Allow accesses of the caller's CPU and domain sets in capability mode.

cpuset_(get|set)(affinity|domain)(2) permit a get or set of the calling thread or process' CPU and domain set in capability mode, but only when the thread or process ID is specified as -1. Extend this to cover the case where the ID actually matches the caller's TID or PID, since some code, such as our pthread_attr_get_np() implementation, always provides an explicit ID. It was not and still is not permitted to access CPU and domain sets for other threads in the same process when the process is in capability mode. This might change in the future. Submitted by: Greg V <greg@unrelenting.technology> (original version) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25552
2020-07-06 16:34:09 +00:00 · 2020-07-06 16:34:09 +00:00 · 69b565d7c0
commit 69b565d7c0
parent cd1c083d80
1 changed files with 3 additions and 1 deletions
--- a/sys/kern/kern_cpuset.c
+++ b/sys/kern/kern_cpuset.c
@ -1595,7 +1595,9 @@ cpuset_check_capabilities(struct thread *td, cpulevel_t level, cpuwhich_t which,
 			return (ECAPMODE);
 		if (which != CPU_WHICH_TID && which != CPU_WHICH_PID)
 			return (ECAPMODE);
-		if (id != -1)
+		if (id != -1 &&
+		    !(which == CPU_WHICH_TID && id == td->td_tid) &&
+		    !(which == CPU_WHICH_PID && id == td->td_proc->p_pid))
 			return (ECAPMODE);
 	}
 	return (0);