Module Name: src Committed By: ad Date: Wed Oct 4 22:17:10 UTC 2023
Modified Files: src/share/man/man9: kauth.9 src/sys/kern: kern_auth.c kern_core.c kern_descrip.c kern_exec.c kern_lwp.c kern_proc.c uipc_socket.c uipc_syscalls.c src/sys/sys: kauth.h Log Message: kauth_cred_hold(): return cred verbatim so that donating a reference to another data structure can be done more elegantly. To generate a diff of this commit: cvs rdiff -u -r1.113 -r1.114 src/share/man/man9/kauth.9 cvs rdiff -u -r1.83 -r1.84 src/sys/kern/kern_auth.c cvs rdiff -u -r1.38 -r1.39 src/sys/kern/kern_core.c cvs rdiff -u -r1.261 -r1.262 src/sys/kern/kern_descrip.c cvs rdiff -u -r1.519 -r1.520 src/sys/kern/kern_exec.c cvs rdiff -u -r1.262 -r1.263 src/sys/kern/kern_lwp.c cvs rdiff -u -r1.272 -r1.273 src/sys/kern/kern_proc.c cvs rdiff -u -r1.304 -r1.305 src/sys/kern/uipc_socket.c cvs rdiff -u -r1.207 -r1.208 src/sys/kern/uipc_syscalls.c cvs rdiff -u -r1.89 -r1.90 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man9/kauth.9 diff -u src/share/man/man9/kauth.9:1.113 src/share/man/man9/kauth.9:1.114 --- src/share/man/man9/kauth.9:1.113 Sat Aug 7 03:28:42 2021 +++ src/share/man/man9/kauth.9 Wed Oct 4 22:17:10 2023 @@ -1,4 +1,4 @@ -.\" $NetBSD: kauth.9,v 1.113 2021/08/07 03:28:42 isaki Exp $ +.\" $NetBSD: kauth.9,v 1.114 2023/10/04 22:17:10 ad Exp $ .\" .\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd August 7, 2021 +.Dd October 4, 2023 .Dt KAUTH 9 .Os .Sh NAME @@ -1746,10 +1746,12 @@ LWPs, files, etc.) reference it. The following routines are available for managing credentials reference counting: .Bl -tag -width compact -.It Ft void Fn kauth_cred_hold "kauth_cred_t cred" +.It Ft kauth_cred_t Fn kauth_cred_hold "kauth_cred_t cred" Increases reference count to .Ar cred -by one. +by one and returns +.Ar cred +verbatim. .It Ft void Fn kauth_cred_free "kauth_cred_t cred" Decreases the reference count to .Ar cred Index: src/sys/kern/kern_auth.c diff -u src/sys/kern/kern_auth.c:1.83 src/sys/kern/kern_auth.c:1.84 --- src/sys/kern/kern_auth.c:1.83 Mon Oct 2 20:59:12 2023 +++ src/sys/kern/kern_auth.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_auth.c,v 1.83 2023/10/02 20:59:12 ad Exp $ */ +/* $NetBSD: kern_auth.c,v 1.84 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -28,7 +28,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.83 2023/10/02 20:59:12 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.84 2023/10/04 22:17:09 ad Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -122,7 +122,7 @@ kauth_cred_alloc(void) } /* Increment reference count to cred. */ -void +kauth_cred_t kauth_cred_hold(kauth_cred_t cred) { KASSERT(cred != NULL); @@ -131,6 +131,7 @@ kauth_cred_hold(kauth_cred_t cred) KASSERT(cred->cr_refcnt > 0); atomic_inc_uint(&cred->cr_refcnt); + return cred; } /* Decrease reference count to cred. If reached zero, free it. */ @@ -237,8 +238,7 @@ kauth_proc_fork(struct proc *parent, str { mutex_enter(parent->p_lock); - kauth_cred_hold(parent->p_cred); - child->p_cred = parent->p_cred; + child->p_cred = kauth_cred_hold(parent->p_cred); mutex_exit(parent->p_lock); /* XXX: relies on parent process stalling during fork() */ Index: src/sys/kern/kern_core.c diff -u src/sys/kern/kern_core.c:1.38 src/sys/kern/kern_core.c:1.39 --- src/sys/kern/kern_core.c:1.38 Tue Jul 11 09:48:56 2023 +++ src/sys/kern/kern_core.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_core.c,v 1.38 2023/07/11 09:48:56 riastradh Exp $ */ +/* $NetBSD: kern_core.c,v 1.39 2023/10/04 22:17:09 ad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1991, 1993 @@ -37,7 +37,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.38 2023/07/11 09:48:56 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_core.c,v 1.39 2023/10/04 22:17:09 ad Exp $"); #ifdef _KERNEL_OPT #include "opt_execfmt.h" @@ -153,8 +153,7 @@ coredump(struct lwp *l, const char *patt * It may well not be curproc, so grab a reference to its current * credentials. */ - kauth_cred_hold(p->p_cred); - cred = p->p_cred; + cred = kauth_cred_hold(p->p_cred); /* * Make sure the process has not set-id, to prevent data leaks, Index: src/sys/kern/kern_descrip.c diff -u src/sys/kern/kern_descrip.c:1.261 src/sys/kern/kern_descrip.c:1.262 --- src/sys/kern/kern_descrip.c:1.261 Sat Sep 23 18:21:11 2023 +++ src/sys/kern/kern_descrip.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_descrip.c,v 1.261 2023/09/23 18:21:11 ad Exp $ */ +/* $NetBSD: kern_descrip.c,v 1.262 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc. @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.261 2023/09/23 18:21:11 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.262 2023/10/04 22:17:09 ad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -1139,8 +1139,7 @@ fd_allocfile(file_t **resultfp, int *res cred = curlwp->l_cred; if (__predict_false(cred != fp->f_cred)) { kauth_cred_free(fp->f_cred); - kauth_cred_hold(cred); - fp->f_cred = cred; + fp->f_cred = kauth_cred_hold(cred); } /* @@ -1245,8 +1244,7 @@ file_ctor(void *arg, void *obj, int flag nfiles++; LIST_INSERT_HEAD(&filehead, fp, f_list); mutex_init(&fp->f_lock, MUTEX_DEFAULT, IPL_NONE); - fp->f_cred = curlwp->l_cred; - kauth_cred_hold(fp->f_cred); + fp->f_cred = kauth_cred_hold(curlwp->l_cred); mutex_exit(&filelist_lock); return 0; Index: src/sys/kern/kern_exec.c diff -u src/sys/kern/kern_exec.c:1.519 src/sys/kern/kern_exec.c:1.520 --- src/sys/kern/kern_exec.c:1.519 Wed Oct 4 20:29:18 2023 +++ src/sys/kern/kern_exec.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.519 2023/10/04 20:29:18 ad Exp $ */ +/* $NetBSD: kern_exec.c,v 1.520 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2008, 2019, 2020 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.519 2023/10/04 20:29:18 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.520 2023/10/04 22:17:09 ad Exp $"); #include "opt_exec.h" #include "opt_execfmt.h" @@ -1119,11 +1119,9 @@ credexec(struct lwp *l, struct execve_da /* Update the master credentials. */ if (l->l_cred != p->p_cred) { kauth_cred_t ocred; - - kauth_cred_hold(l->l_cred); mutex_enter(p->p_lock); ocred = p->p_cred; - p->p_cred = l->l_cred; + p->p_cred = kauth_cred_hold(l->l_cred); mutex_exit(p->p_lock); kauth_cred_free(ocred); } @@ -2754,11 +2752,9 @@ do_posix_spawn(struct lwp *l1, pid_t *pi /* Update the master credentials. */ if (l2->l_cred != p2->p_cred) { kauth_cred_t ocred; - - kauth_cred_hold(l2->l_cred); mutex_enter(p2->p_lock); ocred = p2->p_cred; - p2->p_cred = l2->l_cred; + p2->p_cred = kauth_cred_hold(l2->l_cred); mutex_exit(p2->p_lock); kauth_cred_free(ocred); } Index: src/sys/kern/kern_lwp.c diff -u src/sys/kern/kern_lwp.c:1.262 src/sys/kern/kern_lwp.c:1.263 --- src/sys/kern/kern_lwp.c:1.262 Wed Oct 4 20:46:33 2023 +++ src/sys/kern/kern_lwp.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_lwp.c,v 1.262 2023/10/04 20:46:33 ad Exp $ */ +/* $NetBSD: kern_lwp.c,v 1.263 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2001, 2006, 2007, 2008, 2009, 2019, 2020, 2023 @@ -217,7 +217,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_lwp.c,v 1.262 2023/10/04 20:46:33 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_lwp.c,v 1.263 2023/10/04 22:17:09 ad Exp $"); #include "opt_ddb.h" #include "opt_lockdebug.h" @@ -377,8 +377,7 @@ lwp0_init(void) cv_init(&l->l_sigcv, "sigwait"); cv_init(&l->l_waitcv, "vfork"); - kauth_cred_hold(proc0.p_cred); - l->l_cred = proc0.p_cred; + l->l_cred = kauth_cred_hold(proc0.p_cred); kdtrace_thread_ctor(NULL, l); lwp_initspecific(l); @@ -899,7 +898,6 @@ lwp_create(lwp_t *l1, proc_t *p2, vaddr_ kdtrace_thread_ctor(NULL, l2); lwp_initspecific(l2); sched_lwp_fork(l1, l2); - lwp_update_creds(l2); callout_init(&l2->l_timeout_ch, CALLOUT_MPSAFE); callout_setfunc(&l2->l_timeout_ch, sleepq_timeout, l2); cv_init(&l2->l_sigcv, "sigwait"); @@ -923,6 +921,7 @@ lwp_create(lwp_t *l1, proc_t *p2, vaddr_ uvm_lwp_fork(l1, l2, stack, stacksize, func, (arg != NULL) ? arg : l2); mutex_enter(p2->p_lock); + l2->l_cred = kauth_cred_hold(p2->p_cred); if ((flags & LWP_DETACHED) != 0) { l2->l_prflag = LPR_DETACHED; p2->p_ndlwps++; Index: src/sys/kern/kern_proc.c diff -u src/sys/kern/kern_proc.c:1.272 src/sys/kern/kern_proc.c:1.273 --- src/sys/kern/kern_proc.c:1.272 Wed Oct 4 20:28:06 2023 +++ src/sys/kern/kern_proc.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_proc.c,v 1.272 2023/10/04 20:28:06 ad Exp $ */ +/* $NetBSD: kern_proc.c,v 1.273 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 1999, 2006, 2007, 2008, 2020, 2023 @@ -63,7 +63,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.272 2023/10/04 20:28:06 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.273 2023/10/04 22:17:09 ad Exp $"); #ifdef _KERNEL_OPT #include "opt_kstack.h" @@ -1816,8 +1816,7 @@ proc_crmod_enter(void) /* Ensure the LWP cached credentials are up to date. */ if ((oc = l->l_cred) != p->p_cred) { - kauth_cred_hold(p->p_cred); - l->l_cred = p->p_cred; + l->l_cred = kauth_cred_hold(p->p_cred); kauth_cred_free(oc); } } Index: src/sys/kern/uipc_socket.c diff -u src/sys/kern/uipc_socket.c:1.304 src/sys/kern/uipc_socket.c:1.305 --- src/sys/kern/uipc_socket.c:1.304 Thu Sep 7 20:12:33 2023 +++ src/sys/kern/uipc_socket.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_socket.c,v 1.304 2023/09/07 20:12:33 ad Exp $ */ +/* $NetBSD: uipc_socket.c,v 1.305 2023/10/04 22:17:09 ad Exp $ */ /* * Copyright (c) 2002, 2007, 2008, 2009, 2023 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.304 2023/09/07 20:12:33 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.305 2023/10/04 22:17:09 ad Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -559,7 +559,7 @@ socreate(int dom, struct socket **aso, i sofree(so); return error; } - kauth_cred_hold(so->so_cred = l->l_cred); + so->so_cred = kauth_cred_hold(l->l_cred); sounlock(so); *aso = so; Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.207 src/sys/kern/uipc_syscalls.c:1.208 --- src/sys/kern/uipc_syscalls.c:1.207 Sat Sep 9 18:30:56 2023 +++ src/sys/kern/uipc_syscalls.c Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.207 2023/09/09 18:30:56 ad Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.208 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2008, 2009, 2023 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.207 2023/09/09 18:30:56 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.208 2023/10/04 22:17:09 ad Exp $"); #ifdef _KERNEL_OPT #include "opt_pipe.h" @@ -242,7 +242,7 @@ do_sys_accept(struct lwp *l, int sock, s else so2->so_state &= ~SS_NBIO; error = soaccept(so2, name); - kauth_cred_hold(so2->so_cred = so->so_cred); + so2->so_cred = kauth_cred_hold(so->so_cred); sounlock(so); if (error) { /* an error occurred, free the file descriptor and mbuf */ @@ -1697,7 +1697,7 @@ do_sys_peeloff(struct socket *head, void so->so_state &= ~SS_NOFDREF; so->so_state &= ~SS_ISCONNECTING; so->so_head = NULL; - kauth_cred_hold(so->so_cred = head->so_cred); + so->so_cred = kauth_cred_hold(head->so_cred); nfp->f_socket = so; nfp->f_flag = FREAD|FWRITE; nfp->f_ops = &socketops; Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.89 src/sys/sys/kauth.h:1.90 --- src/sys/sys/kauth.h:1.89 Thu Jan 5 18:29:45 2023 +++ src/sys/sys/kauth.h Wed Oct 4 22:17:09 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.89 2023/01/05 18:29:45 jakllsch Exp $ */ +/* $NetBSD: kauth.h,v 1.90 2023/10/04 22:17:09 ad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -509,7 +509,7 @@ void kauth_cred_setgid(kauth_cred_t, gid void kauth_cred_setegid(kauth_cred_t, gid_t); void kauth_cred_setsvgid(kauth_cred_t, gid_t); -void kauth_cred_hold(kauth_cred_t); +kauth_cred_t kauth_cred_hold(kauth_cred_t); u_int kauth_cred_getrefcnt(kauth_cred_t); int kauth_cred_setgroups(kauth_cred_t, const gid_t *, size_t, uid_t,