[src/trunk]: src/sys Move sched policy back to the subsystem.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys Move sched policy back to the subsystem.
From: elad <elad%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 17:58:41 +0000

details:   https://anonhg.NetBSD.org/src/rev/d5d6a8e397be
branches:  trunk
changeset: 747840:d5d6a8e397be
user:      elad <elad%NetBSD.org@localhost>
date:      Sat Oct 03 01:30:25 2009 +0000

description:
Move sched policy back to the subsystem.

diffstat:

 sys/kern/kern_synch.c               |  59 +++++++++++++++++++++++++++++++++++-
 sys/secmodel/suser/secmodel_suser.c |  33 +-------------------
 2 files changed, 59 insertions(+), 33 deletions(-)

diffs (156 lines):

diff -r 44fe1f6601aa -r d5d6a8e397be sys/kern/kern_synch.c
--- a/sys/kern/kern_synch.c     Sat Oct 03 00:37:01 2009 +0000
+++ b/sys/kern/kern_synch.c     Sat Oct 03 01:30:25 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $    */
+/*     $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $    */
 
 /*-
  * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $");
 
 #include "opt_kstack.h"
 #include "opt_perfctrs.h"
@@ -97,6 +97,7 @@
 #include <sys/lwpctl.h>
 #include <sys/atomic.h>
 #include <sys/simplelock.h>
+#include <sys/kauth.h>
 
 #include <uvm/uvm_extern.h>
 
@@ -127,6 +128,8 @@
 unsigned       sched_pstats_ticks;
 kcondvar_t     lbolt;                  /* once a second sleep address */
 
+kauth_listener_t       sched_listener;
+
 /* Preemption event counters */
 static struct evcnt kpreempt_ev_crit;
 static struct evcnt kpreempt_ev_klock;
@@ -142,6 +145,55 @@
  */
 int    safepri;
 
+static int
+sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       struct proc *p;
+       int result;
+
+       result = KAUTH_RESULT_DEFER;
+       p = arg0;
+
+       switch (action) {
+       case KAUTH_PROCESS_SCHEDULER_GETPARAM:
+               if (kauth_cred_uidmatch(cred, p->p_cred))
+                       result = KAUTH_RESULT_ALLOW;
+               break;
+
+       case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+               if (kauth_cred_uidmatch(cred, p->p_cred)) {
+                       struct lwp *l;
+                       int policy;
+                       pri_t priority;
+
+                       l = arg1;
+                       policy = (int)(unsigned long)arg2;
+                       priority = (pri_t)(unsigned long)arg3;
+
+                       if ((policy == l->l_class ||
+                           (policy != SCHED_FIFO && policy != SCHED_RR)) &&
+                           priority <= l->l_priority)
+                               result = KAUTH_RESULT_ALLOW;
+               }
+
+               break;
+
+       case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
+               result = KAUTH_RESULT_ALLOW;
+               break;
+
+       case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
+               /* Privileged; we let the secmodel handle this. */
+               break;
+
+       default:
+               break;
+       }
+
+       return result;
+}
+
 void
 sched_init(void)
 {
@@ -158,6 +210,9 @@
           "kpreempt", "immediate");
 
        sched_pstats(NULL);
+
+       sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+           sched_listener_cb, NULL);
 }
 
 /*
diff -r 44fe1f6601aa -r d5d6a8e397be sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 00:37:01 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 01:30:25 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -623,36 +623,7 @@
                }
 
        case KAUTH_PROCESS_SCHEDULER_GETPARAM:
-               if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
-                       result = KAUTH_RESULT_ALLOW;
-
-               break;
-
        case KAUTH_PROCESS_SCHEDULER_SETPARAM:
-               if (isroot)
-                       result = KAUTH_RESULT_ALLOW;
-               else if (kauth_cred_uidmatch(cred, p->p_cred)) {
-                       struct lwp *l;
-                       int policy;
-                       pri_t priority;
-
-                       l = arg1;
-                       policy = (int)(unsigned long)arg2;
-                       priority = (pri_t)(unsigned long)arg3;
-
-                       if ((policy == l->l_class ||
-                           (policy != SCHED_FIFO && policy != SCHED_RR)) &&
-                           priority <= l->l_priority)
-                               result = KAUTH_RESULT_ALLOW;
-               }
-
-               break;
-
-       case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
-               result = KAUTH_RESULT_ALLOW;
-
-               break;
-
        case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
                if (isroot)
                        result = KAUTH_RESULT_ALLOW;

Prev by Date: [src/trunk]: src/sys Move firewall/NAT policy back to respective subsystems (...
Next by Date: [src/trunk]: src/sys Finish moving socket policy to the subsystem.
Previous by Thread: [src/trunk]: src/sys Move firewall/NAT policy back to respective subsystems (...
Next by Thread: [src/trunk]: src/sys Finish moving socket policy to the subsystem.
Indexes:

Home | Main Index | Thread Index | Old Index