From owner-p4-projects  Wed Jul 31 19:41:44 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A547937B401; Wed, 31 Jul 2002 19:41:38 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5827B37B400; Wed, 31 Jul 2002 19:41:38 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id AE80243E5E; Wed, 31 Jul 2002 19:41:37 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g712fROo073609;
	Wed, 31 Jul 2002 22:41:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 31 Jul 2002 22:41:27 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Brian Feldman <green@FreeBSD.org>
Cc: Perforce Change Reviews <perforce@FreeBSD.org>
Subject: Re: PERFORCE change 15347 for review
In-Reply-To: <200207312131.g6VLVV8L053036@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1020731223824.70641A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG


On Wed, 31 Jul 2002, Brian Feldman wrote:

> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15347
> 
> Change 15347 by green@green_laptop_2 on 2002/07/31 14:31:24
> 
> 	mac_cred_canexec() no longer exists; use mac_check_vnode_exec().

Hmm.  I see the problem you're trying to address by making these locking
changes (proc lock ordering relationship to vnode locks), but I'm not sure
the result of the changes is correct either.  Releasing the proc lock here
may have undesirable consequences, since we're in the middle of a process
credential change...

> 
> Affected files ...
> 
> .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 edit
> 
> Differences ...
> 
> ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 (text+ko) ====
> 
> @@ -398,10 +398,12 @@
>  	    attr.va_gid;
>  
>  #ifdef MAC
> +	PROC_UNLOCK(p);
>  	vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
>  	will_transition = mac_execve_will_transition(oldcred, imgp->vp);
>  	credential_changing |= will_transition;
>  	VOP_UNLOCK(imgp->vp, 0, td);
> +	PROC_LOCK(p);
>  #endif
>  
>  	if (credential_changing &&
> @@ -438,11 +440,13 @@
>  			change_egid(newcred, attr.va_gid);
>  #ifdef MAC
>  		if (will_transition) {
> +			PROC_UNLOCK(p);
>  			vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
>  			mac_execve_transition(oldcred, newcred, imgp->vp);
>  			VOP_UNLOCK(imgp->vp, 0, td);
> +			PROC_LOCK(p);
>  		}
> -#endif
> +#endif /* MAC */
>  		/*
>  		 * Implement correct POSIX saved-id behavior.
>  		 */
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message