From owner-p4-projects Thu Aug 8 8:25:40 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0885A37B401; Thu, 8 Aug 2002 08:25:28 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B12FA37B400 for ; Thu, 8 Aug 2002 08:25:27 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5360E43E4A for ; Thu, 8 Aug 2002 08:25:27 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g78FPRJU056676 for ; Thu, 8 Aug 2002 08:25:27 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g78FPQaI056673 for perforce@freebsd.org; Thu, 8 Aug 2002 08:25:26 -0700 (PDT) Date: Thu, 8 Aug 2002 08:25:26 -0700 (PDT) Message-Id: <200208081525.g78FPQaI056673@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15683 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15683 Change 15683 by rwatson@rwatson_paprika on 2002/08/08 08:25:24 Add an IO_NOMACCHECK vnode operation flag to vn_rdwr(), which permits callers to specify that MAC checks are not required. This is needed because vn_rdwr() is used both to service user requests directly, and as a utility function inside UFS and ext2fs. Set the flag when invoking vn_rdwr() inside file systems, but otherwise not. Note that vn_rdwr() still needs an active_cred/saved_cred argument. Affected files ... .. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 edit .. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 edit .. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 edit .. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 edit .. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 (text+ko) ==== @@ -1009,8 +1009,9 @@ #define MINDIRSIZ (sizeof (struct dirtemplate) / 2) for (off = 0; off < ip->i_size; off += dp->rec_len) { - error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off, - UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0); + error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, + off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred, + &count, (struct thread *)0); /* * Since we read MINDIRSIZ, residual must * be 0 unless we're at end of file. @@ -1074,7 +1075,8 @@ } error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED, cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_NOMACCHEK, cred, (int *)0, + (struct thread *)0); if (error != 0) break; namlen = dirbuf.dotdot_type; /* like ufs little-endian */ ==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 (text+ko) ==== @@ -1220,7 +1220,7 @@ dp->i_flag |= IN_CHANGE; error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, tcnp->cn_cred, (int *)0, (struct thread *)0); if (error == 0) { /* Like ufs little-endian: */ @@ -1236,9 +1236,9 @@ (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED|IO_SYNC, - tcnp->cn_cred, (int *)0, - (struct thread *)0); + IO_NODELOCKED | IO_SYNC | + IO_NOMACCHECK, tcnp->cn_cred, + (int *)0, (struct thread *)0); cache_purge(fdvp); } } @@ -1373,7 +1373,8 @@ dirtemplate.dotdot_reclen = DIRBLKSIZ - 12; error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate, sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0, + (struct thread *)0); if (error) { dp->i_nlink--; dp->i_flag |= IN_CHANGE; @@ -1509,8 +1510,8 @@ ip->i_flag |= IN_CHANGE | IN_UPDATE; } else error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0, - (struct thread *)0); + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACHCHECK, + ap->a_cnp->cn_cred, (int *)0, (struct thread *)0); if (error) vput(vp); return (error); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 (text+ko) ==== @@ -398,23 +398,19 @@ auio.uio_segflg = segflg; auio.uio_rw = rw; auio.uio_td = td; - if (rw == UIO_READ) { -#if 0 + error = 0; #ifdef MAC - /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ - error = mac_check_vnode_read(td->td_ucred, cred, vp); - if (error == 0) + if ((ioflg & IO_NOMACCHECK) == 0) { + if (rw == UIO_READ) + error = mac_check_vnode_read(td->td_ucred, cred, vp); + else + error = mac_check_vnode_write(td->td_ucred, cred, vp); + } #endif -#endif + if (error == 0) { + if (rw == UIO_READ) error = VOP_READ(vp, &auio, ioflg, cred); - } else { -#if 0 -#ifdef MAC - /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ - error = mac_check_vnode_write(td->td_ucred, cred, vp); - if (error == 0) -#endif -#endif + else error = VOP_WRITE(vp, &auio, ioflg, cred); } if (aresid) ==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 (text+ko) ==== @@ -271,6 +271,7 @@ #define IO_NOWDRAIN 0x0200 /* do not block on wdrain */ #define IO_EXT 0x0400 /* operate on external attributes */ #define IO_NORMAL 0x0800 /* operate on regular data */ +#define IO_NOMACCHECK 0x1000 /* MAC checks unnecessary */ /* * Modes. Some values same as Ixxx entries from inode.h for now. ==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 (text+ko) ==== @@ -1151,8 +1151,9 @@ #define MINDIRSIZ (sizeof (struct dirtemplate) / 2) for (off = 0; off < ip->i_size; off += dp->d_reclen) { - error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off, - UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0); + error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, + off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred, + &count, (struct thread *)0); /* * Since we read MINDIRSIZ, residual must * be 0 unless we're at end of file. @@ -1224,7 +1225,8 @@ } error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED, cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0, + (struct thread *)0); if (error != 0) break; # if (BYTE_ORDER == LITTLE_ENDIAN) ==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 (text+ko) ==== @@ -1824,8 +1824,8 @@ ip->i_flag |= IN_CHANGE | IN_UPDATE; } else error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0, - (struct thread *)0); + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHEKC, + ap->a_cnp->cn_cred, (int *)0, (struct thread *)0); if (error) vput(vp); return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message