Mateusz Guzik <> changed:

           What    |Removed                     |Added
           Assignee|    |
                 CC|                            |

--- Comment #2 from Mateusz Guzik <> ---

The added argument indeed completes part of the task, but the patch is buggy.

You consistently have:

newcred = crget(p->p_ucred->cr_agroups);

However, the stability of p_ucred is protected only with the proc lock held.
That is, by the time you read the address stored in p->p_ucred, the object
stored at that address can be freed. The crget cannot be moved inside because
crget can sleep in an unbound manner, while the lock in question disallows

When dealing with the current process, you can cheat a little and use
td->td_ucred as a source for the number of groups.

Finally, I would argue crget() interface should be left as it is. Instead, a
new function (ncrget?) would be introduced and crget would become a wrapper
which uses the current default number of groups as an argument.

You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to