From owner-cvs-all  Mon Sep 30 21:30:21 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3CE9037B401; Mon, 30 Sep 2002 21:30:20 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 010E343E42; Mon, 30 Sep 2002 21:30:20 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g914UJCo033218;
	Mon, 30 Sep 2002 21:30:19 -0700 (PDT)
	(envelope-from rwatson@freefall.freebsd.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g914UJf0033214;
	Mon, 30 Sep 2002 21:30:19 -0700 (PDT)
Message-Id: <200210010430.g914UJf0033214@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 30 Sep 2002 21:30:19 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern kern_mac.c sys_pipe.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2002/09/30 21:30:19 PDT

  Modified files:
    sys/kern             kern_mac.c sys_pipe.c 
  Log:
  Improve locking of pipe mutexes in the context of MAC:
  
  (1) Where previously the pipe mutex was selectively grabbed during
      pipe_ioctl(), now always grab it and then release if if not
      needed.  This protects the call to mac_check_pipe_ioctl() to
      make sure the label remains consistent.  (Note: it looks
      like sigio locking may be incorrect for fgetown() since we
      call it not-by-reference and sigio locking assumes call by
      reference).
  
  (2) In pipe_stat(), lock the pipe if MAC is compiled in so that
      the call to mac_check_pipe_stat() gets a locked pipe to
      protect label consistency.  We still release the lock before
      returning actual stat() data, risking inconsistency, but
      apparently our pipe locking model accepts that risk.
  
  (3) In various pipe MAC authorization checks, assert that the pipe
      lock is held.
  
  (4) Grab the lock when performing a pipe relabel operation, and
      assert it a little deeper in the stack.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.25      +34 -0     src/sys/kern/kern_mac.c
  1.120     +12 -4     src/sys/kern/sys_pipe.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message