diff options
| author | jhb <jhb@FreeBSD.org> | 2002-05-19 00:14:50 +0000 |
|---|---|---|
| committer | jhb <jhb@FreeBSD.org> | 2002-05-19 00:14:50 +0000 |
| commit | b6d6774e76bd44035dc47ff6e7c3fdb44961a142 (patch) | |
| tree | 0642e3c6447c397fe8442630e46788930550bb42 | |
| parent | 930f7599edae9acfd7bada4b5e71817067c0ec88 (diff) | |
| download | FreeBSD-src-b6d6774e76bd44035dc47ff6e7c3fdb44961a142.zip FreeBSD-src-b6d6774e76bd44035dc47ff6e7c3fdb44961a142.tar.gz | |
Change p_can{debug,see,sched,signal}()'s first argument to be a thread
pointer instead of a proc pointer and require the process pointed to
by the second argument to be locked. We now use the thread ucred reference
for the credential checks in p_can*() as a result. p_canfoo() should now
no longer need Giant.
| -rw-r--r-- | sys/compat/linprocfs/linprocfs.c | 2 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs.c | 4 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_ctl.c | 4 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_dbregs.c | 2 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_fpregs.c | 2 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_mem.c | 2 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_regs.c | 2 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_status.c | 2 | ||||
| -rw-r--r-- | sys/fs/pseudofs/pseudofs_vnops.c | 2 | ||||
| -rw-r--r-- | sys/kern/kern_event.c | 2 | ||||
| -rw-r--r-- | sys/kern/kern_ktrace.c | 2 | ||||
| -rw-r--r-- | sys/kern/kern_proc.c | 6 | ||||
| -rw-r--r-- | sys/kern/kern_prot.c | 129 | ||||
| -rw-r--r-- | sys/kern/kern_resource.c | 18 | ||||
| -rw-r--r-- | sys/kern/kern_sig.c | 7 | ||||
| -rw-r--r-- | sys/kern/p1003_1b.c | 10 | ||||
| -rw-r--r-- | sys/kern/sys_process.c | 4 | ||||
| -rw-r--r-- | sys/posix4/p1003_1b.c | 10 | ||||
| -rw-r--r-- | sys/security/lomac/kernel_lkm.c | 6 | ||||
| -rw-r--r-- | sys/sys/proc.h | 8 |
20 files changed, 116 insertions, 108 deletions
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index c02aec7..02b858e 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -673,7 +673,7 @@ linprocfs_doproccmdline(PFS_FILL_ARGS) */ PROC_LOCK(p); - if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) { + if (p->p_args && (ps_argsopen || !p_cansee(td, p))) { sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); PROC_UNLOCK(p); } else if (p != td->td_proc) { diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c index 6d6162e..8083ba6 100644 --- a/sys/fs/procfs/procfs.c +++ b/sys/fs/procfs/procfs.c @@ -107,6 +107,7 @@ procfs_attr(PFS_ATTR_ARGS) vap->va_mode = 0600; /* p is locked by caller */ + PROC_LOCK_ASSERT(p, MA_OWNED); vap->va_uid = p->p_ucred->cr_uid; vap->va_gid = p->p_ucred->cr_gid; @@ -130,8 +131,9 @@ procfs_notsystem(PFS_VIS_ARGS) int procfs_candebug(PFS_VIS_ARGS) { + PROC_LOCK_ASSERT(p, MA_OWNED); return ((p->p_flag & P_SYSTEM) == 0 && - p_candebug(td->td_proc, p) == 0); + p_candebug(td, p) == 0); } /* diff --git a/sys/fs/procfs/procfs_ctl.c b/sys/fs/procfs/procfs_ctl.c index cf8cbc7..0f35370 100644 --- a/sys/fs/procfs/procfs_ctl.c +++ b/sys/fs/procfs/procfs_ctl.c @@ -122,7 +122,7 @@ procfs_control(struct thread *td, struct proc *p, int op) if (op == PROCFS_CTL_ATTACH) { sx_xlock(&proctree_lock); PROC_LOCK(p); - if ((error = p_candebug(td->td_proc, p)) != 0) + if ((error = p_candebug(td, p)) != 0) goto out; if (p->p_flag & P_TRACED) { error = EBUSY; @@ -165,7 +165,7 @@ out: */ PROC_LOCK(p); if (op != PROCFS_CTL_DETACH && - ((error = p_candebug(td->td_proc, p)))) { + ((error = p_candebug(td, p)))) { PROC_UNLOCK(p); return (error); } diff --git a/sys/fs/procfs/procfs_dbregs.c b/sys/fs/procfs/procfs_dbregs.c index 29ff71b..361f34b 100644 --- a/sys/fs/procfs/procfs_dbregs.c +++ b/sys/fs/procfs/procfs_dbregs.c @@ -69,7 +69,7 @@ procfs_doprocdbregs(PFS_FILL_ARGS) int kl; PROC_LOCK(p); - if (p_candebug(td->td_proc, p) != 0) { + if (p_candebug(td, p) != 0) { PROC_UNLOCK(p); return (EPERM); } diff --git a/sys/fs/procfs/procfs_fpregs.c b/sys/fs/procfs/procfs_fpregs.c index caabe49..afabb33 100644 --- a/sys/fs/procfs/procfs_fpregs.c +++ b/sys/fs/procfs/procfs_fpregs.c @@ -63,7 +63,7 @@ procfs_doprocfpregs(PFS_FILL_ARGS) int kl; PROC_LOCK(p); - if (p_candebug(td->td_proc, p)) { + if (p_candebug(td, p)) { PROC_UNLOCK(p); return (EPERM); } diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c index 1f92373..5c086be 100644 --- a/sys/fs/procfs/procfs_mem.c +++ b/sys/fs/procfs/procfs_mem.c @@ -66,7 +66,7 @@ procfs_doprocmem(PFS_FILL_ARGS) return (0); PROC_LOCK(p); - error = p_candebug(td->td_proc, p); + error = p_candebug(td, p); PROC_UNLOCK(p); if (error == 0) error = proc_rwmem(p, uio); diff --git a/sys/fs/procfs/procfs_regs.c b/sys/fs/procfs/procfs_regs.c index 3c0a700..5fcb450 100644 --- a/sys/fs/procfs/procfs_regs.c +++ b/sys/fs/procfs/procfs_regs.c @@ -63,7 +63,7 @@ procfs_doprocregs(PFS_FILL_ARGS) int kl; PROC_LOCK(p); - if (p_candebug(td->td_proc, p)) { + if (p_candebug(td, p)) { PROC_UNLOCK(p); return (EPERM); } diff --git a/sys/fs/procfs/procfs_status.c b/sys/fs/procfs/procfs_status.c index b03f4dc..6e5711b 100644 --- a/sys/fs/procfs/procfs_status.c +++ b/sys/fs/procfs/procfs_status.c @@ -182,7 +182,7 @@ procfs_doproccmdline(PFS_FILL_ARGS) */ PROC_LOCK(p); - if (p->p_args && (ps_argsopen || !p_cansee(td->td_proc, p))) { + if (p->p_args && (ps_argsopen || !p_cansee(td, p))) { sbuf_bcpy(sb, p->p_args->ar_args, p->p_args->ar_length); PROC_UNLOCK(p); return (0); diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index e1541f9..ac49ca0 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -86,7 +86,7 @@ pfs_visible(struct thread *td, struct pfs_node *pn, pid_t pid) if (pid != NO_PID) { if ((proc = pfind(pid)) == NULL) PFS_RETURN (0); - if (p_cansee(td->td_proc, proc) != 0 || + if (p_cansee(td, proc) != 0 || (pn->pn_vis != NULL && !(pn->pn_vis)(td, proc, pn))) r = 0; PROC_UNLOCK(proc); diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index d9e6c8f..3e2cbf7 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -196,7 +196,7 @@ filt_procattach(struct knote *kn) p = pfind(kn->kn_id); if (p == NULL) return (ESRCH); - if ((error = p_cansee(curproc, p))) { + if ((error = p_cansee(curthread, p))) { PROC_UNLOCK(p); return (error); } diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 5f77011..92560fc 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -622,7 +622,7 @@ ktrcanset(td, targetp) suser_cred(td->td_ucred, PRISON_ROOT)) return (0); - if (p_candebug(td->td_proc, targetp) != 0) + if (p_candebug(td, targetp) != 0) return (0); return (1); diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 8f92331..ebef4a6 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -830,7 +830,7 @@ sysctl_kern_proc(SYSCTL_HANDLER_ARGS) p = pfind((pid_t)name[0]); if (!p) return (0); - if (p_cansee(curproc, p)) { + if (p_cansee(curthread, p)) { PROC_UNLOCK(p); return (0); } @@ -861,7 +861,7 @@ sysctl_kern_proc(SYSCTL_HANDLER_ARGS) /* * Show a user only appropriate processes. */ - if (p_cansee(curproc, p)) { + if (p_cansee(curthread, p)) { PROC_UNLOCK(p); continue; } @@ -998,7 +998,7 @@ sysctl_kern_proc_args(SYSCTL_HANDLER_ARGS) if (!p) return (0); - if ((!ps_argsopen) && p_cansee(curproc, p)) { + if ((!ps_argsopen) && p_cansee(curthread, p)) { PROC_UNLOCK(p); return (0); } diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index e4f9d3a..e3d857d 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -168,7 +168,7 @@ getpgid(struct thread *td, struct getpgid_args *uap) } else if ((pt = pfind(uap->pid)) == NULL) error = ESRCH; else { - error = p_cansee(p, pt); + error = p_cansee(td, pt); if (error == 0) td->td_retval[0] = pt->p_pgrp->pg_id; PROC_UNLOCK(pt); @@ -204,7 +204,7 @@ getsid(struct thread *td, struct getsid_args *uap) } else if ((pt = pfind(uap->pid)) == NULL) error = ESRCH; else { - error = p_cansee(p, pt); + error = p_cansee(td, pt); if (error == 0) td->td_retval[0] = pt->p_session->s_sid; PROC_UNLOCK(pt); @@ -422,7 +422,7 @@ setpgid(struct thread *td, register struct setpgid_args *uap) error = ESRCH; goto done; } - if ((error = p_cansee(curproc, targp))) { + if ((error = p_cansee(curthread, targp))) { PROC_UNLOCK(targp); goto done; } @@ -1361,19 +1361,20 @@ cr_cansee(struct ucred *u1, struct ucred *u2) } /*- - * Determine if p1 "can see" the subject specified by p2. + * Determine if td "can see" the subject specified by p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect p1->p_ucred and p2->p_ucred must - * be held. Normally, p1 will be curproc, and a lock must be held - * for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect p->p_ucred must be held. td really + * should be curthread. + * References: td and p must be valid for the lifetime of the call */ int -p_cansee(struct proc *p1, struct proc *p2) +p_cansee(struct thread *td, struct proc *p) { /* Wrap cr_cansee() for all functionality. */ - return (cr_cansee(p1->p_ucred, p2->p_ucred)); + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + return (cr_cansee(td->td_ucred, p->p_ucred)); } /*- @@ -1387,6 +1388,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); /* * Jail semantics limit the scope of signalling to proc in the * same jail as cred, if cred is in jail. @@ -1448,18 +1450,20 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) /*- - * Determine whether p1 may deliver the specified signal to p2. + * Determine whether td may deliver the specified signal to p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must be + * held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_cansignal(struct proc *p1, struct proc *p2, int signum) +p_cansignal(struct thread *td, struct proc *p, int signum) { - if (p1 == p2) + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if (td->td_proc == p) return (0); /* @@ -1467,40 +1471,43 @@ p_cansignal(struct proc *p1, struct proc *p2, int signum) * session always be able to deliver SIGCONT to one another, * overriding the remaining protections. */ - if (signum == SIGCONT && p1->p_session == p2->p_session) + /* XXX: This will require an additional lock of some sort. */ + if (signum == SIGCONT && td->td_proc->p_session == p->p_session) return (0); - return (cr_cansignal(p1->p_ucred, p2, signum)); + return (cr_cansignal(td->td_ucred, p, signum)); } /*- - * Determine whether p1 may reschedule p2. + * Determine whether td may reschedule p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_cansched(struct proc *p1, struct proc *p2) +p_cansched(struct thread *td, struct proc *p) { int error; - if (p1 == p2) + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if (td->td_proc == p) return (0); - if ((error = prison_check(p1->p_ucred, p2->p_ucred))) + if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); - if ((error = cr_seeotheruids(p1->p_ucred, p2->p_ucred))) + if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) return (error); - if (p1->p_ucred->cr_ruid == p2->p_ucred->cr_ruid) + if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) return (0); - if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) + if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) return (0); - if (suser_cred(p1->p_ucred, PRISON_ROOT) == 0) + if (suser_cred(td->td_ucred, PRISON_ROOT) == 0) return (0); #ifdef CAPABILITIES - if (!cap_check(NULL, p1, CAP_SYS_NICE, PRISON_ROOT)) + if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT)) return (0); #endif @@ -1524,73 +1531,75 @@ SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW, "Unprivileged processes may use process debugging facilities"); /*- - * Determine whether p1 may debug p2. + * Determine whether td may debug p. * Returns: 0 for permitted, an errno value otherwise - * Locks: Sufficient locks to protect various components of p1 and p2 - * must be held. Normally, p1 will be curproc, and a lock must - * be held for p2. - * References: p1 and p2 must be valid for the lifetime of the call + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call */ int -p_candebug(struct proc *p1, struct proc *p2) +p_candebug(struct thread *td, struct proc *p) { int credentialchanged, error, grpsubset, i, uidsubset; + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); if (!unprivileged_proc_debug) { - error = suser_cred(p1->p_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); } - if (p1 == p2) + if (td->td_proc == p) return (0); - if ((error = prison_check(p1->p_ucred, p2->p_ucred))) + if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); - if ((error = cr_seeotheruids(p1->p_ucred, p2->p_ucred))) + if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) return (error); /* - * Is p2's group set a subset of p1's effective group set? This - * includes p2's egid, group access list, rgid, and svgid. + * Is p's group set a subset of td's effective group set? This + * includes p's egid, group access list, rgid, and svgid. */ grpsubset = 1; - for (i = 0; i < p2->p_ucred->cr_ngroups; i++) { - if (!groupmember(p2->p_ucred->cr_groups[i], p1->p_ucred)) { + for (i = 0; i < p->p_ucred->cr_ngroups; i++) { + if (!groupmember(p->p_ucred->cr_groups[i], td->td_ucred)) { grpsubset = 0; break; } } grpsubset = grpsubset && - groupmember(p2->p_ucred->cr_rgid, p1->p_ucred) && - groupmember(p2->p_ucred->cr_svgid, p1->p_ucred); + groupmember(p->p_ucred->cr_rgid, td->td_ucred) && + groupmember(p->p_ucred->cr_svgid, td->td_ucred); /* - * Are the uids present in p2's credential equal to p1's - * effective uid? This includes p2's euid, svuid, and ruid. + * Are the uids present in p's credential equal to td's + * effective uid? This includes p's euid, svuid, and ruid. */ - uidsubset = (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid && - p1->p_ucred->cr_uid == p2->p_ucred->cr_svuid && - p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid); + uidsubset = (td->td_ucred->cr_uid == p->p_ucred->cr_uid && + td->td_ucred->cr_uid == p->p_ucred->cr_svuid && + td->td_ucred->cr_uid == p->p_ucred->cr_ruid); /* * Has the credential of the process changed since the last exec()? */ - credentialchanged = (p2->p_flag & P_SUGID); + credentialchanged = (p->p_flag & P_SUGID); /* - * If p2's gids aren't a subset, or the uids aren't a subset, + * If p's gids aren't a subset, or the uids aren't a subset, * or the credential has changed, require appropriate privilege - * for p1 to debug p2. For POSIX.1e capabilities, this will + * for td to debug p. For POSIX.1e capabilities, this will * require CAP_SYS_PTRACE. */ if (!grpsubset || !uidsubset || credentialchanged) { - error = suser_cred(p1->p_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); } /* Can't trace init when securelevel > 0. */ - if (p2 == initproc) { - error = securelevel_gt(p1->p_ucred, 0); + if (p == initproc) { + error = securelevel_gt(td->td_ucred, 0); if (error) return (error); } @@ -1601,7 +1610,7 @@ p_candebug(struct proc *p1, struct proc *p2) * basic correctness/functionality decision. Therefore, this check * should be moved to the caller's of p_candebug(). */ - if ((p2->p_flag & P_INEXEC) != 0) + if ((p->p_flag & P_INEXEC) != 0) return (EAGAIN); return (0); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index b89ccc0..d467c1a 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -101,7 +101,7 @@ getpriority(td, uap) p = pfind(uap->who); if (p == NULL) break; - if (p_cansee(td->td_proc, p) == 0) + if (p_cansee(td, p) == 0) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; PROC_UNLOCK(p); } @@ -124,7 +124,7 @@ getpriority(td, uap) sx_sunlock(&proctree_lock); LIST_FOREACH(p, &pg->pg_members, p_pglist) { PROC_LOCK(p); - if (!p_cansee(td->td_proc, p) && p->p_ksegrp.kg_nice /* XXXKSE */ < low) + if (!p_cansee(td, p) && p->p_ksegrp.kg_nice /* XXXKSE */ < low) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; PROC_UNLOCK(p); } @@ -138,7 +138,7 @@ getpriority(td, uap) sx_slock(&allproc_lock); LIST_FOREACH(p, &allproc, p_list) { PROC_LOCK(p); - if (!p_cansee(td->td_proc, p) && + if (!p_cansee(td, p) && p->p_ucred->cr_uid == uap->who && p->p_ksegrp.kg_nice /* XXXKSE */ < low) low = p->p_ksegrp.kg_nice /* XXXKSE */ ; @@ -190,7 +190,7 @@ setpriority(td, uap) p = pfind(uap->who); if (p == 0) break; - if (p_cansee(td->td_proc, p) == 0) + if (p_cansee(td, p) == 0) error = donice(td, p, uap->prio); PROC_UNLOCK(p); } @@ -214,7 +214,7 @@ setpriority(td, uap) sx_sunlock(&proctree_lock); LIST_FOREACH(p, &pg->pg_members, p_pglist) { PROC_LOCK(p); - if (!p_cansee(td->td_proc, p)) { + if (!p_cansee(td, p)) { error = donice(td, p, uap->prio); found++; } @@ -231,7 +231,7 @@ setpriority(td, uap) FOREACH_PROC_IN_SYSTEM(p) { PROC_LOCK(p); if (p->p_ucred->cr_uid == uap->who && - !p_cansee(td->td_proc, p)) { + !p_cansee(td, p)) { error = donice(td, p, uap->prio); found++; } @@ -259,7 +259,7 @@ donice(td, chgp, n) int error; PROC_LOCK_ASSERT(chgp, MA_OWNED); - if ((error = p_cansched(td->td_proc, chgp))) + if ((error = p_cansched(td, chgp))) return (error); if (n > PRIO_MAX) n = PRIO_MAX; @@ -314,7 +314,7 @@ rtprio(td, uap) switch (uap->function) { case RTP_LOOKUP: - if ((error = p_cansee(td->td_proc, p))) + if ((error = p_cansee(td, p))) break; mtx_lock_spin(&sched_lock); pri_to_rtp(&p->p_ksegrp /* XXXKSE */ , &rtp); @@ -322,7 +322,7 @@ rtprio(td, uap) PROC_UNLOCK(p); return (copyout(&rtp, uap->rtp, sizeof(struct rtprio))); case RTP_SET: - if ((error = p_cansched(td->td_proc, p)) || (error = cierror)) + if ((error = p_cansched(td, p)) || (error = cierror)) break; /* disallow setting rtprio in most cases if not superuser */ if (suser(td) != 0) { diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 3b01366..2a57c91 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1012,7 +1012,7 @@ killpg1(td, sig, pgid, all) PROC_UNLOCK(p); continue; } - if (p_cansignal(td->td_proc, p, sig) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1046,7 +1046,7 @@ killpg1(td, sig, pgid, all) PROC_UNLOCK(p); continue; } - if (p_cansignal(td->td_proc, p, sig) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1084,8 +1084,7 @@ kill(td, uap) /* kill single process */ if ((p = pfind(uap->pid)) == NULL) { error = ESRCH; - } else if ((error = p_cansignal(td->td_proc, p, uap->signum)) - != 0) { + } else if ((error = p_cansignal(td, p, uap->signum)) != 0) { PROC_UNLOCK(p); } else { if (uap->signum) diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index e6bad42..9e6fdca 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -131,7 +131,7 @@ int sched_setparam(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setparam(&td->td_retval[0], ksched, targettd, @@ -167,7 +167,7 @@ int sched_getparam(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e) goto done2; @@ -209,7 +209,7 @@ int sched_setscheduler(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setscheduler(&td->td_retval[0], ksched, targettd, @@ -244,7 +244,7 @@ int sched_getscheduler(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) e = ksched_getscheduler(&td->td_retval[0], ksched, targettd); @@ -320,7 +320,7 @@ int sched_rr_get_interval(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_rr_get_interval(&td->td_retval[0], ksched, targettd, diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 6faf442..6fc7417 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -388,12 +388,12 @@ ptrace(struct thread *td, struct ptrace_args *uap) return (ESRCH); } } - if (p_cansee(td->td_proc, p)) { + if (p_cansee(td, p)) { error = ESRCH; goto fail; } - if ((error = p_candebug(td->td_proc, p)) != 0) + if ((error = p_candebug(td, p)) != 0) goto fail; /* diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c index e6bad42..9e6fdca 100644 --- a/sys/posix4/p1003_1b.c +++ b/sys/posix4/p1003_1b.c @@ -131,7 +131,7 @@ int sched_setparam(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setparam(&td->td_retval[0], ksched, targettd, @@ -167,7 +167,7 @@ int sched_getparam(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e) goto done2; @@ -209,7 +209,7 @@ int sched_setscheduler(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansched(td->td_proc, targetp); + e = p_cansched(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_setscheduler(&td->td_retval[0], ksched, targettd, @@ -244,7 +244,7 @@ int sched_getscheduler(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) e = ksched_getscheduler(&td->td_retval[0], ksched, targettd); @@ -320,7 +320,7 @@ int sched_rr_get_interval(struct thread *td, targettd = FIRST_THREAD_IN_PROC(targetp); /* XXXKSE */ } - e = p_cansee(td->td_proc, targetp); + e = p_cansee(td, targetp); PROC_UNLOCK(targetp); if (e == 0) { e = ksched_rr_get_interval(&td->td_retval[0], ksched, targettd, diff --git a/sys/security/lomac/kernel_lkm.c b/sys/security/lomac/kernel_lkm.c index 0455c9c..215c3d4 100644 --- a/sys/security/lomac/kernel_lkm.c +++ b/sys/security/lomac/kernel_lkm.c @@ -83,20 +83,18 @@ static dev_t lomac_dev = NULL; int lomac_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, struct thread *td) { struct nameidata nd; - struct proc *p; struct proc *targp; struct lomac_fioctl *fio; lomac_object_t lobj; lattr_t lattr; int error; - p = td->td_proc; switch (cmd) { case LIOGETPLEVEL: targp = pfind(*(int *)data); if (targp == NULL) return (ESRCH); - if (p_cansee(p, targp) != 0) { + if (p_cansee(td, targp) != 0) { PROC_UNLOCK(targp); return (ESRCH); } @@ -138,7 +136,7 @@ lomac_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, struct thread *td) { case LIOPMAKELOWLEVEL: lattr.level = LOMAC_LOWEST_LEVEL; lattr.flags = 0; - set_subject_lattr(p, lattr); + set_subject_lattr(td->td_proc, lattr); return (0); default: return (ENOTTY); diff --git a/sys/sys/proc.h b/sys/sys/proc.h index f69aba6..e440c40 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -716,10 +716,10 @@ void fork_return(struct thread *, struct trapframe *); int inferior(struct proc *p); int leavepgrp(struct proc *p); void mi_switch(void); -int p_candebug(struct proc *p1, struct proc *p2); -int p_cansee(struct proc *p1, struct proc *p2); -int p_cansched(struct proc *p1, struct proc *p2); -int p_cansignal(struct proc *p1, struct proc *p2, int signum); +int p_candebug(struct thread *td, struct proc *p); +int p_cansee(struct thread *td, struct proc *p); +int p_cansched(struct thread *td, struct proc *p); +int p_cansignal(struct thread *td, struct proc *p, int signum); struct pargs *pargs_alloc(int len); void pargs_drop(struct pargs *pa); void pargs_free(struct pargs *pa); |
