Date: Sat, 21 Sep 2002 20:26:44 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17904 for review Message-ID: <200209220326.g8M3Qi8i082049@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17904 Change 17904 by rwatson@rwatson_tislabs on 2002/09/21 20:25:44 Modify Biba and MLS to recognize the reality that mpo_create_mbuf_from_mbuf() may have a source mbuf that is initialized but not created. Modify nfs_socket.c to not explicitly perform the label copy since it will be performed later. Affected files ... .. //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_socket.c#14 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#108 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#89 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_socket.c#14 (text+ko) ==== @@ -889,10 +889,6 @@ m = nfsm_rpchead(cred, nmp->nm_flag, procnum, auth_type, auth_len, mrest, mrest_len, &mheadend, &xid); -#ifdef MAC - mac_create_mbuf_from_socket(nmp->nm_so, m); -#endif - /* * For stream protocols, insert a Sun RPC Record Mark. */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#108 (text+ko) ==== @@ -925,7 +925,15 @@ source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_biba_copy_single(source, dest); + /* + * Because the source mbuf may not yet have been "created", + * just initialized, we do a conditional copy. Since we don't + * allow mbufs to have ranges, do a KASSERT to make sure that + * doesn't happen. + */ + KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, + ("mac_biba_create_mbuf_from_mbuf: source mbuf has range")); + mac_biba_copy(source, dest); } static void ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#89 (text+ko) ==== @@ -879,7 +879,15 @@ source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_mls_copy_single(source, dest); + /* + * Because the source mbuf may not yet have been "created", + * just initialized, we do a conditional copy. Since we don't + * allow mbufs to have ranges, do a KASSERT to make sure that + * doesn't happen. + */ + KASSERT((source->mm_flags & MAC_MLS_FLAG_RANGE) != 0, + ("mac_mls_create_mbuf_from_mbuf: source mbuf has range")); + mac_mls_copy(source, dest); } static void To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209220326.g8M3Qi8i082049>