOP_LEASE(wvp, td, proc0.p_ucred, LEASE_WRITE); + VOP_LEASE(wvp, td, thread0->td_ucred, LEASE_WRITE); error = vn_rdwr(UIO_WRITE, wvp, (caddr_t)&msg, sizeof(msg), 0, - UIO_SYSSPACE, ioflg, proc0.p_ucred, NULL, td); + UIO_SYSSPACE, ioflg, thread0->td_ucred, NULL, td); if (error && (((ioflg & IO_NDELAY) == 0) || error != EAGAIN)) { break; @@ -219,7 +219,7 @@ break; } - if ((error1 = vn_close(wvp, FWRITE, proc0.p_ucred, td)) && error == 0) + if ((error1 = vn_close(wvp, FWRITE, thread0->td_ucred, td)) && error == 0) return (error1); return (error); @@ -241,8 +241,8 @@ * * XXX This authorization check is probably not right. */ - if ((error = suser(td->td_proc)) != 0 && - td->td_proc->p_ucred->cr_svuid != 0) + if ((error = suser(td, 0)) != 0 && + td->td_ucred->cr_svuid != 0) return (error); /* the version should match, or we're out of sync */ --- //depot/projects/smpng/sys/nfsclient/nfs_vfsops.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/nfsclient/nfs_vfsops.c 2002/01/14 15:19:12 @@ -253,13 +253,13 @@ return (error); vp = NFSTOV(np); if (v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0) - (void)nfs_fsinfo(nmp, vp, td->td_proc->p_ucred, td); + (void)nfs_fsinfo(nmp, vp, td->td_ucred, td); nfsstats.rpccnt[NFSPROC_FSSTAT]++; mreq = nfsm_reqhead(vp, NFSPROC_FSSTAT, NFSX_FH(v3)); mb = mreq; bpos = mtod(mb, caddr_t); nfsm_fhtom(vp, v3); - nfsm_request(vp, NFSPROC_FSSTAT, td, td->td_proc->p_ucred); + nfsm_request(vp, NFSPROC_FSSTAT, td, td->td_ucred); if (v3) nfsm_postop_attr(vp, retattr); if (error) { @@ -420,7 +420,7 @@ * talk to the server. */ error = socreate(nd->myif.ifra_addr.sa_family, &so, SOCK_DGRAM, 0, - td->td_proc->p_ucred, td); + td->td_ucred, td); if (error) panic("nfs_mountroot: socreate(%04x): %d", nd->myif.ifra_addr.sa_family, error); @@ -559,7 +559,7 @@ mp->mnt_flag = mountflag; nam = dup_sockaddr((struct sockaddr *)sin, 1); if ((error = mountnfs(args, mp, nam, which, path, vpp, - td->td_proc->p_ucred)) != 0) { + td->td_ucred)) != 0) { printf("nfs_mountroot: mount %s on %s: %d", path, which, error); mp->mnt_vfc->vfc_refcount--; vfs_unbusy(mp, td); @@ -787,7 +787,7 @@ if (error) return (error); args.fh = nfh; - error = mountnfs(&args, mp, nam, path, hst, &vp, td->td_proc->p_ucred); + error = mountnfs(&args, mp, nam, path, hst, &vp, td->td_ucred); return (error); } @@ -884,7 +884,7 @@ * Get file attributes for the mountpoint. This has the side * effect of filling in (*vpp)->v_type with the correct value. */ - VOP_GETATTR(*vpp, &attrs, curthread->td_proc->p_ucred, curthread); + VOP_GETATTR(*vpp, &attrs, curthread->td_ucred, curthread); /* * Lose the lock but keep the ref. --- //depot/projects/smpng/sys/nfsserver/nfs_serv.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/nfsserver/nfs_serv.c 2002/02/08 14:06:04 @@ -1742,7 +1742,7 @@ if (vap->va_type == VCHR && rdev == 0xffffffff) vap->va_type = VFIFO; if (vap->va_type != VFIFO && - (error = suser_xxx(cred, 0, 0))) { + (error = suser_cred(cred, 0))) { goto ereply; } vap->va_rdev = rdev; @@ -1947,7 +1947,7 @@ if (error) NDFREE(&nd, NDF_ONLY_PNBUF); } else { - if (vtyp != VFIFO && (error = suser_xxx(cred, 0, 0))) + if (vtyp != VFIFO && (error = suser_cred(cred, 0))) goto out; error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); if (error) { @@ -1966,7 +1966,7 @@ nd.ni_cnd.cn_nameiop = LOOKUP; nd.ni_cnd.cn_flags &= ~(LOCKPARENT); nd.ni_cnd.cn_thread = td; - nd.ni_cnd.cn_cred = td->td_proc->p_ucred; + nd.ni_cnd.cn_cred = td->td_ucred; error = lookup(&nd); nd.ni_dvp = NULL; --- //depot/projects/smpng/sys/nfsserver/nfs_srvsubs.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/nfsserver/nfs_srvsubs.c 2002/01/14 15:17:07 @@ -1156,8 +1156,7 @@ if (vp == NULL || vp->v_type != VREG) return (1); - return (vfs_object_create(vp, curthread, - curthread ? curthread->td_proc->p_ucred : NULL)); + return (vfs_object_create(vp, curthread, curthread->td_ucred)); } /* --- //depot/projects/smpng/sys/nfsserver/nfs_syscalls.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/nfsserver/nfs_syscalls.c 2002/01/15 09:05:41 @@ -129,7 +129,7 @@ int error; mtx_lock(&Giant); - error = suser_td(td); + error = suser(td, 0); if (error) goto done2; while (nfssvc_sockhead_flag & SLP_INIT) { --- //depot/projects/smpng/sys/pc98/i386/machdep.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/pc98/i386/machdep.c 2002/02/08 14:06:04 @@ -2223,7 +2223,7 @@ * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td, 0) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) --- //depot/projects/smpng/sys/pc98/pc98/fd.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/pc98/pc98/fd.c 2002/01/15 09:05:41 @@ -3189,7 +3189,7 @@ * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -3214,7 +3214,7 @@ #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -3296,7 +3296,7 @@ case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -3320,7 +3320,7 @@ #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td, 0) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; --- //depot/projects/smpng/sys/pc98/pc98/sio.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/pc98/pc98/sio.c 2002/02/08 14:06:04 @@ -1890,7 +1890,7 @@ } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td, 0)) { error = EBUSY; goto out; } @@ -2923,7 +2923,7 @@ } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td, 0); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -3016,7 +3016,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); @@ -3074,7 +3074,7 @@ break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) { splx(s); return (error); --- //depot/projects/smpng/sys/pc98/pc98/syscons.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/pc98/pc98/syscons.c 2002/01/15 09:05:41 @@ -476,7 +476,7 @@ (*linesw[tp->t_line].l_modem)(tp, 1); } else - if (tp->t_state & TS_XCLUDE && suser_td(td)) + if (tp->t_state & TS_XCLUDE && suser(td, 0)) return(EBUSY); error = (*linesw[tp->t_line].l_open)(dev, tp); @@ -977,10 +977,10 @@ return 0; case KDENABIO: /* allow io operations */ - error = suser_td(td); + error = suser(td, 0); if (error != 0) return error; - error = securelevel_gt(td->td_proc->p_ucred, 0); + error = securelevel_gt(td->td_ucred, 0); if (error != 0) return error; #ifdef __i386__ --- //depot/projects/smpng/sys/pc98/pc98/wd_cd.c 2001/11/12 16:32:44 +++ //depot/user/jhb/proc/pc98/pc98/wd_cd.c 2002/01/15 09:05:41 @@ -630,7 +630,7 @@ 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0); case CDIOCRESET: - error = suser_td(td); + error = suser(td, 0); if (error) return (error); return acd_request_wait(cdp, ATAPI_TEST_UNIT_READY, --- //depot/projects/smpng/sys/pccard/pccard.c 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/pccard/pccard.c 2002/01/15 09:05:41 @@ -55,7 +55,7 @@ #include #if __FreeBSD_version < 500000 -#define suser_td(a) suser(a) +#define suser(a, f) suser((a)) #endif /* The following might now be obsolete */ @@ -522,7 +522,7 @@ * At the very least, we only allow root to set the context. */ case PIOCSMEM: - if (suser_td(td)) + if (suser(td, 0)) return (EPERM); if (slt->state != filled) return (ENXIO); @@ -547,7 +547,7 @@ * Set I/O port context. */ case PIOCSIO: - if (suser_td(td)) + if (suser(td, 0)) return (EPERM); if (slt->state != filled) return (ENXIO); @@ -573,7 +573,7 @@ *(unsigned long *)data = pccard_mem; break; } - if (suser_td(td)) + if (suser(td, 0)) return (EPERM); /* * Validate the memory by checking it against the I/O @@ -605,7 +605,7 @@ * Allocate a driver to this slot. */ case PIOCSDRV: - if (suser_td(td)) + if (suser(td, 0)) return (EPERM); err = allocate_driver(slt, (struct dev_desc *)data); if (!err) --- //depot/projects/smpng/sys/posix4/p1003_1b.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/posix4/p1003_1b.c 2002/02/06 21:41:07 @@ -131,7 +131,7 @@ targettd = &targetp->p_thread; /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setparam(&td->td_retval[0], ksched, targettd, @@ -167,7 +167,7 @@ targettd = &targetp->p_thread; /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e) goto done2; @@ -209,7 +209,7 @@ targettd = &targetp->p_thread; /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setscheduler(&td->td_retval[0], ksched, targettd, @@ -244,7 +244,7 @@ targettd = &targetp->p_thread; /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) e = ksched_getscheduler(&td->td_retval[0], ksched, targettd); @@ -320,7 +320,7 @@ targettd = &targetp->p_thread; /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_rr_get_interval(&td->td_retval[0], ksched, targettd, --- //depot/projects/smpng/sys/security/lomac/kernel_lkm.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/security/lomac/kernel_lkm.c 2002/02/06 21:41:07 @@ -83,20 +83,18 @@ int lomac_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, struct thread *td) { struct nameidata nd; - struct proc *p; struct proc *targp; struct lomac_fioctl *fio; lomac_object_t lobj; lattr_t lattr; int error; - p = td->td_proc; switch (cmd) { case LIOGETPLEVEL: targp = pfind(*(int *)data); if (targp == NULL) return (ESRCH); - if (p_cansee(p, targp) != 0) { + if (p_cansee(td, targp) != 0) { PROC_UNLOCK(targp); return (ESRCH); } @@ -138,7 +136,7 @@ case LIOPMAKELOWLEVEL: lattr.level = LOMAC_LOWEST_LEVEL; lattr.flags = 0; - set_subject_lattr(p, lattr); + set_subject_lattr(td->td_proc, lattr); return (0); default: return (ENOTTY); --- //depot/projects/smpng/sys/security/lomac/kernel_log.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/security/lomac/kernel_log.c 2002/02/08 12:43:41 @@ -37,6 +37,8 @@ #include #include +#include +#include #include #include #include @@ -129,9 +131,14 @@ void log_append_subject_id(lomac_log_t *s, const lomac_subject_t *p_subject) { + uid_t uid; + pid_t pgid; - (void)sbuf_printf(s, "p%dg%du%d:%s", p_subject->p_pid, - p_subject->p_pgrp->pg_id, p_subject->p_ucred->cr_uid, + PROC_LOCK(p_subject); + uid = p_subject->p_ucred->cr_uid; + pgid = p_subject->p_pgrp->pg_id; + PROC_UNLOCK(p_subject); + (void)sbuf_printf(s, "p%dg%du%d:%s", p_subject->p_pid, pgid, uid, p_subject->p_comm); } /* log_append_subject_id() */ --- //depot/projects/smpng/sys/security/lomac/kernel_mmap.c 2001/12/05 16:21:49 +++ //depot/user/jhb/proc/security/lomac/kernel_mmap.c 2002/01/15 08:44:58 @@ -307,7 +307,7 @@ if (securelevel >= 1) disablexworkaround = 1; else - disablexworkaround = suser(p); + disablexworkaround = suser(td, 0); if (vp->v_type == VCHR && disablexworkaround && (flags & (MAP_PRIVATE|MAP_COPY))) { error = EINVAL; @@ -345,7 +345,7 @@ struct vattr va; if ((error = VOP_GETATTR(vp, &va, - p->p_ucred, td))) { + td->td_ucred, td))) { goto done; } if ((va.va_flags & --- //depot/projects/smpng/sys/security/lomac/kernel_socket.c 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/security/lomac/kernel_socket.c 2002/01/14 15:03:53 @@ -232,7 +232,7 @@ error = ENOTSOCK; goto bad; } - error = VOP_ACCESS(vp, VWRITE, td->td_proc->p_ucred, td); + error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td); if (error) goto bad; so2 = vp->v_socket; @@ -266,9 +266,9 @@ * (which is now). */ memset(&unp3->unp_peercred, '\0', sizeof(unp3->unp_peercred)); - unp3->unp_peercred.cr_uid = td->td_proc->p_ucred->cr_uid; - unp3->unp_peercred.cr_ngroups = td->td_proc->p_ucred->cr_ngroups; - memcpy(unp3->unp_peercred.cr_groups, td->td_proc->p_ucred->cr_groups, + unp3->unp_peercred.cr_uid = td->td_ucred->cr_uid; + unp3->unp_peercred.cr_ngroups = td->td_ucred->cr_ngroups; + memcpy(unp3->unp_peercred.cr_groups, td->td_ucred->cr_groups, sizeof(unp3->unp_peercred.cr_groups)); unp3->unp_flags |= UNP_HAVEPC; /* --- //depot/projects/smpng/sys/security/lomac/kernel_util.c 2001/11/19 15:30:12 +++ //depot/user/jhb/proc/security/lomac/kernel_util.c 2002/01/15 09:05:41 @@ -233,7 +233,7 @@ mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser(td, 0)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -383,8 +383,8 @@ */ if (!mediate_subject_at_level("unmount", td->td_proc, LOMAC_HIGHEST_LEVEL) || - ((mp->mnt_stat.f_owner != td->td_proc->p_ucred->cr_uid) && - (error = suser_td(td)))) { + ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) && + (error = suser(td, 0)))) { vput(vp); return (error); } @@ -661,8 +661,7 @@ if (vp->v_type != VDIR) error = ENOTDIR; else - error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred, - curthread); + error = VOP_ACCESS(vp, VEXEC, td->td_ucred, curthread); if (error) vput(vp); else { --- //depot/projects/smpng/sys/sys/interrupt.h 2002/01/09 16:09:21 +++ //depot/user/jhb/proc/sys/interrupt.h 2002/01/10 17:31:18 @@ -44,7 +44,6 @@ int ih_flags; const char *ih_name; /* Name of handler. */ struct ithd *ih_ithread; /* Ithread we are connected to. */ - int ih_need; /* Needs service. */ TAILQ_ENTRY(intrhand) ih_next; /* Next handler for this vector. */ u_char ih_pri; /* Priority of this handler. */ }; @@ -53,7 +52,7 @@ #define IH_FAST 0x00000001 /* Fast interrupt. */ #define IH_EXCLUSIVE 0x00000002 /* Exclusive interrupt. */ #define IH_ENTROPY 0x00000004 /* Device is a good entropy source. */ -#define IH_DEAD 0x00000008 /* Handler should be removed. */ +#define IH_NEED 0x00000008 /* Needs service. */ #define IH_MPSAFE 0x80000000 /* Handler does not need Giant. */ /* @@ -71,7 +70,6 @@ void (*it_enable)(int); /* Disable interrupt source. */ void *it_md; /* Hook for MD interrupt code. */ int it_flags; /* Interrupt-specific flags. */ - int it_need; /* Needs service. */ int it_vector; char it_name[MAXCOMLEN + 1]; }; @@ -80,6 +78,8 @@ #define IT_SOFT 0x000001 /* Software interrupt. */ #define IT_ENTROPY 0x000002 /* Interrupt is an entropy source. */ #define IT_DEAD 0x000004 /* Thread is waiting to exit. */ +#define IT_RESTART 0x000008 /* Needs to restart the loop. */ +#define IT_NEED 0x000010 /* Needs service. */ /* Flags to pass to sched_swi. */ #define SWI_DELAY 0x2 --- //depot/projects/smpng/sys/sys/proc.h 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/sys/proc.h 2002/02/08 14:06:04 @@ -432,7 +432,7 @@ u_short p_acflag; /* (c) Accounting flags. */ struct rusage *p_ru; /* (a) Exit information. XXX */ struct proc *p_peers; /* (c) */ - struct proc *p_leader; /* (c) */ + struct proc *p_leader; /* (b) */ void *p_emuldata; /* (c) Emulator state data. */ }; @@ -668,10 +668,10 @@ int inferior __P((struct proc *p)); int leavepgrp __P((struct proc *p)); void mi_switch __P((void)); -int p_candebug __P((struct proc *p1, struct proc *p2)); -int p_cansee __P((struct proc *p1, struct proc *p2)); -int p_cansched __P((struct proc *p1, struct proc *p2)); -int p_cansignal __P((struct proc *p1, struct proc *p2, int signum)); +int p_candebug __P((struct thread *td, struct proc *p)); +int p_cansee __P((struct thread *td, struct proc *p)); +int p_cansched __P((struct thread *td, struct proc *p)); +int p_cansignal __P((struct thread *td, struct proc *p, int signum)); void procinit __P((void)); void proc_linkup __P((struct proc *p)); void proc_reparent __P((struct proc *child, struct proc *newparent)); --- //depot/projects/smpng/sys/sys/systm.h 2002/01/04 00:49:18 +++ //depot/user/jhb/proc/sys/systm.h 2002/01/15 07:10:05 @@ -47,7 +47,7 @@ #include extern int securelevel; /* system security level (see init(8)) */ -extern int suser_enabled; /* suser_xxx() is permitted to return 0 */ +extern int suser_enabled; /* suser() is permitted to return 0 */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ @@ -184,13 +184,11 @@ void stopprofclock __P((struct proc *)); void setstatclockrate __P((int hzrate)); -/* flags for suser_xxx() */ +/* flags for suser() and suser_cred() */ #define PRISON_ROOT 1 -int suser __P((struct proc *)); -int suser_td __P((struct thread *)); -int suser_xxx __P((struct ucred *cred, struct proc *proc, int flag)); -int suser_xxx_td __P((struct ucred *cred, struct thread *thread, int flag)); +int suser __P((struct thread *td, int flag)); +int suser_cred __P((struct ucred *cred, int flag)); int cr_cansee __P((struct ucred *u1, struct ucred *u2)); char *getenv __P((const char *name)); --- //depot/projects/smpng/sys/sys/ucred.h 2001/10/11 16:53:37 +++ //depot/user/jhb/proc/sys/ucred.h 2002/01/15 07:06:45 @@ -45,7 +45,7 @@ * Credentials. * * Please do not inspect cr_uid directly to determine superuserness. - * Only the suser()/suser_xxx() function should be used for this. + * Only the suser() or suser_cred() function should be used for this. */ struct ucred { u_int cr_ref; /* reference count */ --- //depot/projects/smpng/sys/ufs/ffs/ffs_alloc.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/ufs/ffs/ffs_alloc.c 2002/02/08 14:06:04 @@ -128,7 +128,7 @@ retry: if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (suser_xxx(cred, NULL, PRISON_ROOT) && + if (suser_cred(cred, PRISON_ROOT) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; #ifdef QUOTA @@ -209,7 +209,7 @@ #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (suser_xxx(cred, NULL, PRISON_ROOT) && + if (suser_cred(cred, PRISON_ROOT) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) goto nospace; if ((bprev = ip->i_db[lbprev]) == 0) { --- //depot/projects/smpng/sys/ufs/ffs/ffs_snapshot.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/ufs/ffs/ffs_snapshot.c 2002/02/08 14:06:04 @@ -57,7 +57,7 @@ #include #include -#define KERNCRED proc0.p_ucred +#define KERNCRED thread0->td_ucred #define DEBUG 1 static int cgaccount __P((int, struct vnode *, struct buf *, int)); @@ -207,7 +207,7 @@ */ for (blkno = NDADDR; blkno < numblks; blkno += NINDIR(fs)) { error = UFS_BALLOC(vp, lblktosize(fs, (off_t)blkno), - fs->fs_bsize, td->td_proc->p_ucred, B_METAONLY, &ibp); + fs->fs_bsize, td->td_ucred, B_METAONLY, &ibp); if (error) goto out; bdwrite(ibp); --- //depot/projects/smpng/sys/ufs/ffs/ffs_softdep.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/ufs/ffs/ffs_softdep.c 2002/02/08 14:06:04 @@ -812,7 +812,7 @@ while ((count = softdep_process_worklist(oldmnt)) > 0) { *countp += count; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_FSYNC(devvp, td->td_proc->p_ucred, MNT_WAIT, td); + error = VOP_FSYNC(devvp, td->td_ucred, MNT_WAIT, td); VOP_UNLOCK(devvp, 0, td); if (error) break; @@ -3078,7 +3078,7 @@ } inodedep->id_nlinkdelta = ip->i_nlink - ip->i_effnlink; FREE_LOCK(&lk); - if ((error = UFS_TRUNCATE(vp, (off_t)0, 0, td->td_proc->p_ucred, td)) != 0) + if ((error = UFS_TRUNCATE(vp, (off_t)0, 0, td->td_ucred, td)) != 0) softdep_error("handle_workitem_remove: truncate", error); /* * Rename a directory to a new parent. Since, we are both deleting @@ -4245,7 +4245,7 @@ return (error); } if ((pagedep->pd_state & NEWBLOCK) && - (error = VOP_FSYNC(pvp, td->td_proc->p_ucred, MNT_WAIT, td))) { + (error = VOP_FSYNC(pvp, td->td_ucred, MNT_WAIT, td))) { vput(pvp); return (error); } @@ -4253,7 +4253,7 @@ /* * Flush directory page containing the inode's name. */ - error = bread(pvp, lbn, blksize(fs, VTOI(pvp), lbn), td->td_proc->p_ucred, + error = bread(pvp, lbn, blksize(fs, VTOI(pvp), lbn), td->td_ucred, &bp); if (error == 0) error = BUF_WRITE(bp); @@ -4730,8 +4730,8 @@ FREE_LOCK(&lk); if ((error = VFS_VGET(mp, inum, &vp)) != 0) break; - if ((error=VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_NOWAIT, td)) || - (error=VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_NOWAIT, td))) { + if ((error=VOP_FSYNC(vp, td->td_ucred, MNT_NOWAIT, td)) || + (error=VOP_FSYNC(vp, td->td_ucred, MNT_NOWAIT, td))) { vput(vp); break; } @@ -4997,7 +4997,7 @@ vn_finished_write(mp); return; } - if ((error = VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_NOWAIT, td))) + if ((error = VOP_FSYNC(vp, td->td_ucred, MNT_NOWAIT, td))) softdep_error("clear_remove: fsync", error); drain_output(vp, 0); vput(vp); @@ -5071,10 +5071,10 @@ return; } if (ino == lastino) { - if ((error = VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_WAIT, td))) + if ((error = VOP_FSYNC(vp, td->td_ucred, MNT_WAIT, td))) softdep_error("clear_inodedeps: fsync1", error); } else { - if ((error = VOP_FSYNC(vp, td->td_proc->p_ucred, MNT_NOWAIT, td))) + if ((error = VOP_FSYNC(vp, td->td_ucred, MNT_NOWAIT, td))) softdep_error("clear_inodedeps: fsync2", error); drain_output(vp, 0); } --- //depot/projects/smpng/sys/ufs/ffs/ffs_vfsops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/ufs/ffs/ffs_vfsops.c 2002/02/08 14:06:04 @@ -227,10 +227,10 @@ * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, - td->td_proc->p_ucred, td)) != 0) { + td->td_ucred, td)) != 0) { VOP_UNLOCK(devvp, 0, td); return (error); } @@ -261,7 +261,7 @@ } /* check to see if we need to start softdep */ if ((fs->fs_flags & FS_DOSOFTDEP) && - (error = softdep_mount(devvp, mp, fs, td->td_proc->p_ucred))){ + (error = softdep_mount(devvp, mp, fs, td->td_ucred))){ vn_finished_write(mp); return (error); } @@ -308,12 +308,12 @@ * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td, 0)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - if ((error = VOP_ACCESS(devvp, accessmode, td->td_proc->p_ucred, td))!= 0){ + if ((error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td))!= 0){ vput(devvp); return (error); } @@ -409,7 +409,7 @@ */ if (vn_isdisk(devvp, NULL)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); - vfs_object_create(devvp, td, td->td_proc->p_ucred); + vfs_object_create(devvp, td, td->td_ucred); mtx_lock(&devvp->v_interlock); VOP_UNLOCK(devvp, LK_INTERLOCK, td); } @@ -556,7 +556,7 @@ int ncount; dev = devvp->v_rdev; - cred = td ? td->td_proc->p_ucred : NOCRED; + cred = td ? td->td_ucred : NOCRED; /* * Disallow multiple mounts of the same device. * Disallow mounting of a device that is currently in use @@ -942,7 +942,7 @@ * Flush filesystem metadata. */ vn_lock(ump->um_devvp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_FSYNC(ump->um_devvp, td->td_proc->p_ucred, MNT_WAIT, td); + error = VOP_FSYNC(ump->um_devvp, td->td_ucred, MNT_WAIT, td); VOP_UNLOCK(ump->um_devvp, 0, td); return (error); } --- //depot/projects/smpng/sys/ufs/ifs/ifs_vnops.c 2001/07/17 20:39:48 +++ //depot/user/jhb/proc/ufs/ifs/ifs_vnops.c 2002/01/15 07:44:40 @@ -269,7 +269,7 @@ if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, 0)) + suser_cred(cnp->cn_cred, 0)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) --- //depot/projects/smpng/sys/ufs/ufs/ufs_extattr.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/ufs/ufs/ufs_extattr.c 2002/01/15 07:44:40 @@ -212,7 +212,7 @@ ump->um_extattr.uepm_flags |= UFS_EXTATTR_UEPM_STARTED; - ump->um_extattr.uepm_ucred = crhold(td->td_proc->p_ucred); + ump->um_extattr.uepm_ucred = crhold(td->td_ucred); unlock: ufs_extattr_uepm_unlock(ump, td); @@ -246,7 +246,7 @@ if (lockparent == UE_GETDIR_LOCKPARENT) cnp.cn_flags |= LOCKPARENT; cnp.cn_thread = td; - cnp.cn_cred = td->td_proc->p_ucred; + cnp.cn_cred = td->td_ucred; cnp.cn_pnbuf = zalloc(namei_zone); cnp.cn_nameptr = cnp.cn_pnbuf; error = copystr(dirname, cnp.cn_pnbuf, MAXPATHLEN, @@ -318,7 +318,7 @@ { int error; - error = VOP_OPEN(vp, FREAD|FWRITE, td->td_proc->p_ucred, td); + error = VOP_OPEN(vp, FREAD|FWRITE, td->td_ucred, td); if (error) { printf("ufs_extattr_enable_with_open.VOP_OPEN(): failed " "with %d\n", error); @@ -332,7 +332,7 @@ */ if (vn_canvmio(vp) == TRUE) if ((error = vfs_object_create(vp, td, - td->td_proc->p_ucred)) != 0) { + td->td_ucred)) != 0) { /* * XXX: bug replicated from vn_open(): should * VOP_CLOSE() here. @@ -349,7 +349,7 @@ error = ufs_extattr_enable(ump, attrnamespace, attrname, vp, td); if (error != 0) - vn_close(vp, FREAD|FWRITE, td->td_proc->p_ucred, td); + vn_close(vp, FREAD|FWRITE, td->td_ucred, td); return (error); } @@ -388,7 +388,7 @@ vargs.a_desc = NULL; vargs.a_vp = dvp; vargs.a_uio = &auio; - vargs.a_cred = td->td_proc->p_ucred; + vargs.a_cred = td->td_ucred; vargs.a_eofflag = &eofflag; vargs.a_ncookies = NULL; vargs.a_cookies = NULL; @@ -625,7 +625,7 @@ auio.uio_rw = UIO_READ; auio.uio_td = td; - VOP_LEASE(backing_vnode, td, td->td_proc->p_ucred, LEASE_WRITE); + VOP_LEASE(backing_vnode, td, td->td_ucred, LEASE_WRITE); vn_lock(backing_vnode, LK_SHARED | LK_NOPAUSE | LK_RETRY, td); error = VOP_READ(backing_vnode, &auio, IO_NODELOCKED, ump->um_extattr.uepm_ucred); @@ -686,7 +686,7 @@ uele->uele_backing_vnode->v_flag &= ~VSYSTEM; error = vn_close(uele->uele_backing_vnode, FREAD|FWRITE, - td->td_proc->p_ucred, td); + td->td_ucred, td); FREE(uele, M_UFS_EXTATTR); @@ -709,7 +709,7 @@ * Processes with privilege, but in jail, are not allowed to * configure extended attributes. */ - if ((error = suser_xxx(td->td_proc->p_ucred, td->td_proc, 0))) { + if ((error = suser(td, 0))) { if (filename_vp != NULL) VOP_UNLOCK(filename_vp, 0, td); return (error); @@ -806,7 +806,7 @@ switch (uele->uele_attrnamespace) { case EXTATTR_NAMESPACE_SYSTEM: /* Potentially should be: return (EPERM); */ - return (suser_xxx(cred, td->td_proc, 0)); + return (suser_cred(cred, 0)); case EXTATTR_NAMESPACE_USER: return (VOP_ACCESS(vp, access, cred, td)); default: --- //depot/projects/smpng/sys/ufs/ufs/ufs_lookup.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/ufs/ufs/ufs_lookup.c 2002/01/14 15:03:53 @@ -749,7 +749,7 @@ char *dirbuf; td = curthread; /* XXX */ - cr = td->td_proc->p_ucred; + cr = td->td_ucred; dp = VTOI(dvp); newentrysize = DIRSIZ(OFSFMT(dvp), dirp); @@ -819,7 +819,7 @@ return (error); if (tvp != NULL) VOP_UNLOCK(tvp, 0, td); - error = VOP_FSYNC(dvp, td->td_proc->p_ucred, MNT_WAIT, td); + error = VOP_FSYNC(dvp, td->td_ucred, MNT_WAIT, td); if (tvp != NULL) vn_lock(tvp, LK_EXCLUSIVE | LK_RETRY, td); return (error); --- //depot/projects/smpng/sys/ufs/ufs/ufs_quota.c 2002/01/11 16:20:35 +++ //depot/user/jhb/proc/ufs/ufs/ufs_quota.c 2002/01/15 07:44:40 @@ -150,7 +150,7 @@ } return (0); } - if ((flags & FORCE) == 0 && suser_xxx(cred, NULL, 0)) { + if ((flags & FORCE) == 0 && suser_cred(cred, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -271,7 +271,7 @@ } return (0); } - if ((flags & FORCE) == 0 && suser_xxx(cred, NULL, 0)) { + if ((flags & FORCE) == 0 && suser_cred(cred, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -409,7 +409,7 @@ vp = nd.ni_vp; VOP_UNLOCK(vp, 0, td); if (vp->v_type != VREG) { - (void) vn_close(vp, FREAD|FWRITE, td->td_proc->p_ucred, td); + (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td); return (EACCES); } if (*vpp != vp) @@ -422,7 +422,7 @@ * Save the credential of the process that turned on quotas. * Set up the time limits for this quota. */ - ump->um_cred[type] = crhold(td->td_proc->p_ucred); + ump->um_cred[type] = crhold(td->td_ucred); ump->um_btime[type] = MAX_DQ_TIME; ump->um_itime[type] = MAX_IQ_TIME; if (dqget(NULLVP, 0, ump, type, &dq) == 0) { @@ -523,7 +523,7 @@ mtx_unlock(&mntvnode_mtx); dqflush(qvp); qvp->v_flag &= ~VSYSTEM; - error = vn_close(qvp, FREAD|FWRITE, td->td_proc->p_ucred, td); + error = vn_close(qvp, FREAD|FWRITE, td->td_ucred, td); ump->um_quotas[type] = NULLVP; crfree(ump->um_cred[type]); ump->um_cred[type] = NOCRED; --- //depot/projects/smpng/sys/ufs/ufs/ufs_readwrite.c 2001/11/07 12:45:34 +++ //depot/user/jhb/proc/ufs/ufs/ufs_readwrite.c 2002/01/15 07:44:40 @@ -568,7 +568,7 @@ * tampering. */ if (resid > uio->uio_resid && ap->a_cred && - suser_xxx(ap->a_cred, NULL, PRISON_ROOT)) + suser_cred(ap->a_cred, PRISON_ROOT)) ip->i_mode &= ~(ISUID | ISGID); if (resid > uio->uio_resid) VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0)); --- //depot/projects/smpng/sys/ufs/ufs/ufs_vfsops.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/ufs/ufs/ufs_vfsops.c 2002/01/15 07:44:40 @@ -108,18 +108,18 @@ int cmd, type, error; if (uid == -1) - uid = td->td_proc->p_ucred->cr_ruid; + uid = td->td_ucred->cr_ruid; cmd = cmds >> SUBCMDSHIFT; switch (cmd) { case Q_SYNC: break; case Q_GETQUOTA: - if (uid == td->td_proc->p_ucred->cr_ruid) + if (uid == td->td_ucred->cr_ruid) break; /* fall through */ default: - if ((error = suser_xxx(0, td->td_proc, PRISON_ROOT)) != 0) + if ((error = suser(td, PRISON_ROOT)) != 0) return (error); } --- //depot/projects/smpng/sys/ufs/ufs/ufs_vnops.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/ufs/ufs/ufs_vnops.c 2002/02/08 14:06:04 @@ -486,7 +486,7 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_xxx(cred, NULL, PRISON_ROOT)) { + if (!suser_cred(cred, PRISON_ROOT)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -618,7 +618,7 @@ * as well as set the setgid bit on a file with a group that the * process is not a member of. */ - if (suser_xxx(cred, NULL, PRISON_ROOT)) { + if (suser_cred(cred, PRISON_ROOT)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) @@ -668,7 +668,7 @@ */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = suser_xxx(cred, td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; @@ -735,7 +735,7 @@ panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid)) + if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } @@ -2370,7 +2370,7 @@ if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, NULL, PRISON_ROOT)) + suser_cred(cnp->cn_cred, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) --- //depot/projects/smpng/sys/vm/swap_pager.c 2001/10/17 19:58:24 +++ //depot/user/jhb/proc/vm/swap_pager.c 2002/01/14 15:03:53 @@ -1135,8 +1135,8 @@ bp->b_iocmd = BIO_READ; bp->b_iodone = swp_pager_async_iodone; - bp->b_rcred = crhold(proc0.p_ucred); - bp->b_wcred = crhold(proc0.p_ucred); + bp->b_rcred = crhold(thread0->td_ucred); + bp->b_wcred = crhold(thread0->td_ucred); bp->b_data = (caddr_t) kva; bp->b_blkno = blk - (reqpage - i); bp->b_bcount = PAGE_SIZE * (j - i); @@ -1386,8 +1386,8 @@ pmap_qenter((vm_offset_t)bp->b_data, &m[i], n); - bp->b_rcred = crhold(proc0.p_ucred); - bp->b_wcred = crhold(proc0.p_ucred); + bp->b_rcred = crhold(thread0->td_ucred); + bp->b_wcred = crhold(thread0->td_ucred); bp->b_bcount = PAGE_SIZE * n; bp->b_bufsize = PAGE_SIZE * n; bp->b_blkno = blk; @@ -2080,8 +2080,8 @@ nbp->b_iocmd = bp->bio_cmd; nbp->b_ioflags = bp->bio_flags & BIO_ORDERED; nbp->b_flags = flags; - nbp->b_rcred = crhold(proc0.p_ucred); - nbp->b_wcred = crhold(proc0.p_ucred); + nbp->b_rcred = crhold(thread0->td_ucred); + nbp->b_wcred = crhold(thread0->td_ucred); nbp->b_iodone = vm_pager_chain_iodone; if (vp) --- //depot/projects/smpng/sys/vm/vm_mmap.c 2002/02/08 13:19:07 +++ //depot/user/jhb/proc/vm/vm_mmap.c 2002/02/08 14:06:04 @@ -347,10 +347,10 @@ * other securelevel. * XXX this will have to go */ - if (securelevel_ge(td->td_proc->p_ucred, 1)) + if (securelevel_ge(td->td_ucred, 1)) disablexworkaround = 1; else - disablexworkaround = suser_td(td); + disablexworkaround = suser(td, 0); if (vp->v_type == VCHR && disablexworkaround && (flags & (MAP_PRIVATE|MAP_COPY))) { error = EINVAL; @@ -388,7 +388,7 @@ struct vattr va; if ((error = VOP_GETATTR(vp, &va, - td->td_proc->p_ucred, td))) { + td->td_ucred, td))) { goto done; } if ((va.va_flags & @@ -1022,7 +1022,7 @@ td->td_proc->p_rlimit[RLIMIT_MEMLOCK].rlim_cur) return (ENOMEM); #else - error = suser_td(td); + error = suser(td, 0); if (error) return (error); #endif @@ -1103,7 +1103,7 @@ return (EINVAL); #ifndef pmap_wired_count - error = suser_td(td); + error = suser(td, 0); if (error) return (error); #endif @@ -1185,7 +1185,7 @@ struct vattr vat; int error; - error = VOP_GETATTR(vp, &vat, td->td_proc->p_ucred, td); + error = VOP_GETATTR(vp, &vat, td->td_ucred, td); if (error) { mtx_unlock(&Giant); return (error); --- //depot/projects/smpng/sys/vm/vm_swap.c 2001/09/17 13:08:10 +++ //depot/user/jhb/proc/vm/vm_swap.c 2002/01/15 09:05:41 @@ -198,7 +198,7 @@ int error; mtx_lock(&Giant); - error = suser_td(td); + error = suser(td, 0); if (error) goto done2; @@ -222,7 +222,7 @@ if (vn_isdisk(vp, &error)) error = swaponvp(td, vp, vp->v_rdev, 0); else if (vp->v_type == VREG && vp->v_tag == VT_NFS && - (error = VOP_GETATTR(vp, &attr, td->td_proc->p_ucred, td)) == 0) { + (error = VOP_GETATTR(vp, &attr, td->td_ucred, td)) == 0) { /* * Allow direct swapping to NFS regular files in the same * way that nfs_mountroot() sets up diskless swapping. @@ -262,7 +262,6 @@ swblk_t dvbase; int error; u_long aligned_nblks; - struct proc *p = td->td_proc; if (!swapdev_vp) { error = getnewvnode(VT_NON, NULL, swapdev_vnodeop_p, @@ -283,18 +282,18 @@ return EINVAL; found: (void) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_OPEN(vp, FREAD | FWRITE, p->p_ucred, td); + error = VOP_OPEN(vp, FREAD | FWRITE, td->td_ucred, td); (void) VOP_UNLOCK(vp, 0, td); if (error) return (error); if (nblks == 0 && dev != NODEV && (devsw(dev)->d_psize == 0 || (nblks = (*devsw(dev)->d_psize) (dev)) == -1)) { - (void) VOP_CLOSE(vp, FREAD | FWRITE, p->p_ucred, td); + (void) VOP_CLOSE(vp, FREAD | FWRITE, td->td_ucred, td); return (ENXIO); } if (nblks == 0) { - (void) VOP_CLOSE(vp, FREAD | FWRITE, p->p_ucred, td); + (void) VOP_CLOSE(vp, FREAD | FWRITE, td->td_ucred, td); return (ENXIO); } @@ -305,7 +304,7 @@ if (nblks > 0x40000000 / BLIST_META_RADIX / nswdev) { printf("exceeded maximum of %d blocks per swap unit\n", 0x40000000 / BLIST_META_RADIX / nswdev); - (void) VOP_CLOSE(vp, FREAD | FWRITE, p->p_ucred, td); + (void) VOP_CLOSE(vp, FREAD | FWRITE, td->td_ucred, td); return (ENXIO); } /* --- //depot/projects/smpng/sys/vm/vnode_pager.c 2001/12/17 16:58:02 +++ //depot/user/jhb/proc/vm/vnode_pager.c 2002/01/14 15:03:53 @@ -463,8 +463,8 @@ bp->b_iodone = vnode_pager_iodone; KASSERT(bp->b_rcred == NOCRED, ("leaking read ucred")); KASSERT(bp->b_wcred == NOCRED, ("leaking write ucred")); - bp->b_rcred = crhold(curthread->td_proc->p_ucred); - bp->b_wcred = crhold(curthread->td_proc->p_ucred); + bp->b_rcred = crhold(curthread->td_ucred); + bp->b_wcred = crhold(curthread->td_ucred); bp->b_data = (caddr_t) kva + i * bsize; bp->b_blkno = fileaddr; pbgetvp(dp, bp); @@ -555,7 +555,7 @@ auio.uio_resid = size; auio.uio_td = curthread; - error = VOP_READ(vp, &auio, 0, curthread->td_proc->p_ucred); + error = VOP_READ(vp, &auio, 0, curthread->td_ucred); if (!error) { int count = size - auio.uio_resid; @@ -782,8 +782,8 @@ /* B_PHYS is not set, but it is nice to fill this in */ KASSERT(bp->b_rcred == NOCRED, ("leaking read ucred")); KASSERT(bp->b_wcred == NOCRED, ("leaking write ucred")); - bp->b_rcred = crhold(curthread->td_proc->p_ucred); - bp->b_wcred = crhold(curthread->td_proc->p_ucred); + bp->b_rcred = crhold(curthread->td_ucred); + bp->b_wcred = crhold(curthread->td_ucred); bp->b_blkno = firstaddr; pbgetvp(dp, bp); bp->b_bcount = size; @@ -1030,7 +1030,7 @@ auio.uio_rw = UIO_WRITE; auio.uio_resid = maxsize; auio.uio_td = (struct thread *) 0; - error = VOP_WRITE(vp, &auio, ioflags, curthread->td_proc->p_ucred); + error = VOP_WRITE(vp, &auio, ioflags, curthread->td_ucred); cnt.v_vnodeout++; cnt.v_vnodepgsout += ncount;