From 69b565d7c041c23bc6fa7e32d4e91ce3c6b94918 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Mon, 6 Jul 2020 16:34:09 +0000 Subject: [PATCH] Allow accesses of the caller's CPU and domain sets in capability mode. cpuset_(get|set)(affinity|domain)(2) permit a get or set of the calling thread or process' CPU and domain set in capability mode, but only when the thread or process ID is specified as -1. Extend this to cover the case where the ID actually matches the caller's TID or PID, since some code, such as our pthread_attr_get_np() implementation, always provides an explicit ID. It was not and still is not permitted to access CPU and domain sets for other threads in the same process when the process is in capability mode. This might change in the future. Submitted by: Greg V (original version) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25552 --- sys/kern/kern_cpuset.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c index d134e23d7187..681fce456d40 100644 --- a/sys/kern/kern_cpuset.c +++ b/sys/kern/kern_cpuset.c @@ -1595,7 +1595,9 @@ cpuset_check_capabilities(struct thread *td, cpulevel_t level, cpuwhich_t which, return (ECAPMODE); if (which != CPU_WHICH_TID && which != CPU_WHICH_PID) return (ECAPMODE); - if (id != -1) + if (id != -1 && + !(which == CPU_WHICH_TID && id == td->td_tid) && + !(which == CPU_WHICH_PID && id == td->td_proc->p_pid)) return (ECAPMODE); } return (0);