Date: Sun, 13 Jun 2004 03:58:08 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 54775 for review Message-ID: <200406130358.i5D3w8Fo001284@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=54775 Change 54775 by rwatson@rwatson_tislabs on 2004/06/13 03:57:24 Integrate netperf_socket: - geom_vinum - Loop back of socket MAC label locking via SOCK_LOCK(so). Affected files ... .. //depot/projects/netperf_socket/sys/compat/svr4/svr4_stream.c#2 integrate .. //depot/projects/netperf_socket/sys/contrib/pf/net/pf.c#8 integrate .. //depot/projects/netperf_socket/sys/contrib/pf/net/pf_ioctl.c#7 integrate .. //depot/projects/netperf_socket/sys/contrib/pf/net/pfvar.h#3 integrate .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum.h#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_drive.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_init.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_list.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_plex.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_raid5.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_raid5.h#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_rm.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_share.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_share.h#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_state.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_subr.c#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_var.h#1 branch .. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_volume.c#1 branch .. //depot/projects/netperf_socket/sys/kern/kern_prot.c#6 integrate .. //depot/projects/netperf_socket/sys/kern/subr_witness.c#5 integrate .. //depot/projects/netperf_socket/sys/kern/sys_socket.c#6 integrate .. //depot/projects/netperf_socket/sys/kern/uipc_socket2.c#13 integrate .. //depot/projects/netperf_socket/sys/kern/uipc_syscalls.c#17 integrate .. //depot/projects/netperf_socket/sys/kern/uipc_usrreq.c#12 integrate .. //depot/projects/netperf_socket/sys/modules/geom/geom_vinum/Makefile#1 branch .. //depot/projects/netperf_socket/sys/netatalk/ddp_input.c#5 integrate .. //depot/projects/netperf_socket/sys/netatalk/ddp_output.c#5 integrate .. //depot/projects/netperf_socket/sys/netinet/in_pcb.c#11 integrate .. //depot/projects/netperf_socket/sys/netinet/ip_divert.c#7 integrate .. //depot/projects/netperf_socket/sys/netinet/tcp_input.c#7 integrate .. //depot/projects/netperf_socket/sys/netinet/tcp_syncache.c#7 integrate .. //depot/projects/netperf_socket/sys/security/mac/mac_socket.c#2 integrate .. //depot/projects/netperf_socket/sys/sys/socketvar.h#13 integrate Differences ... ==== //depot/projects/netperf_socket/sys/compat/svr4/svr4_stream.c#2 (text+ko) ==== @@ -36,7 +36,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.46 2003/10/20 10:38:48 tjr Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.47 2004/06/13 02:50:04 rwatson Exp $"); #define COMPAT_43 1 @@ -171,7 +171,9 @@ return (error); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_send(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done1; #endif @@ -275,7 +277,9 @@ return (error); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_receive(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done1; #endif ==== //depot/projects/netperf_socket/sys/contrib/pf/net/pf.c#8 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/pf/net/pf.c,v 1.8 2004/05/02 20:47:24 dhartmei Exp $ */ +/* $FreeBSD: src/sys/contrib/pf/net/pf.c,v 1.9 2004/06/13 01:36:30 mlaier Exp $ */ /* $OpenBSD: pf.c,v 1.389.2.4 2004/04/30 23:27:57 brad Exp $ */ /* @@ -5835,7 +5835,7 @@ { u_short action, reason = 0, log = 0; struct mbuf *m = *m0; - struct ip6_hdr *h; + struct ip6_hdr *h = NULL; /* make the compiler happy */ struct pf_rule *a = NULL, *r = &pf_default_rule, *tr; struct pf_state *s = NULL; struct pf_ruleset *ruleset = NULL; ==== //depot/projects/netperf_socket/sys/contrib/pf/net/pf_ioctl.c#7 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/pf/net/pf_ioctl.c,v 1.7 2004/05/31 22:48:19 mlaier Exp $ */ +/* $FreeBSD: src/sys/contrib/pf/net/pf_ioctl.c,v 1.8 2004/06/13 01:36:31 mlaier Exp $ */ /* $OpenBSD: pf_ioctl.c,v 1.81.2.2 2004/04/30 23:28:58 brad Exp $ */ /* @@ -128,6 +128,9 @@ #endif struct pf_rule pf_default_rule; +#ifdef ALTQ +static int pfaltq_running; +#endif #define TAGID_MAX 50000 TAILQ_HEAD(pf_tags, pf_tagname) pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags); @@ -229,26 +232,12 @@ init_pf_mutex(void) { mtx_init(&pf_task_mtx, "pf task mtx", NULL, MTX_DEF); -/* - * pf_altq_mtx is initialized at altq_subr.c. - * - * #if defined(ALTQ) && !defined(ALTQ3_COMPAT) - * mtx_init(&pf_altq_mtx, "pf altq mtx", NULL, MTX_DEF); - * #endif - */ } void destroy_pf_mutex(void) { mtx_destroy(&pf_task_mtx); -/* - * pf_altq_mtx is initialized at altq_subr.c. - * - * #if defined(ALTQ) && !defined(ALTQ3_COMPAT) - * mtx_destroy(&pf_altq_mtx); - * #endif - */ } void @@ -1771,16 +1760,8 @@ break; } } -#ifdef __FreeBSD__ - if (error == 0) { - mtx_lock(&pf_altq_mtx); - pfaltq_running = 1; - mtx_unlock(&pf_altq_mtx); - } -#else if (error == 0) pfaltq_running = 1; -#endif splx(s); DPFPRINTF(PF_DEBUG_MISC, ("altq: started\n")); break; @@ -1812,16 +1793,8 @@ error = err; } } -#ifdef __FreeBSD__ - if (error == 0) { - mtx_lock(&pf_altq_mtx); - pfaltq_running = 0; - mtx_unlock(&pf_altq_mtx); - } -#else if (error == 0) pfaltq_running = 0; -#endif splx(s); DPFPRINTF(PF_DEBUG_MISC, ("altq: stopped\n")); break; @@ -2807,16 +2780,8 @@ error = err; } } -#ifdef __FreeBSD__ - if (error == 0) { - mtx_lock(&pf_altq_mtx); - pfaltq_running = 0; - mtx_unlock(&pf_altq_mtx); - } -#else if (error == 0) pfaltq_running = 0; -#endif splx(s); } while (0); @@ -3210,11 +3175,6 @@ destroy_pf_mutex(); return (ENOMEM); } -#ifdef ALTQ - mtx_lock(&pf_altq_mtx); - ++pfaltq_ref; - mtx_unlock(&pf_altq_mtx); -#endif return (0); } @@ -3240,11 +3200,6 @@ cleanup_pf_zone(); pf_osfp_cleanup(); destroy_dev(pf_dev); -#ifdef ALTQ - mtx_lock(&pf_altq_mtx); - --pfaltq_ref; - mtx_unlock(&pf_altq_mtx); -#endif destroy_pf_mutex(); return error; } @@ -3278,8 +3233,5 @@ DECLARE_MODULE(pf, pf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); MODULE_DEPEND(pf, pflog, PFLOG_MINVER, PFLOG_PREFVER, PFLOG_MAXVER); MODULE_DEPEND(pf, pfsync, PFSYNC_MINVER, PFSYNC_PREFVER, PFSYNC_MAXVER); -#ifdef ALTQ -MODULE_DEPEND(pf, pfaltq, PFALTQ_MINVER, PFALTQ_PREFVER, PFALTQ_MAXVER); -#endif MODULE_VERSION(pf, PF_MODVER); #endif /* __FreeBSD__ */ ==== //depot/projects/netperf_socket/sys/contrib/pf/net/pfvar.h#3 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/pf/net/pfvar.h,v 1.4 2004/03/17 21:11:02 mlaier Exp $ */ +/* $FreeBSD: src/sys/contrib/pf/net/pfvar.h,v 1.5 2004/06/13 01:36:31 mlaier Exp $ */ /* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */ /* @@ -175,10 +175,6 @@ if(var) uma_zdestroy(var) extern struct mtx pf_task_mtx; -#ifdef ALTQ -extern struct mtx pf_altq_mtx; -extern int pfaltq_ref; -#endif #define PF_ASSERT(h) mtx_assert(&pf_task_mtx, (h)) ==== //depot/projects/netperf_socket/sys/kern/kern_prot.c#6 (text+ko) ==== @@ -40,7 +40,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_prot.c,v 1.182 2004/06/11 11:16:23 phk Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_prot.c,v 1.183 2004/06/13 02:50:05 rwatson Exp $"); #include "opt_compat.h" #include "opt_mac.h" @@ -1685,7 +1685,9 @@ if (error) return (ENOENT); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_visible(cred, so); + SOCK_UNLOCK(so); if (error) return (error); #endif ==== //depot/projects/netperf_socket/sys/kern/subr_witness.c#5 (text+ko) ==== @@ -82,7 +82,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/subr_witness.c,v 1.173 2004/06/03 20:07:44 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/subr_witness.c,v 1.174 2004/06/13 00:23:03 rwatson Exp $"); #include "opt_ddb.h" #include "opt_witness.h" @@ -272,30 +272,37 @@ */ { "filedesc structure", &lock_class_mtx_sleep }, { "accept", &lock_class_mtx_sleep }, + { "so_snd", &lock_class_mtx_sleep }, + { "so_rcv", &lock_class_mtx_sleep }, { "sellck", &lock_class_mtx_sleep }, { NULL, NULL }, /* * Routing */ + { "so_rcv", &lock_class_mtx_sleep }, { "radix node head", &lock_class_mtx_sleep }, { "rtentry", &lock_class_mtx_sleep }, { "ifaddr", &lock_class_mtx_sleep }, { NULL, NULL }, /* * UNIX Domain Sockets + */ + { "unp", &lock_class_mtx_sleep }, + { "so_snd", &lock_class_mtx_sleep }, { NULL, NULL }, - */ /* * UDP/IP */ { "udp", &lock_class_mtx_sleep }, { "udpinp", &lock_class_mtx_sleep }, + { "so_snd", &lock_class_mtx_sleep }, { NULL, NULL }, /* * TCP/IP */ { "tcp", &lock_class_mtx_sleep }, { "tcpinp", &lock_class_mtx_sleep }, + { "so_snd", &lock_class_mtx_sleep }, { NULL, NULL }, /* * SLIP ==== //depot/projects/netperf_socket/sys/kern/sys_socket.c#6 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/sys_socket.c,v 1.57 2004/04/05 21:03:36 imp Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/sys_socket.c,v 1.58 2004/06/13 02:50:05 rwatson Exp $"); #include "opt_mac.h" @@ -77,7 +77,9 @@ NET_LOCK_GIANT(); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_receive(active_cred, so); + SOCK_UNLOCK(so); if (error) { NET_UNLOCK_GIANT(); return (error); @@ -102,7 +104,9 @@ NET_LOCK_GIANT(); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_send(active_cred, so); + SOCK_UNLOCK(so); if (error) { NET_UNLOCK_GIANT(); return (error); ==== //depot/projects/netperf_socket/sys/kern/uipc_socket2.c#13 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/uipc_socket2.c,v 1.128 2004/06/04 04:07:08 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/uipc_socket2.c,v 1.129 2004/06/13 02:50:05 rwatson Exp $"); #include "opt_mac.h" #include "opt_param.h" @@ -231,7 +231,9 @@ so->so_timeo = head->so_timeo; so->so_cred = crhold(head->so_cred); #ifdef MAC + SOCK_LOCK(head); mac_create_socket_from_socket(head, so); + SOCK_UNLOCK(head); #endif if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) || ==== //depot/projects/netperf_socket/sys/kern/uipc_syscalls.c#17 (text+ko) ==== @@ -33,7 +33,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.190 2004/06/12 20:47:28 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.192 2004/06/13 02:50:05 rwatson Exp $"); #include "opt_compat.h" #include "opt_ktrace.h" @@ -190,8 +190,9 @@ if ((error = fgetsock(td, fd, &so, NULL)) != 0) goto done2; #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_bind(td->td_ucred, so, sa); + SOCK_UNLOCK(so); if (error) goto done1; #endif @@ -224,8 +225,9 @@ NET_LOCK_GIANT(); if ((error = fgetsock(td, uap->s, &so, NULL)) == 0) { #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_listen(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done; #endif @@ -311,15 +313,15 @@ KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP")); KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP")); - /* - * Before changing the flags on the socket, we have to bump the + /* + * Before changing the flags on the socket, we have to bump the * reference count. Otherwise, if the protocol calls sofree(), - * the socket will be released due to a zero refcount. - */ + * the socket will be released due to a zero refcount. + */ SOCK_LOCK(so); soref(so); /* file descriptor reference */ SOCK_UNLOCK(so); - + TAILQ_REMOVE(&head->so_comp, so, so_list); head->so_qlen--; so->so_qstate &= ~SQ_COMP; @@ -485,8 +487,9 @@ goto done1; } #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_connect(td->td_ucred, so, sa); + SOCK_UNLOCK(so); if (error) goto bad; #endif @@ -708,8 +711,9 @@ goto bad2; #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_send(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto bad; #endif @@ -952,8 +956,9 @@ } #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_receive(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) { fputsock(so); NET_UNLOCK_GIANT(); @@ -1759,8 +1764,9 @@ } #ifdef MAC - /* XXXRW: MAC requires socket lock? */ + SOCK_LOCK(so); error = mac_check_socket_send(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done; #endif ==== //depot/projects/netperf_socket/sys/kern/uipc_usrreq.c#12 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.123 2004/06/12 20:47:28 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.124 2004/06/13 02:50:05 rwatson Exp $"); #include "opt_mac.h" @@ -873,8 +873,10 @@ sizeof(unp->unp_peercred)); unp->unp_flags |= UNP_HAVEPC; #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_socket(so, so3); mac_set_socket_peer_from_socket(so3, so); + SOCK_UNLOCK(so); #endif so2 = so3; ==== //depot/projects/netperf_socket/sys/netatalk/ddp_input.c#5 (text+ko) ==== @@ -2,7 +2,7 @@ * Copyright (c) 1990,1994 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. * - * $FreeBSD: src/sys/netatalk/ddp_input.c,v 1.23 2004/03/22 04:50:36 rwatson Exp $ + * $FreeBSD: src/sys/netatalk/ddp_input.c,v 1.24 2004/06/13 02:50:05 rwatson Exp $ */ #include "opt_mac.h" @@ -366,10 +366,13 @@ } #ifdef MAC + SOCK_LOCK(ddp->ddp_socket); if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) { + SOCK_UNLOCK(ddp->ddp_socket); m_freem(m); return; } + SOCK_UNLOCK(ddp->ddp_socket); #endif /* ==== //depot/projects/netperf_socket/sys/netatalk/ddp_output.c#5 (text+ko) ==== @@ -21,7 +21,7 @@ * netatalk@itd.umich.edu */ -/* $FreeBSD: src/sys/netatalk/ddp_output.c,v 1.23 2004/03/22 04:50:36 rwatson Exp $ */ +/* $FreeBSD: src/sys/netatalk/ddp_output.c,v 1.24 2004/06/13 02:50:05 rwatson Exp $ */ #include "opt_mac.h" @@ -52,7 +52,9 @@ struct ddpcb *ddp = sotoddpcb(so); #ifdef MAC + SOCK_LOCK(so); mac_create_mbuf_from_socket(so, m); + SOCK_UNLOCK(so); #endif M_PREPEND(m, sizeof(struct ddpehdr), M_TRYWAIT); ==== //depot/projects/netperf_socket/sys/netinet/in_pcb.c#11 (text+ko) ==== @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95 - * $FreeBSD: src/sys/netinet/in_pcb.c,v 1.148 2004/06/12 20:47:31 rwatson Exp $ + * $FreeBSD: src/sys/netinet/in_pcb.c,v 1.149 2004/06/13 02:50:06 rwatson Exp $ */ #include "opt_ipsec.h" @@ -176,7 +176,9 @@ error = mac_init_inpcb(inp, M_NOWAIT); if (error != 0) goto out; + SOCK_LOCK(so); mac_create_inpcb_from_socket(so, inp); + SOCK_UNLOCK(so); #endif #if defined(IPSEC) || defined(FAST_IPSEC) #ifdef FAST_IPSEC @@ -1175,10 +1177,11 @@ #ifdef MAC struct inpcb *inp; - /* XXX: Will assert socket lock when we have them. */ inp = (struct inpcb *)so->so_pcb; INP_LOCK(inp); + SOCK_LOCK(so); mac_inpcb_sosetlabel(so, inp); + SOCK_UNLOCK(so); INP_UNLOCK(inp); #endif } ==== //depot/projects/netperf_socket/sys/netinet/ip_divert.c#7 (text+ko) ==== @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/netinet/ip_divert.c,v 1.89 2004/06/11 04:06:51 rwatson Exp $ + * $FreeBSD: src/sys/netinet/ip_divert.c,v 1.90 2004/06/13 02:50:06 rwatson Exp $ */ #include "opt_inet.h" @@ -263,7 +263,9 @@ KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null")); #ifdef MAC + SOCK_LOCK(so); mac_create_mbuf_from_socket(so, m); + SOCK_UNLOCK(so); #endif if (control) ==== //depot/projects/netperf_socket/sys/netinet/tcp_input.c#7 (text+ko) ==== @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $FreeBSD: src/sys/netinet/tcp_input.c,v 1.237 2004/05/02 15:10:17 darrenr Exp $ + * $FreeBSD: src/sys/netinet/tcp_input.c,v 1.238 2004/06/13 02:50:06 rwatson Exp $ */ #include "opt_ipfw.h" /* for ipfw_fwd */ @@ -1354,7 +1354,9 @@ tcpstat.tcps_connects++; soisconnected(so); #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_mbuf(m, so); + SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) == ==== //depot/projects/netperf_socket/sys/netinet/tcp_syncache.c#7 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.57 2004/05/04 02:11:47 rwatson Exp $ + * $FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.58 2004/06/13 02:50:06 rwatson Exp $ */ #include "opt_inet.h" @@ -558,7 +558,9 @@ goto abort2; } #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_mbuf(m, so); + SOCK_UNLOCK(so); #endif inp = sotoinpcb(so); ==== //depot/projects/netperf_socket/sys/security/mac/mac_socket.c#2 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/security/mac/mac_socket.c,v 1.1 2004/02/26 03:51:04 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/security/mac/mac_socket.c,v 1.2 2004/06/13 02:50:07 rwatson Exp $"); #include "opt_mac.h" @@ -218,6 +218,7 @@ struct socket *newsocket) { + SOCK_LOCK_ASSERT(oldsocket); MAC_PERFORM(create_socket_from_socket, oldsocket, oldsocket->so_label, newsocket, newsocket->so_label); } @@ -227,6 +228,7 @@ struct label *newlabel) { + SOCK_LOCK_ASSERT(socket); MAC_PERFORM(relabel_socket, cred, socket, socket->so_label, newlabel); } @@ -235,6 +237,8 @@ { struct label *label; + SOCK_LOCK_ASSERT(socket); + label = mac_mbuf_to_label(mbuf); MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, label, socket, @@ -246,6 +250,12 @@ struct socket *newsocket) { + /* + * XXXRW: only hold the socket lock on one at a time, as one + * socket is the original, and one is the new. However, it's + * called in both directions, so we can't assert the lock + * here currently. + */ MAC_PERFORM(set_socket_peer_from_socket, oldsocket, oldsocket->so_label, newsocket, newsocket->so_peerlabel); } @@ -257,6 +267,7 @@ label = mac_mbuf_to_label(mbuf); + SOCK_LOCK_ASSERT(socket); MAC_PERFORM(create_mbuf_from_socket, socket, socket->so_label, mbuf, label); } @@ -267,6 +278,8 @@ { int error; + SOCK_LOCK_ASSERT(socket); + if (!mac_enforce_socket) return (0); @@ -282,6 +295,8 @@ { int error; + SOCK_LOCK_ASSERT(socket); + if (!mac_enforce_socket) return (0); @@ -297,6 +312,8 @@ struct label *label; int error; + SOCK_LOCK_ASSERT(socket); + if (!mac_enforce_socket) return (0); @@ -313,6 +330,8 @@ { int error; + SOCK_LOCK_ASSERT(socket); + if (!mac_enforce_socket) return (0); @@ -325,6 +344,8 @@ { int error; + SOCK_LOCK_ASSERT(so); + if (!mac_enforce_socket) return (0); @@ -339,6 +360,8 @@ { int error; + SOCK_LOCK_ASSERT(socket); + MAC_CHECK(check_socket_relabel, cred, socket, socket->so_label, newlabel); @@ -350,6 +373,8 @@ { int error; + SOCK_LOCK_ASSERT(so); + if (!mac_enforce_socket) return (0); @@ -363,6 +388,8 @@ { int error; + SOCK_LOCK_ASSERT(socket); + if (!mac_enforce_socket) return (0); @@ -377,12 +404,24 @@ { int error; + /* + * We acquire the socket lock when we perform the test and set, + * but have to release it as the pcb code needs to acquire the + * pcb lock, which will precede the socket lock in the lock + * order. However, this is fine, as any race will simply + * result in the inpcb being refreshed twice, but still + * consistently, as the inpcb code will acquire the socket lock + * before refreshing, holding both locks. + */ + SOCK_LOCK(so); error = mac_check_socket_relabel(cred, so, label); - if (error) + if (error) { + SOCK_UNLOCK(so); return (error); + } mac_relabel_socket(cred, so, label); - + SOCK_UNLOCK(so); /* * If the protocol has expressed interest in socket layer changes, * such as if it needs to propagate changes to a cached pcb @@ -419,9 +458,7 @@ if (error) goto out; - /* XXX: Socket lock here. */ error = mac_socket_label_set(cred, so, intlabel); - /* XXX: Socket unlock here. */ out: mac_socket_label_free(intlabel); return (error); @@ -431,6 +468,7 @@ mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac) { char *buffer, *elements; + struct label *intlabel; int error; error = mac_check_structmac_consistent(mac); @@ -445,8 +483,13 @@ } buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - error = mac_externalize_socket_label(so->so_label, elements, - buffer, mac->m_buflen); + intlabel = mac_socket_label_alloc(M_WAITOK); + SOCK_LOCK(so); + mac_copy_socket_label(so->so_label, intlabel); + SOCK_UNLOCK(so); + error = mac_externalize_socket_label(intlabel, elements, buffer, + mac->m_buflen); + mac_socket_label_free(intlabel); if (error == 0) error = copyout(buffer, mac->m_string, strlen(buffer)+1); @@ -461,6 +504,7 @@ struct mac *mac) { char *elements, *buffer; + struct label *intlabel; int error; error = mac_check_structmac_consistent(mac); @@ -475,8 +519,13 @@ } buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - error = mac_externalize_socket_peer_label(so->so_peerlabel, - elements, buffer, mac->m_buflen); + intlabel = mac_socket_label_alloc(M_WAITOK); + SOCK_LOCK(so); + mac_copy_socket_label(so->so_peerlabel, intlabel); + SOCK_UNLOCK(so); + error = mac_externalize_socket_peer_label(intlabel, elements, buffer, + mac->m_buflen); + mac_socket_label_free(intlabel); if (error == 0) error = copyout(buffer, mac->m_string, strlen(buffer)+1); ==== //depot/projects/netperf_socket/sys/sys/socketvar.h#13 (text+ko) ==== @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)socketvar.h 8.3 (Berkeley) 2/19/95 - * $FreeBSD: src/sys/sys/socketvar.h,v 1.119 2004/06/12 20:47:32 rwatson Exp $ + * $FreeBSD: src/sys/sys/socketvar.h,v 1.121 2004/06/13 02:50:07 rwatson Exp $ */ #ifndef _SYS_SOCKETVAR_H_ @@ -124,8 +124,8 @@ void (*so_upcall)(struct socket *, void *, int); void *so_upcallarg; struct ucred *so_cred; /* user credentials */ - struct label *so_label; /* MAC label for socket */ - struct label *so_peerlabel; /* cached MAC label for socket peer */ + struct label *so_label; /* (b) MAC label for socket */ + struct label *so_peerlabel; /* (b) cached MAC label for peer */ /* NB: generation count must not be first; easiest to make it last. */ so_gen_t so_gencnt; /* generation count */ void *so_emuldata; /* private data for emulators */ @@ -249,6 +249,7 @@ }; #ifdef _KERNEL + /* * Macros for sockets and socket buffering. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406130358.i5D3w8Fo001284>