Date: Fri, 30 Apr 2004 20:28:51 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 52022 for review Message-ID: <200405010328.i413Spko050880@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=52022 Change 52022 by rwatson@rwatson_tislabs on 2004/04/30 20:28:16 Apply changes from changeset 51880 to the TrustedBSD MAC branch for testing prior to merge to the base FreeBSD tree: In IP divert sockets, annotate that it would be preferable to use the inpcb label to the socket label when sending an outgoing packet, but don't change it for now because the inpcb isn't always used when transmitting. In raw sockets, assert the inpcb lock when sending with a raw socket (it's always true, and also necessary). Re-code the MAC Framework interaction here to use the inpcb rather than the socket label to avoid interactions between inpcb and socket locking while holding the inpcb lock. In tcp_input(), assert the inpcb lock before checking with MAC that the inpcb can receive the mbuf. This is redundant with a locking assertion in the MAC Framework. In tcp_output(), use the TCP inpcb rather than the socket to set the label for a new mbuf. This avoids acquiring the socket lock when we already hold the inpcb lock, which is sufficient. In tcp_respond() and tcp_twrespond(), perform initial assertions and setup of the inp pointer before starting to handle the packet. Affected files ... .. //depot/projects/trustedbsd/mac/sys/netinet/ip_divert.c#21 edit .. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#31 edit .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#50 edit .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_output.c#22 edit .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#43 edit .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_syncache.c#26 edit .. //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#30 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/netinet/ip_divert.c#21 (text+ko) ==== @@ -282,6 +282,9 @@ KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null")); #ifdef MAC + /* + * XXXRW: perhaps should be mac_create_mbuf_from_inpcb()? + */ mac_create_mbuf_from_socket(so, m); #endif ==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#31 (text+ko) ==== @@ -145,6 +145,8 @@ { int policyfail = 0; + INP_LOCK_ASSERT(last); + #if defined(IPSEC) || defined(FAST_IPSEC) /* check AH/ESP integrity. */ if (ipsec4_in_reject(n, last)) { @@ -244,9 +246,22 @@ struct inpcb *inp = sotoinpcb(so); int flags = (so->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST; + /* + * XXXRW: Due to use of inp fields later in this function, the + * inp lock almost certainly needs to be held for the duration + * of the function, not just the MAC entry point. + */ #ifdef MAC + INP_LOCK(inp); + mac_create_mbuf_from_inpcb(inp, m); + INP_UNLOCK(inp); +#if 0 + /* + * XXXRW: Use inpcb instead. + */ mac_create_mbuf_from_socket(so, m); #endif +#endif /* * If the user handed us a complete IP packet, use it. ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#50 (text+ko) ==== @@ -751,6 +751,7 @@ tiwin = th->th_win; #ifdef MAC + INP_LOCK_ASSERT(inp); if (mac_check_inpcb_deliver(inp, m)) goto drop; #endif ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_output.c#22 (text+ko) ==== @@ -696,8 +696,14 @@ } m->m_pkthdr.rcvif = (struct ifnet *)0; #ifdef MAC + /* + * XXX: use mac_create_mbuf_from_inpcb(inp, m) instead of socket. + */ + mac_create_mbuf_from_inpcb(tp->t_inpcb, m); +#if 0 mac_create_mbuf_from_socket(so, m); #endif +#endif #ifdef INET6 if (isipv6) { ip6 = mtod(m, struct ip6_hdr *); ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#43 (text+ko) ==== @@ -402,7 +402,7 @@ int isipv6; #endif /* INET6 */ int ipflags = 0; - struct inpcb *inp = NULL; + struct inpcb *inp; KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL")); @@ -417,6 +417,10 @@ KASSERT(inp != NULL, ("tcp control block w/o inpcb")); INP_INFO_WLOCK_ASSERT(&tcbinfo); INP_LOCK_ASSERT(inp); + } else + inp = NULL; + + if (tp != NULL) { if (!(flags & TH_RST)) { win = sbspace(&inp->inp_socket->so_rcv); if (win > (long)TCP_MAXWIN << tp->rcv_scale) @@ -499,7 +503,14 @@ * Packet is associated with a socket, so allow the * label of the response to reflect the socket label. */ + INP_LOCK_ASSERT(inp); + mac_create_mbuf_from_inpcb(inp, m); +#if 0 + /* + * XXXRW: Use inpcb instead of socket here. + */ mac_create_mbuf_from_socket(inp->inp_socket, m); +#endif } else { /* * Packet is not associated with a socket, so possibly ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_syncache.c#26 (text+ko) ==== @@ -1129,8 +1129,15 @@ inp = sc->sc_tp->t_inpcb; INP_LOCK(inp); #ifdef MAC + /* + * XXXRW: Should be mac_create_mbuf_from_inpcb(inp, m) rather than + * from socket for locking reasons. + */ + mac_create_mbuf_from_inpcb(inp, m); +#if 0 mac_create_mbuf_from_socket(inp->inp_socket, m); #endif +#endif #ifdef INET6 if (sc->sc_inc.inc_isipv6) { ==== //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#30 (text+ko) ==== @@ -457,6 +457,8 @@ struct sockaddr *append_sa; struct mbuf *opts = 0; + INP_LOCK_ASSERT(inp); + #if defined(IPSEC) || defined(FAST_IPSEC) /* check AH/ESP integrity. */ if (ipsec4_in_reject(n, last)) { @@ -734,8 +736,14 @@ INP_LOCK_ASSERT(inp); #ifdef MAC + /* + * XXXRW: Use inpcb instead of socket. + */ + mac_create_mbuf_from_inpcb(inp, m); +#if 0 mac_create_mbuf_from_socket(inp->inp_socket, m); #endif +#endif if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) { error = EMSGSIZE;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405010328.i413Spko050880>