Date: Fri, 23 Aug 2002 07:05:39 -0700 (PDT) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 16462 for review Message-ID: <200208231405.g7NE5dOK067653@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16462 Change 16462 by green@green_laptop_2 on 2002/08/23 07:04:41 * Don't grab Giant implicitly in mac_cred_mmapped_drop_perms(9). * Select a good default label (read: "equal") for tty devices. * Don't crhold(9) before calling crcopy(9) due to undocumented reference-count assertions. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 (text+ko) ==== @@ -202,8 +202,6 @@ static int mac_policy_unregister(struct mac_policy_conf *mpc); static int mac_stdcreatevnode_ea(struct vnode *vp); -void mac_cred_mmapped_drop_perms(struct thread *td, - struct ucred *cred); static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, struct vm_map *map); @@ -2170,10 +2168,8 @@ { /* XXX freeze all other threads */ - mtx_lock(&Giant); mac_cred_mmapped_drop_perms_recurse(td, cred, &td->td_proc->p_vmspace->vm_map); - mtx_unlock(&Giant); /* XXX allow other threads to continue */ } @@ -3136,7 +3132,9 @@ crhold(newcred); PROC_UNLOCK(p); + mtx_lock(&Giant); mac_cred_mmapped_drop_perms(td, newcred); + mtx_unlock(&Giant); crfree(newcred); /* Free revocation reference. */ crfree(oldcred); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 (text+ko) ==== @@ -743,7 +743,9 @@ if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) + strcmp(dev->si_name, "ctty") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || + strncmp(dev->si_name, "tty", strlen("tty")) == 0) biba_type = MAC_BIBA_TYPE_EQUAL; else biba_type = MAC_BIBA_TYPE_HIGH; @@ -2294,7 +2296,12 @@ if (subj->mac_biba.mb_flags & MAC_BIBA_FLAG_UPDATESUBJ) { mtx_unlock(&subj->mtx); newcred = crget(); - crhold(newcred); + /* + * Prevent a lock order reversal in + * mac_cred_mmapped_drop_perms; ideally, the other + * user of subj->mtx wouldn't be holding Giant. + */ + mtx_lock(&Giant); mtx_lock(&subj->mtx); /* * Check if we lost the race while allocating the cred. @@ -2304,12 +2311,14 @@ PROC_LOCK(p); oldcred = p->p_ucred; crcopy(newcred, oldcred); + crhold(newcred); mac_biba_copy(&subj->mac_biba, SLOT(&newcred->cr_label)); p->p_ucred = newcred; crfree(oldcred); PROC_UNLOCK(p); mac_cred_mmapped_drop_perms(curthread, newcred); out: + mtx_unlock(&Giant); crfree(newcred); } mtx_unlock(&subj->mtx); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 (text+ko) ==== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208231405.g7NE5dOK067653>