freebsd security - Apr 2010 - priv_check: check against alternative td?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

It looks like that we have:

        KASSERT(td == curthread, ("priv_check: td != curthread"));

In priv_check().  I'm wondering why we need this assertion?  i.e.  why
don't we just do priv_check(int priv) and use curthread instead?

Cheers,
- -- 
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!	       Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLvMnbAAoJEATO+BI/yjfBb6MH/j5yANyXX/zgAHm0fLSh9Sdv
gb78sUDTwLO4H6dI88l0uruVEr5W+yznMplfX5d+yWo9A3QR3DTySEkWj0svOEhO
1LhWc7EPI8W6XbJEZy4vfW1LeK10Z3HLkxEycuv0nUT4g1nUGmRz/SfpRqWP79Na
1IOOUh/MSL+OJdwS7HxiqAXVZrCJmE2GGl200opip1TGd4VRQl0+Aab/9p/NY4TK
J/HGzycWmVzda7RfYmEfKP1iqLYd53IoOMDHmlukcpXR00lXqqwUMzrPm0AOJTGL
tcW7N+AqgmKoP1EL8bjtL/c0DFUijU6qqH1whHEAgMhhi/uLoQsyOMwZsCajWB0=uvQn
-----END PGP SIGNATURE-----

On Wed, 7 Apr 2010, Xin LI wrote:
> It looks like that we have:
>
>        KASSERT(td == curthread, ("priv_check: td != curthread"));
>
> In priv_check().  I'm wondering why we need this assertion?  i.e.  why
don't
> we just do priv_check(int priv) and use curthread instead?
Historically, we did allow it, and in principle, we could allow it again.  In 
most cases, it's not safe, but there are also (in theory) plenty where it
is.
Since it wasn't obvious to me that we might not want that in the future, I 
chose to leave the KPI the way it was, rather than cause every consumer piece 
of kernel code, kernel module, etc, change, and provide this safety belt.  My 
current belief is that there's not a strong motivation to cause further 
massive KPI disruption (there are a lot of callers), so I think we should 
leave it as it is.

FWIW, some other systems make a different design choice there (IRIX, for 
example).

Robert