Re: More duplicate code, vnode locking question

[Elad Efrat <elad%NetBSD.org@localhost>]

On Sat, Apr 25, 2009 at 11:44 PM, Andrew Doran <ad%netbsd.org@localhost> wrote:
> On Thu, Apr 23, 2009 at 02:56:49AM +0300, Elad Efrat wrote:
>
>> +     error = genfs_can_mount(devvp, VREAD, l->l_cred);
>
> FYI l->l_cred used outside core kernel code (basically in anything that
> could be loaded as a module) should be kauth_cred_get() to reduce exposure
> to 'struct lwp'.

Do we want to include such changes as part of larger commits, or do
them independently? I think the latter, as it's easier to inspect
and make sure they're correct (ie., maybe not all "l->l_cred" is
equal to the result of kauth_cred_get()? think of functions that
take more than one lwp).

That said, I don't mind going over the changes I just did and use
kauth_cred_get() instead of l->l_cred. Btw, maybe we should collect
all those notes and FYIs to a single document? (unless we already
have one that I'm not aware of :)

>> +                      *
>> +                      * Permission to update a mount is checked higher, so 
>> here we presume
>> +                      * updating the mount is okay (for example, as far as 
>> securelevel goes)
>> +                      * which leaves us with the normal check.
>>                        */
>
> http://nxr.netbsd.org/source/xref/share/misc/style#47

Slipped in, sorry about that. Fixed.

Thanks,

-e.