Module Name: src
Committed By: ad
Date: Wed Oct 4 22:17:10 UTC 2023
Modified Files:
src/share/man/man9: kauth.9
src/sys/kern: kern_auth.c kern_core.c kern_descrip.c kern_exec.c
kern_lwp.c kern_proc.c uipc_socket.c uipc_syscalls.c
src/sys/sys: kauth.h
Log Message:
kauth_cred_hold(): return cred verbatim so that donating a reference to
another data structure can be done more elegantly.
To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 src/share/man/man9/kauth.9
cvs rdiff -u -r1.83 -r1.84 src/sys/kern/kern_auth.c
cvs rdiff -u -r1.38 -r1.39 src/sys/kern/kern_core.c
cvs rdiff -u -r1.261 -r1.262 src/sys/kern/kern_descrip.c
cvs rdiff -u -r1.519 -r1.520 src/sys/kern/kern_exec.c
cvs rdiff -u -r1.262 -r1.263 src/sys/kern/kern_lwp.c
cvs rdiff -u -r1.272 -r1.273 src/sys/kern/kern_proc.c
cvs rdiff -u -r1.304 -r1.305 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.207 -r1.208 src/sys/kern/uipc_syscalls.c
cvs rdiff -u -r1.89 -r1.90 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.113 src/share/man/man9/kauth.9:1.114
--- src/share/man/man9/kauth.9:1.113 Sat Aug 7 03:28:42 2021
+++ src/share/man/man9/kauth.9 Wed Oct 4 22:17:10 2023
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.113 2021/08/07 03:28:42 isaki Exp $
+.\" $NetBSD: kauth.9,v 1.114 2023/10/04 22:17:10 ad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
.\" All rights reserved.
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd August 7, 2021
+.Dd October 4, 2023
.Dt KAUTH 9
.Os
.Sh NAME
@@ -1746,10 +1746,12 @@ LWPs, files, etc.) reference it.
The following routines are available for managing credentials reference
counting:
.Bl -tag -width compact
-.It Ft void Fn kauth_cred_hold "kauth_cred_t cred"
+.It Ft kauth_cred_t Fn kauth_cred_hold "kauth_cred_t cred"
Increases reference count to
.Ar cred
-by one.
+by one and returns
+.Ar cred
+verbatim.
.It Ft void Fn kauth_cred_free "kauth_cred_t cred"
Decreases the reference count to
.Ar cred
Index: src/sys/kern/kern_auth.c
diff -u src/sys/kern/kern_auth.c:1.83 src/sys/kern/kern_auth.c:1.84
--- src/sys/kern/kern_auth.c:1.83 Mon Oct 2 20:59:12 2023
+++ src/sys/kern/kern_auth.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.83 2023/10/02 20:59:12 ad Exp $ */
+/* $NetBSD: kern_auth.c,v 1.84 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.83 2023/10/02 20:59:12 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.84 2023/10/04 22:17:09 ad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -122,7 +122,7 @@ kauth_cred_alloc(void)
}
/* Increment reference count to cred. */
-void
+kauth_cred_t
kauth_cred_hold(kauth_cred_t cred)
{
KASSERT(cred != NULL);
@@ -131,6 +131,7 @@ kauth_cred_hold(kauth_cred_t cred)
KASSERT(cred->cr_refcnt > 0);
atomic_inc_uint(&cred->cr_refcnt);
+ return cred;
}
/* Decrease reference count to cred. If reached zero, free it. */
@@ -237,8 +238,7 @@ kauth_proc_fork(struct proc *parent, str
{
mutex_enter(parent->p_lock);
- kauth_cred_hold(parent->p_cred);
- child->p_cred = parent->p_cred;
+ child->p_cred = kauth_cred_hold(parent->p_cred);
mutex_exit(parent->p_lock);
/* XXX: relies on parent process stalling during fork() */
Index: src/sys/kern/kern_core.c
diff -u src/sys/kern/kern_core.c:1.38 src/sys/kern/kern_core.c:1.39
--- src/sys/kern/kern_core.c:1.38 Tue Jul 11 09:48:56 2023
+++ src/sys/kern/kern_core.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_core.c,v 1.38 2023/07/11 09:48:56 riastradh Exp $ */
+/* $NetBSD: kern_core.c,v 1.39 2023/10/04 22:17:09 ad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1991, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.38 2023/07/11 09:48:56 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.39 2023/10/04 22:17:09 ad Exp $");
#ifdef _KERNEL_OPT
#include "opt_execfmt.h"
@@ -153,8 +153,7 @@ coredump(struct lwp *l, const char *patt
* It may well not be curproc, so grab a reference to its current
* credentials.
*/
- kauth_cred_hold(p->p_cred);
- cred = p->p_cred;
+ cred = kauth_cred_hold(p->p_cred);
/*
* Make sure the process has not set-id, to prevent data leaks,
Index: src/sys/kern/kern_descrip.c
diff -u src/sys/kern/kern_descrip.c:1.261 src/sys/kern/kern_descrip.c:1.262
--- src/sys/kern/kern_descrip.c:1.261 Sat Sep 23 18:21:11 2023
+++ src/sys/kern/kern_descrip.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_descrip.c,v 1.261 2023/09/23 18:21:11 ad Exp $ */
+/* $NetBSD: kern_descrip.c,v 1.262 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.261 2023/09/23 18:21:11 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.262 2023/10/04 22:17:09 ad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1139,8 +1139,7 @@ fd_allocfile(file_t **resultfp, int *res
cred = curlwp->l_cred;
if (__predict_false(cred != fp->f_cred)) {
kauth_cred_free(fp->f_cred);
- kauth_cred_hold(cred);
- fp->f_cred = cred;
+ fp->f_cred = kauth_cred_hold(cred);
}
/*
@@ -1245,8 +1244,7 @@ file_ctor(void *arg, void *obj, int flag
nfiles++;
LIST_INSERT_HEAD(&filehead, fp, f_list);
mutex_init(&fp->f_lock, MUTEX_DEFAULT, IPL_NONE);
- fp->f_cred = curlwp->l_cred;
- kauth_cred_hold(fp->f_cred);
+ fp->f_cred = kauth_cred_hold(curlwp->l_cred);
mutex_exit(&filelist_lock);
return 0;
Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.519 src/sys/kern/kern_exec.c:1.520
--- src/sys/kern/kern_exec.c:1.519 Wed Oct 4 20:29:18 2023
+++ src/sys/kern/kern_exec.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exec.c,v 1.519 2023/10/04 20:29:18 ad Exp $ */
+/* $NetBSD: kern_exec.c,v 1.520 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2008, 2019, 2020 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.519 2023/10/04 20:29:18 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.520 2023/10/04 22:17:09 ad Exp $");
#include "opt_exec.h"
#include "opt_execfmt.h"
@@ -1119,11 +1119,9 @@ credexec(struct lwp *l, struct execve_da
/* Update the master credentials. */
if (l->l_cred != p->p_cred) {
kauth_cred_t ocred;
-
- kauth_cred_hold(l->l_cred);
mutex_enter(p->p_lock);
ocred = p->p_cred;
- p->p_cred = l->l_cred;
+ p->p_cred = kauth_cred_hold(l->l_cred);
mutex_exit(p->p_lock);
kauth_cred_free(ocred);
}
@@ -2754,11 +2752,9 @@ do_posix_spawn(struct lwp *l1, pid_t *pi
/* Update the master credentials. */
if (l2->l_cred != p2->p_cred) {
kauth_cred_t ocred;
-
- kauth_cred_hold(l2->l_cred);
mutex_enter(p2->p_lock);
ocred = p2->p_cred;
- p2->p_cred = l2->l_cred;
+ p2->p_cred = kauth_cred_hold(l2->l_cred);
mutex_exit(p2->p_lock);
kauth_cred_free(ocred);
}
Index: src/sys/kern/kern_lwp.c
diff -u src/sys/kern/kern_lwp.c:1.262 src/sys/kern/kern_lwp.c:1.263
--- src/sys/kern/kern_lwp.c:1.262 Wed Oct 4 20:46:33 2023
+++ src/sys/kern/kern_lwp.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_lwp.c,v 1.262 2023/10/04 20:46:33 ad Exp $ */
+/* $NetBSD: kern_lwp.c,v 1.263 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2001, 2006, 2007, 2008, 2009, 2019, 2020, 2023
@@ -217,7 +217,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_lwp.c,v 1.262 2023/10/04 20:46:33 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_lwp.c,v 1.263 2023/10/04 22:17:09 ad Exp $");
#include "opt_ddb.h"
#include "opt_lockdebug.h"
@@ -377,8 +377,7 @@ lwp0_init(void)
cv_init(&l->l_sigcv, "sigwait");
cv_init(&l->l_waitcv, "vfork");
- kauth_cred_hold(proc0.p_cred);
- l->l_cred = proc0.p_cred;
+ l->l_cred = kauth_cred_hold(proc0.p_cred);
kdtrace_thread_ctor(NULL, l);
lwp_initspecific(l);
@@ -899,7 +898,6 @@ lwp_create(lwp_t *l1, proc_t *p2, vaddr_
kdtrace_thread_ctor(NULL, l2);
lwp_initspecific(l2);
sched_lwp_fork(l1, l2);
- lwp_update_creds(l2);
callout_init(&l2->l_timeout_ch, CALLOUT_MPSAFE);
callout_setfunc(&l2->l_timeout_ch, sleepq_timeout, l2);
cv_init(&l2->l_sigcv, "sigwait");
@@ -923,6 +921,7 @@ lwp_create(lwp_t *l1, proc_t *p2, vaddr_
uvm_lwp_fork(l1, l2, stack, stacksize, func, (arg != NULL) ? arg : l2);
mutex_enter(p2->p_lock);
+ l2->l_cred = kauth_cred_hold(p2->p_cred);
if ((flags & LWP_DETACHED) != 0) {
l2->l_prflag = LPR_DETACHED;
p2->p_ndlwps++;
Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.272 src/sys/kern/kern_proc.c:1.273
--- src/sys/kern/kern_proc.c:1.272 Wed Oct 4 20:28:06 2023
+++ src/sys/kern/kern_proc.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.272 2023/10/04 20:28:06 ad Exp $ */
+/* $NetBSD: kern_proc.c,v 1.273 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008, 2020, 2023
@@ -63,7 +63,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.272 2023/10/04 20:28:06 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.273 2023/10/04 22:17:09 ad Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@@ -1816,8 +1816,7 @@ proc_crmod_enter(void)
/* Ensure the LWP cached credentials are up to date. */
if ((oc = l->l_cred) != p->p_cred) {
- kauth_cred_hold(p->p_cred);
- l->l_cred = p->p_cred;
+ l->l_cred = kauth_cred_hold(p->p_cred);
kauth_cred_free(oc);
}
}
Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.304 src/sys/kern/uipc_socket.c:1.305
--- src/sys/kern/uipc_socket.c:1.304 Thu Sep 7 20:12:33 2023
+++ src/sys/kern/uipc_socket.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_socket.c,v 1.304 2023/09/07 20:12:33 ad Exp $ */
+/* $NetBSD: uipc_socket.c,v 1.305 2023/10/04 22:17:09 ad Exp $ */
/*
* Copyright (c) 2002, 2007, 2008, 2009, 2023 The NetBSD Foundation, Inc.
@@ -71,7 +71,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.304 2023/09/07 20:12:33 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.305 2023/10/04 22:17:09 ad Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -559,7 +559,7 @@ socreate(int dom, struct socket **aso, i
sofree(so);
return error;
}
- kauth_cred_hold(so->so_cred = l->l_cred);
+ so->so_cred = kauth_cred_hold(l->l_cred);
sounlock(so);
*aso = so;
Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.207 src/sys/kern/uipc_syscalls.c:1.208
--- src/sys/kern/uipc_syscalls.c:1.207 Sat Sep 9 18:30:56 2023
+++ src/sys/kern/uipc_syscalls.c Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.207 2023/09/09 18:30:56 ad Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.208 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.207 2023/09/09 18:30:56 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.208 2023/10/04 22:17:09 ad Exp $");
#ifdef _KERNEL_OPT
#include "opt_pipe.h"
@@ -242,7 +242,7 @@ do_sys_accept(struct lwp *l, int sock, s
else
so2->so_state &= ~SS_NBIO;
error = soaccept(so2, name);
- kauth_cred_hold(so2->so_cred = so->so_cred);
+ so2->so_cred = kauth_cred_hold(so->so_cred);
sounlock(so);
if (error) {
/* an error occurred, free the file descriptor and mbuf */
@@ -1697,7 +1697,7 @@ do_sys_peeloff(struct socket *head, void
so->so_state &= ~SS_NOFDREF;
so->so_state &= ~SS_ISCONNECTING;
so->so_head = NULL;
- kauth_cred_hold(so->so_cred = head->so_cred);
+ so->so_cred = kauth_cred_hold(head->so_cred);
nfp->f_socket = so;
nfp->f_flag = FREAD|FWRITE;
nfp->f_ops = &socketops;
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.89 src/sys/sys/kauth.h:1.90
--- src/sys/sys/kauth.h:1.89 Thu Jan 5 18:29:45 2023
+++ src/sys/sys/kauth.h Wed Oct 4 22:17:09 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.89 2023/01/05 18:29:45 jakllsch Exp $ */
+/* $NetBSD: kauth.h,v 1.90 2023/10/04 22:17:09 ad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
@@ -509,7 +509,7 @@ void kauth_cred_setgid(kauth_cred_t, gid
void kauth_cred_setegid(kauth_cred_t, gid_t);
void kauth_cred_setsvgid(kauth_cred_t, gid_t);
-void kauth_cred_hold(kauth_cred_t);
+kauth_cred_t kauth_cred_hold(kauth_cred_t);
u_int kauth_cred_getrefcnt(kauth_cred_t);
int kauth_cred_setgroups(kauth_cred_t, const gid_t *, size_t, uid_t,
