diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-11-03 16:14:14 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-11-03 16:14:14 +0000 |
| commit | ad8da678476a4b0885d8950a08994ec4d9f0746d (patch) | |
| tree | db6859530fa887a30b11f3fd4b15f0e31d416d46 | |
| parent | Ignore disks whose media is not present. (diff) | |
| download | wireguard-openbsd-ad8da678476a4b0885d8950a08994ec4d9f0746d.tar.xz wireguard-openbsd-ad8da678476a4b0885d8950a08994ec4d9f0746d.zip | |
pledge_aftersyscall has been reduced to one case, "getpw", to open a
window for chatting to ypserv. This can be done in pledge_namei, so
improve system call performance by removing the pledge_aftersyscall hook.
ok semarie
| -rw-r--r-- | sys/kern/kern_pledge.c | 21 | ||||
| -rw-r--r-- | sys/sys/proc.h | 3 | ||||
| -rw-r--r-- | sys/sys/syscall_mi.h | 4 |
3 files changed, 13 insertions, 15 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 35fc3485d8b..c9e3a48a7b0 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.101 2015/11/02 23:17:23 tedu Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.102 2015/11/03 16:14:14 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -523,7 +523,6 @@ sys_pledge(struct proc *p, void *v, register_t *retval) int pledge_syscall(struct proc *p, int code, int *tval) { - p->p_pledgeafter = 0; /* XX optimise? */ p->p_pledge_syscall = code; *tval = 0; @@ -664,7 +663,16 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath) if ((ni->ni_pledge == PLEDGE_RPATH) && (p->p_p->ps_pledge & PLEDGE_GETPW)) { if (strcmp(path, "/var/run/ypbind.lock") == 0) { - p->p_pledgeafter |= PLEDGE_YPACTIVE; + /* + * XXX + * The current hack for YP support in "getpw" + * is to enable some "inet" features until + * next pledge call. This is not considered + * worse than pre-pledge, but is a work in + * progress, needing a clever design. + */ + atomic_setbits_int(&p->p_p->ps_pledge, + PLEDGE_YPACTIVE | PLEDGE_INET); return (0); } if (strncmp(path, "/var/yp/binding/", @@ -808,13 +816,6 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath) return (0); } -void -pledge_aftersyscall(struct proc *p, int code, int error) -{ - if ((p->p_pledgeafter & PLEDGE_YPACTIVE) && error == 0) - atomic_setbits_int(&p->p_p->ps_pledge, PLEDGE_YPACTIVE | PLEDGE_INET); -} - /* * Only allow reception of safe file descriptors. */ diff --git a/sys/sys/proc.h b/sys/sys/proc.h index ebea21de3ad..a6c31faf824 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.211 2015/11/02 16:31:55 semarie Exp $ */ +/* $OpenBSD: proc.h,v 1.212 2015/11/03 16:14:14 deraadt Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -327,7 +327,6 @@ struct proc { char p_comm[MAXCOMLEN+1]; int p_pledge_syscall; /* Cache of current syscall */ - int p_pledgeafter; /* Observance during syscall */ #ifndef __HAVE_MD_TCB void *p_tcb; /* user-space thread-control-block address */ diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h index 089364385b1..75f6745a708 100644 --- a/sys/sys/syscall_mi.h +++ b/sys/sys/syscall_mi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall_mi.h,v 1.14 2015/11/02 23:17:58 tedu Exp $ */ +/* $OpenBSD: syscall_mi.h,v 1.15 2015/11/03 16:14:14 deraadt Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -92,8 +92,6 @@ mi_syscall(struct proc *p, register_t code, const struct sysent *callp, #if NSYSTRACE > 0 done: #endif - if (pledged && p->p_pledgeafter) - pledge_aftersyscall(p, code, error); if (lock) KERNEL_UNLOCK(); |