PERFORCE change 54775 for review
Robert Watson
rwatson at FreeBSD.org
Sun Jun 13 03:58:15 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=54775
Change 54775 by rwatson at rwatson_tislabs on 2004/06/13 03:57:24
Integrate netperf_socket:
- geom_vinum
- Loop back of socket MAC label locking via SOCK_LOCK(so).
Affected files ...
.. //depot/projects/netperf_socket/sys/compat/svr4/svr4_stream.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/pf/net/pf.c#8 integrate
.. //depot/projects/netperf_socket/sys/contrib/pf/net/pf_ioctl.c#7 integrate
.. //depot/projects/netperf_socket/sys/contrib/pf/net/pfvar.h#3 integrate
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum.h#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_drive.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_init.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_list.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_plex.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_raid5.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_raid5.h#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_rm.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_share.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_share.h#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_state.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_subr.c#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_var.h#1 branch
.. //depot/projects/netperf_socket/sys/geom/vinum/geom_vinum_volume.c#1 branch
.. //depot/projects/netperf_socket/sys/kern/kern_prot.c#6 integrate
.. //depot/projects/netperf_socket/sys/kern/subr_witness.c#5 integrate
.. //depot/projects/netperf_socket/sys/kern/sys_socket.c#6 integrate
.. //depot/projects/netperf_socket/sys/kern/uipc_socket2.c#13 integrate
.. //depot/projects/netperf_socket/sys/kern/uipc_syscalls.c#17 integrate
.. //depot/projects/netperf_socket/sys/kern/uipc_usrreq.c#12 integrate
.. //depot/projects/netperf_socket/sys/modules/geom/geom_vinum/Makefile#1 branch
.. //depot/projects/netperf_socket/sys/netatalk/ddp_input.c#5 integrate
.. //depot/projects/netperf_socket/sys/netatalk/ddp_output.c#5 integrate
.. //depot/projects/netperf_socket/sys/netinet/in_pcb.c#11 integrate
.. //depot/projects/netperf_socket/sys/netinet/ip_divert.c#7 integrate
.. //depot/projects/netperf_socket/sys/netinet/tcp_input.c#7 integrate
.. //depot/projects/netperf_socket/sys/netinet/tcp_syncache.c#7 integrate
.. //depot/projects/netperf_socket/sys/security/mac/mac_socket.c#2 integrate
.. //depot/projects/netperf_socket/sys/sys/socketvar.h#13 integrate
Differences ...
==== //depot/projects/netperf_socket/sys/compat/svr4/svr4_stream.c#2 (text+ko) ====
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.46 2003/10/20 10:38:48 tjr Exp $");
+__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.47 2004/06/13 02:50:04 rwatson Exp $");
#define COMPAT_43 1
@@ -171,7 +171,9 @@
return (error);
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_send(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done1;
#endif
@@ -275,7 +277,9 @@
return (error);
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_receive(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done1;
#endif
==== //depot/projects/netperf_socket/sys/contrib/pf/net/pf.c#8 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/contrib/pf/net/pf.c,v 1.8 2004/05/02 20:47:24 dhartmei Exp $ */
+/* $FreeBSD: src/sys/contrib/pf/net/pf.c,v 1.9 2004/06/13 01:36:30 mlaier Exp $ */
/* $OpenBSD: pf.c,v 1.389.2.4 2004/04/30 23:27:57 brad Exp $ */
/*
@@ -5835,7 +5835,7 @@
{
u_short action, reason = 0, log = 0;
struct mbuf *m = *m0;
- struct ip6_hdr *h;
+ struct ip6_hdr *h = NULL; /* make the compiler happy */
struct pf_rule *a = NULL, *r = &pf_default_rule, *tr;
struct pf_state *s = NULL;
struct pf_ruleset *ruleset = NULL;
==== //depot/projects/netperf_socket/sys/contrib/pf/net/pf_ioctl.c#7 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/contrib/pf/net/pf_ioctl.c,v 1.7 2004/05/31 22:48:19 mlaier Exp $ */
+/* $FreeBSD: src/sys/contrib/pf/net/pf_ioctl.c,v 1.8 2004/06/13 01:36:31 mlaier Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.81.2.2 2004/04/30 23:28:58 brad Exp $ */
/*
@@ -128,6 +128,9 @@
#endif
struct pf_rule pf_default_rule;
+#ifdef ALTQ
+static int pfaltq_running;
+#endif
#define TAGID_MAX 50000
TAILQ_HEAD(pf_tags, pf_tagname) pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags);
@@ -229,26 +232,12 @@
init_pf_mutex(void)
{
mtx_init(&pf_task_mtx, "pf task mtx", NULL, MTX_DEF);
-/*
- * pf_altq_mtx is initialized at altq_subr.c.
- *
- * #if defined(ALTQ) && !defined(ALTQ3_COMPAT)
- * mtx_init(&pf_altq_mtx, "pf altq mtx", NULL, MTX_DEF);
- * #endif
- */
}
void
destroy_pf_mutex(void)
{
mtx_destroy(&pf_task_mtx);
-/*
- * pf_altq_mtx is initialized at altq_subr.c.
- *
- * #if defined(ALTQ) && !defined(ALTQ3_COMPAT)
- * mtx_destroy(&pf_altq_mtx);
- * #endif
- */
}
void
@@ -1771,16 +1760,8 @@
break;
}
}
-#ifdef __FreeBSD__
- if (error == 0) {
- mtx_lock(&pf_altq_mtx);
- pfaltq_running = 1;
- mtx_unlock(&pf_altq_mtx);
- }
-#else
if (error == 0)
pfaltq_running = 1;
-#endif
splx(s);
DPFPRINTF(PF_DEBUG_MISC, ("altq: started\n"));
break;
@@ -1812,16 +1793,8 @@
error = err;
}
}
-#ifdef __FreeBSD__
- if (error == 0) {
- mtx_lock(&pf_altq_mtx);
- pfaltq_running = 0;
- mtx_unlock(&pf_altq_mtx);
- }
-#else
if (error == 0)
pfaltq_running = 0;
-#endif
splx(s);
DPFPRINTF(PF_DEBUG_MISC, ("altq: stopped\n"));
break;
@@ -2807,16 +2780,8 @@
error = err;
}
}
-#ifdef __FreeBSD__
- if (error == 0) {
- mtx_lock(&pf_altq_mtx);
- pfaltq_running = 0;
- mtx_unlock(&pf_altq_mtx);
- }
-#else
if (error == 0)
pfaltq_running = 0;
-#endif
splx(s);
} while (0);
@@ -3210,11 +3175,6 @@
destroy_pf_mutex();
return (ENOMEM);
}
-#ifdef ALTQ
- mtx_lock(&pf_altq_mtx);
- ++pfaltq_ref;
- mtx_unlock(&pf_altq_mtx);
-#endif
return (0);
}
@@ -3240,11 +3200,6 @@
cleanup_pf_zone();
pf_osfp_cleanup();
destroy_dev(pf_dev);
-#ifdef ALTQ
- mtx_lock(&pf_altq_mtx);
- --pfaltq_ref;
- mtx_unlock(&pf_altq_mtx);
-#endif
destroy_pf_mutex();
return error;
}
@@ -3278,8 +3233,5 @@
DECLARE_MODULE(pf, pf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
MODULE_DEPEND(pf, pflog, PFLOG_MINVER, PFLOG_PREFVER, PFLOG_MAXVER);
MODULE_DEPEND(pf, pfsync, PFSYNC_MINVER, PFSYNC_PREFVER, PFSYNC_MAXVER);
-#ifdef ALTQ
-MODULE_DEPEND(pf, pfaltq, PFALTQ_MINVER, PFALTQ_PREFVER, PFALTQ_MAXVER);
-#endif
MODULE_VERSION(pf, PF_MODVER);
#endif /* __FreeBSD__ */
==== //depot/projects/netperf_socket/sys/contrib/pf/net/pfvar.h#3 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/contrib/pf/net/pfvar.h,v 1.4 2004/03/17 21:11:02 mlaier Exp $ */
+/* $FreeBSD: src/sys/contrib/pf/net/pfvar.h,v 1.5 2004/06/13 01:36:31 mlaier Exp $ */
/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
/*
@@ -175,10 +175,6 @@
if(var) uma_zdestroy(var)
extern struct mtx pf_task_mtx;
-#ifdef ALTQ
-extern struct mtx pf_altq_mtx;
-extern int pfaltq_ref;
-#endif
#define PF_ASSERT(h) mtx_assert(&pf_task_mtx, (h))
==== //depot/projects/netperf_socket/sys/kern/kern_prot.c#6 (text+ko) ====
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/kern_prot.c,v 1.182 2004/06/11 11:16:23 phk Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/kern_prot.c,v 1.183 2004/06/13 02:50:05 rwatson Exp $");
#include "opt_compat.h"
#include "opt_mac.h"
@@ -1685,7 +1685,9 @@
if (error)
return (ENOENT);
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_visible(cred, so);
+ SOCK_UNLOCK(so);
if (error)
return (error);
#endif
==== //depot/projects/netperf_socket/sys/kern/subr_witness.c#5 (text+ko) ====
@@ -82,7 +82,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/subr_witness.c,v 1.173 2004/06/03 20:07:44 jhb Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/subr_witness.c,v 1.174 2004/06/13 00:23:03 rwatson Exp $");
#include "opt_ddb.h"
#include "opt_witness.h"
@@ -272,30 +272,37 @@
*/
{ "filedesc structure", &lock_class_mtx_sleep },
{ "accept", &lock_class_mtx_sleep },
+ { "so_snd", &lock_class_mtx_sleep },
+ { "so_rcv", &lock_class_mtx_sleep },
{ "sellck", &lock_class_mtx_sleep },
{ NULL, NULL },
/*
* Routing
*/
+ { "so_rcv", &lock_class_mtx_sleep },
{ "radix node head", &lock_class_mtx_sleep },
{ "rtentry", &lock_class_mtx_sleep },
{ "ifaddr", &lock_class_mtx_sleep },
{ NULL, NULL },
/*
* UNIX Domain Sockets
+ */
+ { "unp", &lock_class_mtx_sleep },
+ { "so_snd", &lock_class_mtx_sleep },
{ NULL, NULL },
- */
/*
* UDP/IP
*/
{ "udp", &lock_class_mtx_sleep },
{ "udpinp", &lock_class_mtx_sleep },
+ { "so_snd", &lock_class_mtx_sleep },
{ NULL, NULL },
/*
* TCP/IP
*/
{ "tcp", &lock_class_mtx_sleep },
{ "tcpinp", &lock_class_mtx_sleep },
+ { "so_snd", &lock_class_mtx_sleep },
{ NULL, NULL },
/*
* SLIP
==== //depot/projects/netperf_socket/sys/kern/sys_socket.c#6 (text+ko) ====
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/sys_socket.c,v 1.57 2004/04/05 21:03:36 imp Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/sys_socket.c,v 1.58 2004/06/13 02:50:05 rwatson Exp $");
#include "opt_mac.h"
@@ -77,7 +77,9 @@
NET_LOCK_GIANT();
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_receive(active_cred, so);
+ SOCK_UNLOCK(so);
if (error) {
NET_UNLOCK_GIANT();
return (error);
@@ -102,7 +104,9 @@
NET_LOCK_GIANT();
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_send(active_cred, so);
+ SOCK_UNLOCK(so);
if (error) {
NET_UNLOCK_GIANT();
return (error);
==== //depot/projects/netperf_socket/sys/kern/uipc_socket2.c#13 (text+ko) ====
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/uipc_socket2.c,v 1.128 2004/06/04 04:07:08 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/uipc_socket2.c,v 1.129 2004/06/13 02:50:05 rwatson Exp $");
#include "opt_mac.h"
#include "opt_param.h"
@@ -231,7 +231,9 @@
so->so_timeo = head->so_timeo;
so->so_cred = crhold(head->so_cred);
#ifdef MAC
+ SOCK_LOCK(head);
mac_create_socket_from_socket(head, so);
+ SOCK_UNLOCK(head);
#endif
if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) ||
==== //depot/projects/netperf_socket/sys/kern/uipc_syscalls.c#17 (text+ko) ====
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.190 2004/06/12 20:47:28 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.192 2004/06/13 02:50:05 rwatson Exp $");
#include "opt_compat.h"
#include "opt_ktrace.h"
@@ -190,8 +190,9 @@
if ((error = fgetsock(td, fd, &so, NULL)) != 0)
goto done2;
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_bind(td->td_ucred, so, sa);
+ SOCK_UNLOCK(so);
if (error)
goto done1;
#endif
@@ -224,8 +225,9 @@
NET_LOCK_GIANT();
if ((error = fgetsock(td, uap->s, &so, NULL)) == 0) {
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_listen(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done;
#endif
@@ -311,15 +313,15 @@
KASSERT(!(so->so_qstate & SQ_INCOMP), ("accept1: so SQ_INCOMP"));
KASSERT(so->so_qstate & SQ_COMP, ("accept1: so not SQ_COMP"));
- /*
- * Before changing the flags on the socket, we have to bump the
+ /*
+ * Before changing the flags on the socket, we have to bump the
* reference count. Otherwise, if the protocol calls sofree(),
- * the socket will be released due to a zero refcount.
- */
+ * the socket will be released due to a zero refcount.
+ */
SOCK_LOCK(so);
soref(so); /* file descriptor reference */
SOCK_UNLOCK(so);
-
+
TAILQ_REMOVE(&head->so_comp, so, so_list);
head->so_qlen--;
so->so_qstate &= ~SQ_COMP;
@@ -485,8 +487,9 @@
goto done1;
}
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_connect(td->td_ucred, so, sa);
+ SOCK_UNLOCK(so);
if (error)
goto bad;
#endif
@@ -708,8 +711,9 @@
goto bad2;
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_send(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto bad;
#endif
@@ -952,8 +956,9 @@
}
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_receive(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error) {
fputsock(so);
NET_UNLOCK_GIANT();
@@ -1759,8 +1764,9 @@
}
#ifdef MAC
- /* XXXRW: MAC requires socket lock? */
+ SOCK_LOCK(so);
error = mac_check_socket_send(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done;
#endif
==== //depot/projects/netperf_socket/sys/kern/uipc_usrreq.c#12 (text+ko) ====
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.123 2004/06/12 20:47:28 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.124 2004/06/13 02:50:05 rwatson Exp $");
#include "opt_mac.h"
@@ -873,8 +873,10 @@
sizeof(unp->unp_peercred));
unp->unp_flags |= UNP_HAVEPC;
#ifdef MAC
+ SOCK_LOCK(so);
mac_set_socket_peer_from_socket(so, so3);
mac_set_socket_peer_from_socket(so3, so);
+ SOCK_UNLOCK(so);
#endif
so2 = so3;
==== //depot/projects/netperf_socket/sys/netatalk/ddp_input.c#5 (text+ko) ====
@@ -2,7 +2,7 @@
* Copyright (c) 1990,1994 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
*
- * $FreeBSD: src/sys/netatalk/ddp_input.c,v 1.23 2004/03/22 04:50:36 rwatson Exp $
+ * $FreeBSD: src/sys/netatalk/ddp_input.c,v 1.24 2004/06/13 02:50:05 rwatson Exp $
*/
#include "opt_mac.h"
@@ -366,10 +366,13 @@
}
#ifdef MAC
+ SOCK_LOCK(ddp->ddp_socket);
if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) {
+ SOCK_UNLOCK(ddp->ddp_socket);
m_freem(m);
return;
}
+ SOCK_UNLOCK(ddp->ddp_socket);
#endif
/*
==== //depot/projects/netperf_socket/sys/netatalk/ddp_output.c#5 (text+ko) ====
@@ -21,7 +21,7 @@
* netatalk at itd.umich.edu
*/
-/* $FreeBSD: src/sys/netatalk/ddp_output.c,v 1.23 2004/03/22 04:50:36 rwatson Exp $ */
+/* $FreeBSD: src/sys/netatalk/ddp_output.c,v 1.24 2004/06/13 02:50:05 rwatson Exp $ */
#include "opt_mac.h"
@@ -52,7 +52,9 @@
struct ddpcb *ddp = sotoddpcb(so);
#ifdef MAC
+ SOCK_LOCK(so);
mac_create_mbuf_from_socket(so, m);
+ SOCK_UNLOCK(so);
#endif
M_PREPEND(m, sizeof(struct ddpehdr), M_TRYWAIT);
==== //depot/projects/netperf_socket/sys/netinet/in_pcb.c#11 (text+ko) ====
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*
* @(#)in_pcb.c 8.4 (Berkeley) 5/24/95
- * $FreeBSD: src/sys/netinet/in_pcb.c,v 1.148 2004/06/12 20:47:31 rwatson Exp $
+ * $FreeBSD: src/sys/netinet/in_pcb.c,v 1.149 2004/06/13 02:50:06 rwatson Exp $
*/
#include "opt_ipsec.h"
@@ -176,7 +176,9 @@
error = mac_init_inpcb(inp, M_NOWAIT);
if (error != 0)
goto out;
+ SOCK_LOCK(so);
mac_create_inpcb_from_socket(so, inp);
+ SOCK_UNLOCK(so);
#endif
#if defined(IPSEC) || defined(FAST_IPSEC)
#ifdef FAST_IPSEC
@@ -1175,10 +1177,11 @@
#ifdef MAC
struct inpcb *inp;
- /* XXX: Will assert socket lock when we have them. */
inp = (struct inpcb *)so->so_pcb;
INP_LOCK(inp);
+ SOCK_LOCK(so);
mac_inpcb_sosetlabel(so, inp);
+ SOCK_UNLOCK(so);
INP_UNLOCK(inp);
#endif
}
==== //depot/projects/netperf_socket/sys/netinet/ip_divert.c#7 (text+ko) ====
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/netinet/ip_divert.c,v 1.89 2004/06/11 04:06:51 rwatson Exp $
+ * $FreeBSD: src/sys/netinet/ip_divert.c,v 1.90 2004/06/13 02:50:06 rwatson Exp $
*/
#include "opt_inet.h"
@@ -263,7 +263,9 @@
KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null"));
#ifdef MAC
+ SOCK_LOCK(so);
mac_create_mbuf_from_socket(so, m);
+ SOCK_UNLOCK(so);
#endif
if (control)
==== //depot/projects/netperf_socket/sys/netinet/tcp_input.c#7 (text+ko) ====
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
- * $FreeBSD: src/sys/netinet/tcp_input.c,v 1.237 2004/05/02 15:10:17 darrenr Exp $
+ * $FreeBSD: src/sys/netinet/tcp_input.c,v 1.238 2004/06/13 02:50:06 rwatson Exp $
*/
#include "opt_ipfw.h" /* for ipfw_fwd */
@@ -1354,7 +1354,9 @@
tcpstat.tcps_connects++;
soisconnected(so);
#ifdef MAC
+ SOCK_LOCK(so);
mac_set_socket_peer_from_mbuf(m, so);
+ SOCK_UNLOCK(so);
#endif
/* Do window scaling on this connection? */
if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) ==
==== //depot/projects/netperf_socket/sys/netinet/tcp_syncache.c#7 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.57 2004/05/04 02:11:47 rwatson Exp $
+ * $FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.58 2004/06/13 02:50:06 rwatson Exp $
*/
#include "opt_inet.h"
@@ -558,7 +558,9 @@
goto abort2;
}
#ifdef MAC
+ SOCK_LOCK(so);
mac_set_socket_peer_from_mbuf(m, so);
+ SOCK_UNLOCK(so);
#endif
inp = sotoinpcb(so);
==== //depot/projects/netperf_socket/sys/security/mac/mac_socket.c#2 (text+ko) ====
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/security/mac/mac_socket.c,v 1.1 2004/02/26 03:51:04 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/security/mac/mac_socket.c,v 1.2 2004/06/13 02:50:07 rwatson Exp $");
#include "opt_mac.h"
@@ -218,6 +218,7 @@
struct socket *newsocket)
{
+ SOCK_LOCK_ASSERT(oldsocket);
MAC_PERFORM(create_socket_from_socket, oldsocket, oldsocket->so_label,
newsocket, newsocket->so_label);
}
@@ -227,6 +228,7 @@
struct label *newlabel)
{
+ SOCK_LOCK_ASSERT(socket);
MAC_PERFORM(relabel_socket, cred, socket, socket->so_label, newlabel);
}
@@ -235,6 +237,8 @@
{
struct label *label;
+ SOCK_LOCK_ASSERT(socket);
+
label = mac_mbuf_to_label(mbuf);
MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, label, socket,
@@ -246,6 +250,12 @@
struct socket *newsocket)
{
+ /*
+ * XXXRW: only hold the socket lock on one at a time, as one
+ * socket is the original, and one is the new. However, it's
+ * called in both directions, so we can't assert the lock
+ * here currently.
+ */
MAC_PERFORM(set_socket_peer_from_socket, oldsocket,
oldsocket->so_label, newsocket, newsocket->so_peerlabel);
}
@@ -257,6 +267,7 @@
label = mac_mbuf_to_label(mbuf);
+ SOCK_LOCK_ASSERT(socket);
MAC_PERFORM(create_mbuf_from_socket, socket, socket->so_label, mbuf,
label);
}
@@ -267,6 +278,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(socket);
+
if (!mac_enforce_socket)
return (0);
@@ -282,6 +295,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(socket);
+
if (!mac_enforce_socket)
return (0);
@@ -297,6 +312,8 @@
struct label *label;
int error;
+ SOCK_LOCK_ASSERT(socket);
+
if (!mac_enforce_socket)
return (0);
@@ -313,6 +330,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(socket);
+
if (!mac_enforce_socket)
return (0);
@@ -325,6 +344,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(so);
+
if (!mac_enforce_socket)
return (0);
@@ -339,6 +360,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(socket);
+
MAC_CHECK(check_socket_relabel, cred, socket, socket->so_label,
newlabel);
@@ -350,6 +373,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(so);
+
if (!mac_enforce_socket)
return (0);
@@ -363,6 +388,8 @@
{
int error;
+ SOCK_LOCK_ASSERT(socket);
+
if (!mac_enforce_socket)
return (0);
@@ -377,12 +404,24 @@
{
int error;
+ /*
+ * We acquire the socket lock when we perform the test and set,
+ * but have to release it as the pcb code needs to acquire the
+ * pcb lock, which will precede the socket lock in the lock
+ * order. However, this is fine, as any race will simply
+ * result in the inpcb being refreshed twice, but still
+ * consistently, as the inpcb code will acquire the socket lock
+ * before refreshing, holding both locks.
+ */
+ SOCK_LOCK(so);
error = mac_check_socket_relabel(cred, so, label);
- if (error)
+ if (error) {
+ SOCK_UNLOCK(so);
return (error);
+ }
mac_relabel_socket(cred, so, label);
-
+ SOCK_UNLOCK(so);
/*
* If the protocol has expressed interest in socket layer changes,
* such as if it needs to propagate changes to a cached pcb
@@ -419,9 +458,7 @@
if (error)
goto out;
- /* XXX: Socket lock here. */
error = mac_socket_label_set(cred, so, intlabel);
- /* XXX: Socket unlock here. */
out:
mac_socket_label_free(intlabel);
return (error);
@@ -431,6 +468,7 @@
mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
{
char *buffer, *elements;
+ struct label *intlabel;
int error;
error = mac_check_structmac_consistent(mac);
@@ -445,8 +483,13 @@
}
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_socket_label(so->so_label, elements,
- buffer, mac->m_buflen);
+ intlabel = mac_socket_label_alloc(M_WAITOK);
+ SOCK_LOCK(so);
+ mac_copy_socket_label(so->so_label, intlabel);
+ SOCK_UNLOCK(so);
+ error = mac_externalize_socket_label(intlabel, elements, buffer,
+ mac->m_buflen);
+ mac_socket_label_free(intlabel);
if (error == 0)
error = copyout(buffer, mac->m_string, strlen(buffer)+1);
@@ -461,6 +504,7 @@
struct mac *mac)
{
char *elements, *buffer;
+ struct label *intlabel;
int error;
error = mac_check_structmac_consistent(mac);
@@ -475,8 +519,13 @@
}
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_socket_peer_label(so->so_peerlabel,
- elements, buffer, mac->m_buflen);
+ intlabel = mac_socket_label_alloc(M_WAITOK);
+ SOCK_LOCK(so);
+ mac_copy_socket_label(so->so_peerlabel, intlabel);
+ SOCK_UNLOCK(so);
+ error = mac_externalize_socket_peer_label(intlabel, elements, buffer,
+ mac->m_buflen);
+ mac_socket_label_free(intlabel);
if (error == 0)
error = copyout(buffer, mac->m_string, strlen(buffer)+1);
==== //depot/projects/netperf_socket/sys/sys/socketvar.h#13 (text+ko) ====
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*
* @(#)socketvar.h 8.3 (Berkeley) 2/19/95
- * $FreeBSD: src/sys/sys/socketvar.h,v 1.119 2004/06/12 20:47:32 rwatson Exp $
+ * $FreeBSD: src/sys/sys/socketvar.h,v 1.121 2004/06/13 02:50:07 rwatson Exp $
*/
#ifndef _SYS_SOCKETVAR_H_
@@ -124,8 +124,8 @@
void (*so_upcall)(struct socket *, void *, int);
void *so_upcallarg;
struct ucred *so_cred; /* user credentials */
- struct label *so_label; /* MAC label for socket */
- struct label *so_peerlabel; /* cached MAC label for socket peer */
+ struct label *so_label; /* (b) MAC label for socket */
+ struct label *so_peerlabel; /* (b) cached MAC label for peer */
/* NB: generation count must not be first; easiest to make it last. */
so_gen_t so_gencnt; /* generation count */
void *so_emuldata; /* private data for emulators */
@@ -249,6 +249,7 @@
};
#ifdef _KERNEL
+
/*
* Macros for sockets and socket buffering.
*/
More information about the p4-projects
mailing list