diff options
| author | alfred <alfred@FreeBSD.org> | 2002-06-19 06:39:25 +0000 |
|---|---|---|
| committer | alfred <alfred@FreeBSD.org> | 2002-06-19 06:39:25 +0000 |
| commit | bfa1cb192ccc7451cb1191150e479dbe394f212f (patch) | |
| tree | eb114f0da986c26c412286c513b7911b9eb0fb74 /sys | |
| parent | 1da636b9f46629c676e995f1e52ba9d553db90c6 (diff) | |
| download | FreeBSD-src-bfa1cb192ccc7451cb1191150e479dbe394f212f.zip FreeBSD-src-bfa1cb192ccc7451cb1191150e479dbe394f212f.tar.gz | |
Squish the "could sleep with process lock" messages caused by calling
uifind() with a proc lock held.
change_ruid() and change_euid() have been modified to take a uidinfo
structure which will be pre-allocated by callers, they will then
call uihold() on the uidinfo structure so that the caller's logic
is simplified.
This allows one to call uifind() before locking the proc struct and
thereby avoid a potential blocking allocation with the proc lock
held.
This may need revisiting, perhaps keeping a spare uidinfo allocated
per process to handle this situation or re-examining if the proc
lock needs to be held over the entire operation of changing real
or effective user id.
Submitted by: Don Lewis <dl-freebsd@catspoiler.org>
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/alpha/osf1/osf1_misc.c | 8 | ||||
| -rw-r--r-- | sys/kern/kern_exec.c | 5 | ||||
| -rw-r--r-- | sys/kern/kern_prot.c | 54 | ||||
| -rw-r--r-- | sys/sys/ucred.h | 4 |
4 files changed, 52 insertions, 19 deletions
diff --git a/sys/alpha/osf1/osf1_misc.c b/sys/alpha/osf1/osf1_misc.c index 8a89891..0b74fab 100644 --- a/sys/alpha/osf1/osf1_misc.c +++ b/sys/alpha/osf1/osf1_misc.c @@ -1056,17 +1056,20 @@ osf1_setuid(td, uap) struct proc *p; int error; uid_t uid; + struct uidinfo *uip; struct ucred *newcred, *oldcred; p = td->td_proc; uid = SCARG(uap, uid); newcred = crget(); + uip = uifind(uid); PROC_LOCK(p); oldcred = p->p_ucred; if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 && uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) { PROC_UNLOCK(p); + uifree(uip); crfree(newcred); return (error); } @@ -1074,7 +1077,7 @@ osf1_setuid(td, uap) crcopy(newcred, oldcred); if (error == 0) { if (uid != oldcred->cr_ruid) { - change_ruid(newcred, uid); + change_ruid(newcred, uip); setsugid(p); } if (oldcred->cr_svuid != uid) { @@ -1083,11 +1086,12 @@ osf1_setuid(td, uap) } } if (newcred->cr_uid != uid) { - change_euid(newcred, uid); + change_euid(newcred, uip); setsugid(p); } p->p_ucred = newcred; PROC_UNLOCK(p); + uifree(uip); crfree(oldcred); return (0); } diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 913f951..39da17e 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -128,6 +128,7 @@ execve(td, uap) struct proc *p = td->td_proc; struct nameidata nd, *ndp; struct ucred *newcred = NULL, *oldcred; + struct uidinfo *euip; register_t *stack_base; int error, len, i; struct image_params image_params, *imgp; @@ -303,6 +304,7 @@ interpret: * Malloc things before we need locks. */ newcred = crget(); + euip = uifind(attr.va_uid); i = imgp->endargs - imgp->stringbase; if (ps_arg_cache_limit >= i + sizeof(struct pargs)) newargs = pargs_alloc(i); @@ -390,7 +392,7 @@ interpret: */ crcopy(newcred, oldcred); if (attr.va_mode & VSUID) - change_euid(newcred, attr.va_uid); + change_euid(newcred, euip); if (attr.va_mode & VSGID) change_egid(newcred, attr.va_gid); setugidsafety(td); @@ -472,6 +474,7 @@ interpret: /* * Free any resources malloc'd earlier that we didn't use. */ + uifree(euip); if (newcred == NULL) crfree(oldcred); else diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index cadfd62..20273ce 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -503,11 +503,13 @@ setuid(struct thread *td, struct setuid_args *uap) struct proc *p = td->td_proc; struct ucred *newcred, *oldcred; uid_t uid; + struct uidinfo *uip; int error; mtx_lock(&Giant); uid = uap->uid; newcred = crget(); + uip = uifind(uid); PROC_LOCK(p); oldcred = p->p_ucred; @@ -537,11 +539,15 @@ setuid(struct thread *td, struct setuid_args *uap) #endif (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { PROC_UNLOCK(p); + uifree(uip); crfree(newcred); mtx_unlock(&Giant); return (error); } + /* + * Copy credentials so other references do not see our changes. + */ crcopy(newcred, oldcred); #ifdef _POSIX_SAVED_IDS /* @@ -559,7 +565,7 @@ setuid(struct thread *td, struct setuid_args *uap) * Set the real uid and transfer proc count to new user. */ if (uid != oldcred->cr_ruid) { - change_ruid(newcred, uid); + change_ruid(newcred, uip); setsugid(p); } /* @@ -577,14 +583,14 @@ setuid(struct thread *td, struct setuid_args *uap) /* * In all permitted cases, we are changing the euid. - * Copy credentials so other references do not see our changes. */ if (uid != oldcred->cr_uid) { - change_euid(newcred, uid); + change_euid(newcred, uip); setsugid(p); } p->p_ucred = newcred; PROC_UNLOCK(p); + uifree(uip); crfree(oldcred); mtx_unlock(&Giant); return (0); @@ -605,17 +611,20 @@ seteuid(struct thread *td, struct seteuid_args *uap) struct proc *p = td->td_proc; struct ucred *newcred, *oldcred; uid_t euid; + struct uidinfo *euip; int error; euid = uap->euid; mtx_lock(&Giant); newcred = crget(); + euip = uifind(euid); PROC_LOCK(p); oldcred = p->p_ucred; if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { PROC_UNLOCK(p); + uifree(euip); crfree(newcred); mtx_unlock(&Giant); return (error); @@ -626,11 +635,12 @@ seteuid(struct thread *td, struct seteuid_args *uap) */ crcopy(newcred, oldcred); if (oldcred->cr_uid != euid) { - change_euid(newcred, euid); + change_euid(newcred, euip); setsugid(p); } p->p_ucred = newcred; PROC_UNLOCK(p); + uifree(euip); crfree(oldcred); mtx_unlock(&Giant); return (0); @@ -858,12 +868,15 @@ setreuid(register struct thread *td, struct setreuid_args *uap) struct proc *p = td->td_proc; struct ucred *newcred, *oldcred; uid_t euid, ruid; + struct uidinfo *euip, *ruip; int error; euid = uap->euid; ruid = uap->ruid; mtx_lock(&Giant); newcred = crget(); + euip = uifind(euid); + ruip = uifind(ruid); PROC_LOCK(p); oldcred = p->p_ucred; if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && @@ -872,17 +885,19 @@ setreuid(register struct thread *td, struct setreuid_args *uap) euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { PROC_UNLOCK(p); + uifree(ruip); + uifree(euip); crfree(newcred); mtx_unlock(&Giant); return (error); } crcopy(newcred, oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { - change_euid(newcred, euid); + change_euid(newcred, euip); setsugid(p); } if (ruid != (uid_t)-1 && oldcred->cr_ruid != ruid) { - change_ruid(newcred, ruid); + change_ruid(newcred, ruip); setsugid(p); } if ((ruid != (uid_t)-1 || newcred->cr_uid != newcred->cr_ruid) && @@ -892,6 +907,8 @@ setreuid(register struct thread *td, struct setreuid_args *uap) } p->p_ucred = newcred; PROC_UNLOCK(p); + uifree(ruip); + uifree(euip); crfree(oldcred); mtx_unlock(&Giant); return (0); @@ -975,6 +992,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap) struct proc *p = td->td_proc; struct ucred *newcred, *oldcred; uid_t euid, ruid, suid; + struct uidinfo *euip, *ruip; int error; euid = uap->euid; @@ -982,6 +1000,8 @@ setresuid(register struct thread *td, struct setresuid_args *uap) suid = uap->suid; mtx_lock(&Giant); newcred = crget(); + euip = uifind(euid); + ruip = uifind(ruid); PROC_LOCK(p); oldcred = p->p_ucred; if (((ruid != (uid_t)-1 && ruid != oldcred->cr_ruid && @@ -995,6 +1015,8 @@ setresuid(register struct thread *td, struct setresuid_args *uap) suid != oldcred->cr_uid)) && (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { PROC_UNLOCK(p); + uifree(ruip); + uifree(euip); crfree(newcred); mtx_unlock(&Giant); return (error); @@ -1002,11 +1024,11 @@ setresuid(register struct thread *td, struct setresuid_args *uap) crcopy(newcred, oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { - change_euid(newcred, euid); + change_euid(newcred, euip); setsugid(p); } if (ruid != (uid_t)-1 && oldcred->cr_ruid != ruid) { - change_ruid(newcred, ruid); + change_ruid(newcred, ruip); setsugid(p); } if (suid != (uid_t)-1 && oldcred->cr_svuid != suid) { @@ -1015,6 +1037,8 @@ setresuid(register struct thread *td, struct setresuid_args *uap) } p->p_ucred = newcred; PROC_UNLOCK(p); + uifree(ruip); + uifree(euip); crfree(oldcred); mtx_unlock(&Giant); return (0); @@ -1876,12 +1900,13 @@ setsugid(struct proc *p) * duration of the call. */ void -change_euid(struct ucred *newcred, uid_t euid) +change_euid(struct ucred *newcred, struct uidinfo *euip) { - newcred->cr_uid = euid; + newcred->cr_uid = euip->ui_uid; + uihold(euip); uifree(newcred->cr_uidinfo); - newcred->cr_uidinfo = uifind(euid); + newcred->cr_uidinfo = euip; } /*- @@ -1906,13 +1931,14 @@ change_egid(struct ucred *newcred, gid_t egid) * duration of the call. */ void -change_ruid(struct ucred *newcred, uid_t ruid) +change_ruid(struct ucred *newcred, struct uidinfo *ruip) { (void)chgproccnt(newcred->cr_ruidinfo, -1, 0); - newcred->cr_ruid = ruid; + newcred->cr_ruid = ruip->ui_uid; + uihold(ruip); uifree(newcred->cr_ruidinfo); - newcred->cr_ruidinfo = uifind(ruid); + newcred->cr_ruidinfo = ruip; (void)chgproccnt(newcred->cr_ruidinfo, 1, 0); } diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index bb2cd5b..26afb36 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -85,9 +85,9 @@ void cred_free_thread(struct thread *td); #endif void cred_update_thread(struct thread *td); void change_egid(struct ucred *newcred, gid_t egid); -void change_euid(struct ucred *newcred, uid_t euid); +void change_euid(struct ucred *newcred, struct uidinfo *euip); void change_rgid(struct ucred *newcred, gid_t rgid); -void change_ruid(struct ucred *newcred, uid_t ruid); +void change_ruid(struct ucred *newcred, struct uidinfo *ruip); void change_svgid(struct ucred *newcred, gid_t svgid); void change_svuid(struct ucred *newcred, uid_t svuid); void crcopy(struct ucred *dest, struct ucred *src); |
