On 06/02/25(Thu) 10:55, Theo de Raadt wrote:
> Martin Pieuchot <mpi@grenadille.net> wrote:
> 
> > I'd rather see a rwlock be used to serialized access to the per-process
> > data structures.  I don't see any reason to use the single thread API
> > for this and I'd rather not spread its usage.  It is already a pain to
> > work with.
> 
> I don't understand why this is needed.

In that case trust me ;)

> unveil and pledge are not performance sensitive and called many times.

Indeed, so a rwlock is perfect for this.

> The single thread API is designed exactly for this. 

No it's not.  The single thread API has not been designed to be
yet-another-magic MP API that will solve all our problems.   In the past
15 years we've been building knowledge and tools to turn subsytems MP
safe using atomic, rwlock, mutexes, SRP and SMR.  We now have tools like
WITNESS that catch these primitives and we now how to document them.

There is no reason to use something else in this case.  How can we believe
that it will be simpler with another API?