From owner-trustedbsd-cvs@FreeBSD.ORG Mon Dec 4 16:50:05 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E6CBD16A4AB for ; Mon, 4 Dec 2006 16:50:05 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A197B43E07 for ; Mon, 4 Dec 2006 16:47:09 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by cyrus.watson.org (Postfix) with ESMTP id 2F7BF46B9F for ; Mon, 4 Dec 2006 11:47:41 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54]) by mx2.freebsd.org (Postfix) with ESMTP id 020825BACD; Mon, 4 Dec 2006 16:47:27 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 70BD616A494; Mon, 4 Dec 2006 16:47:32 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 26E2B16A4C9 for ; Mon, 4 Dec 2006 16:47:32 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7359543CF0 for ; Mon, 4 Dec 2006 16:44:17 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kB4GioB8060687 for ; Mon, 4 Dec 2006 16:44:50 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kB4GiosS060683 for perforce@freebsd.org; Mon, 4 Dec 2006 16:44:50 GMT (envelope-from millert@freebsd.org) Date: Mon, 4 Dec 2006 16:44:50 GMT Message-Id: <200612041644.kB4GiosS060683@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 111027 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2006 16:50:06 -0000 http://perforce.freebsd.org/chv.cgi?CH=111027 Change 111027 by millert@millert_g5tower on 2006/12/04 16:44:41 Fix locking in mac_vnode_label_associate_fdesc(): Use fp_lookup() not fdfile macro to get the struct fileproc for an fd and have it lock the proc fd lock. Use socket, posix sem and shm, and pipe locks. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#21 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#21 (text+ko) ==== @@ -952,15 +952,18 @@ mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, struct vnode *vp, vfs_context_t ctx) { - struct fileglob *fg; + struct fileproc *fp; struct pseminfo *psem; struct pshminfo *pshm; struct xsocket xso; struct socket *so; struct pipe *cpipe; struct vnode *fvp; + struct proc *p; int error; + error = 0; + /* * If no backing file, let the policy choose which label to use. */ @@ -970,52 +973,76 @@ return (0); } - fg = (*fdfile(vfs_context_proc(ctx), fnp->fd_fd))->f_fglob; - switch (fg->fg_type) { + p = vfs_context_proc(ctx); + error = fp_lookup(p, fnp->fd_fd, &fp, 0); + if (error) + return (error); + + if (fp->f_fglob == NULL) { + error = EBADF; + goto out; + } + + switch (fp->f_fglob->fg_type) { case DTYPE_VNODE: - fvp = (struct vnode *)fg->fg_data; + fvp = (struct vnode *)fp->f_fglob->fg_data; if ((error = vnode_getwithref(fvp))) - return (error); + goto out; MAC_PERFORM(vnode_label_copy, fvp->v_label, vp->v_label); (void)vnode_put(fvp); break; case DTYPE_SOCKET: - so = (struct socket *)fg->fg_data; + so = (struct socket *)fp->f_fglob->fg_data; + SOCK_LOCK(so); sotoxsocket(so, &xso); MAC_PERFORM(vnode_label_associate_socket, vfs_context_ucred(ctx), &xso, so->so_label, vp, vp->v_label); + SOCK_UNLOCK(so); break; case DTYPE_PSXSHM: - /* XXX: should hold the PSHM_SUBSYS lock. */ - pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data); - if (pshm == NULL) - return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixshm, - vfs_context_ucred(ctx), pshm, pshm->pshm_label, - vp, vp->v_label); + PSHM_SUBSYS_LOCK(); + pshm = pshmnodeinfo((struct pshmnode *)fp->f_fglob->fg_data); + if (pshm != NULL) { + MAC_PERFORM(vnode_label_associate_posixshm, + vfs_context_ucred(ctx), pshm, pshm->pshm_label, + vp, vp->v_label); + } else + error = EINVAL; + PSHM_SUBSYS_UNLOCK(); break; case DTYPE_PSXSEM: - /* XXX: should hold the PSEM_SUBSYS lock. */ - psem = psemnodeinfo((struct psemnode *)fg->fg_data); - if (psem == NULL) - return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixsem, - vfs_context_ucred(ctx), psem, psem->psem_label, - vp, vp->v_label); + PSEM_SUBSYS_LOCK(); + psem = psemnodeinfo((struct psemnode *)fp->f_fglob->fg_data); + if (psem != NULL) { + MAC_PERFORM(vnode_label_associate_posixsem, + vfs_context_ucred(ctx), psem, psem->psem_label, + vp, vp->v_label); + } else + error = EINVAL; + PSEM_SUBSYS_UNLOCK(); break; case DTYPE_PIPE: - /* XXX: should PIPE_LOCK */ - cpipe = (struct pipe *)fg->fg_data; + cpipe = (struct pipe *)fp->f_fglob->fg_data; + /* kern/sys_pipe.c:pipe_select() suggests this test. */ + if (cpipe == (struct pipe *)-1) { + error = EINVAL; + goto out; + } + PIPE_LOCK(cpipe); MAC_PERFORM(vnode_label_associate_pipe, vfs_context_ucred(ctx), cpipe, cpipe->pipe_label, vp, vp->v_label); + PIPE_UNLOCK(cpipe); break; case DTYPE_KQUEUE: case DTYPE_FSEVENTS: default: MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx), - mp, mp->mnt_mntlabel, fg, fg->fg_label, vp, vp->v_label); + mp, mp->mnt_mntlabel, fp->f_fglob, fp->f_fglob->fg_label, + vp, vp->v_label); break; } - return (0); +out: + fp_drop(p, fnp->fd_fd, fp, 0); + return (error); }