Atomic operations
In the current design, the user_creds structure is protected against concurrent accesses by the owner process' lock.
Having to make sure the process is locked before accessing its content makes the code both less readable
and prone to locking errors.
Openbsd solves this problem by creating a completely new structure everytime the credentials are updated. Changes
are performed on the new structure, and the pointer to the active struct user_creds (ucred) inside the process is changed
atomically once all operations have been performed. When a function needs to access user credentials, it first stores
the ps_ucreds value at the time of calling, and performs all operations on this saved pointer. struct ucred is reference
counted, and the count should be incremented when fetched.
We should also use this simple lockless design.
Atomic operations
In the current design, the
user_credsstructure is protected against concurrent accesses by the owner process' lock.Having to make sure the process is locked before accessing its content makes the code both less readable
and prone to locking errors.
Openbsd solves this problem by creating a completely new structure everytime the credentials are updated. Changes
are performed on the new structure, and the pointer to the active
struct user_creds(ucred) inside the process is changedatomically once all operations have been performed. When a function needs to access user credentials, it first stores
the
ps_ucredsvalue at the time of calling, and performs all operations on this saved pointer.struct ucredis referencecounted, and the count should be incremented when fetched.
We should also use this simple lockless design.