PERFORCE change 130686 for review

[Zhouyi ZHOU]

http://perforce.freebsd.org/chv.cgi?CH=130686

Change 130686 by zhouzhouyi at zhouzhouyi_mactest on 2007/12/12 08:22:29

	settle memory leaks in Mandatory Access Control

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/bpf/00.t#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/kern/uipc_sem.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/netinet/in_pcb.c#6 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/netinet6/in6_pcb.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_posix_sem.c#4 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/bpf/00.t#4 (text+ko) ====

@@ -60,6 +60,7 @@
 			"mls/6(4-7),biba/5(4-7)"
 		    echo -n "pid = -2 bpfdesc_check_receive:" > ${mactest_conf}
 		    echo "biba/5,mls/5 biba/5(4-7),mls/6(4-7)" >> ${mactest_conf}
+		    echo "pid = -2 inpcb_destroy_label" > ${mactest_conf}
 
 		    bizarretestexpect ${tcpconnect} "" \
 			""  -f ${mactest_conf} -t 2 -b "mls/5(4-7),biba/5(4-7)" \

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/kern/uipc_sem.c#4 (text+ko) ====

@@ -814,6 +814,9 @@
 	}
 	sem_rel(ks);
 	error = 0;
+#ifdef MAC
+	mac_posix_sem_destroy(ks);
+#endif
 err:
 	mtx_unlock(&sem_lock);
 	return (error);

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/netinet/in_pcb.c#6 (text+ko) ====

@@ -198,7 +198,7 @@
 #ifdef IPSEC
 	error = ipsec_init_policy(so, &inp->inp_sp);
 	if (error != 0)
-		goto out;
+		goto out1;
 #endif /*IPSEC*/
 #ifdef INET6
 	if (INP_SOCKAF(so) == AF_INET6) {
@@ -218,8 +218,15 @@
 	inp->inp_gencnt = ++pcbinfo->ipi_gencnt;
 	
 #if defined(IPSEC) || defined(MAC)
+#ifdef IPSEC
+out1: 
+#endif
+#ifdef MAC
+	if (error != 0) 
+		mac_inpcb_destroy(inp);
+#endif	
 out:
-	if (error != 0)
+	if (error != 0) 
 		uma_zfree(pcbinfo->ipi_zone, inp);
 #endif
 	return (error);

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/netinet6/in6_pcb.c#4 (text+ko) ====

@@ -65,6 +65,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -105,6 +106,8 @@
 #include <netipsec/key.h>
 #endif /* IPSEC */
 
+#include <security/mac/mac_framework.h>
+
 struct	in6_addr zeroin6_addr;
 
 int
@@ -433,6 +436,10 @@
 	if (inp->inp_moptions != NULL)
 		inp_freemoptions(inp->inp_moptions);
 	inp->inp_vflag = 0;
+
+#ifdef MAC
+	mac_inpcb_destroy(inp);
+#endif
 	INP_UNLOCK(inp);
 	uma_zfree(ipi->ipi_zone, inp);
 }

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_posix_sem.c#4 (text+ko) ====

@@ -79,6 +79,7 @@
 {
 
 	mac_posixsem_label_free(ks->ks_label);
+	mac_labelzone_free(ks->ks_label);
 	ks->ks_label = NULL;
 }