From: Martin Pieuchot Subject: Re: patch: relax ni_pledge panic To: Mark Kettenis , semarie@kapouay.eu.org, tech@openbsd.org Date: Mon, 10 Feb 2025 12:31:44 +0100 On 06/02/25(Thu) 10:55, Theo de Raadt wrote: > Martin Pieuchot wrote: > > > I'd rather see a rwlock be used to serialized access to the per-process > > data structures. I don't see any reason to use the single thread API > > for this and I'd rather not spread its usage. It is already a pain to > > work with. > > I don't understand why this is needed. In that case trust me ;) > unveil and pledge are not performance sensitive and called many times. Indeed, so a rwlock is perfect for this. > The single thread API is designed exactly for this. No it's not. The single thread API has not been designed to be yet-another-magic MP API that will solve all our problems. In the past 15 years we've been building knowledge and tools to turn subsytems MP safe using atomic, rwlock, mutexes, SRP and SMR. We now have tools like WITNESS that catch these primitives and we now how to document them. There is no reason to use something else in this case. How can we believe that it will be simpler with another API?