PERFORCE change 23058 for review

Brian Feldman green at freebsd.org
Thu Jan 2 20:19:47 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=23058

Change 23058 by green at green_laptop_2 on 2003/01/02 12:18:49

	* Add locking to SEBSD's AVC.  Linux uses spin-locks here, but
	  in FreeBSD spin-locks are almost always the improper type to
	  use.
	* Add some locking-related comments to the SEBSD sysctls.
	* Remove the debugging printf() from the SEBSD syscalls.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 (text+ko) ====

@@ -20,6 +20,7 @@
 #include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
+#include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
 #include <sys/sysproto.h>
@@ -43,6 +44,8 @@
 extern int ss_initialized;
 int avc_debug_always_allow = 1;
 
+struct mtx avc_lock;
+
 typedef struct avc_node {
 	struct avc_entry ae;
 	struct avc_node *next;
@@ -231,6 +234,7 @@
 	avc_audit_buffer = (char *)malloc(4000, M_SEBSD_AVC, M_WAITOK);
 	if (!avc_audit_buffer)
 		panic("AVC:  unable to allocate audit buffer\n");
+	mtx_init(&avc_lock, "SEBSD AVC", NULL, MTX_DEF);
 }
 
 /* 
@@ -612,7 +616,7 @@
 	avc_node_t     *node;	
 	int i;
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 
 	if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
 		/* apply to all matching nodes */
@@ -634,7 +638,7 @@
 		}
 	}
 
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 
 	return 0;
 }
@@ -693,10 +697,10 @@
 		*out_retained = tretained;
 	}
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 	if (seqno > avc_cache.latest_notif)
 		avc_cache.latest_notif = seqno;
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 	
 	return 0;
 }
@@ -760,7 +764,7 @@
 
 	avc_hash_eval("reset");
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 
 	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 		node = avc_cache.slots[i];
@@ -780,7 +784,7 @@
 	}
 	avc_cache.lru_hint = 0;
 
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 
 	for (i = 0; i < AVC_NSTATS; i++)
 		avc_cache_stats[i] = 0;
@@ -794,10 +798,10 @@
 		}
 	}
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 	if (seqno > avc_cache.latest_notif)
 		avc_cache.latest_notif = seqno;
-/* 	spin_unlock(&avc_lock);	 */
+	mtx_unlock(&avc_lock);
 
 	return 0;
 }

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 (text+ko) ====

@@ -23,6 +23,8 @@
 #ifdef _KERNEL
 #include <sys/malloc.h>
 MALLOC_DECLARE(M_SEBSD_AVC);
+#include <sys/lock.h>
+#include <sys/mutex.h>
 #else /* _KERNEL */
 #include <unistd.h>
 #endif /* _KERNEL */
@@ -123,9 +125,7 @@
         { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
 
 
-#ifdef CDV_TBD
-/* extern spinlock_t avc_lock; */
-#endif
+extern struct mtx avc_lock;
 
 
 /* 
@@ -240,11 +240,10 @@
 {
 	struct avc_entry *ae;
 	int             rc;
-/* 	unsigned long	flags; */
 	struct avc_entry entry;
 	__u32 seqno;
 
-/* 	spin_lock_irqsave(&avc_lock, flags); */
+	mtx_lock(&avc_lock);
 	avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
 	ae = aeref->ae;
 	if (ae) {
@@ -264,7 +263,7 @@
 		avc_cache_stats_incr(AVC_ENTRY_MISSES);
 		rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
 		if (rc) {
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			rc = security_compute_av(ssid,tsid,tclass,requested,
 						 &entry.allowed, 
 						 &entry.decided,
@@ -273,10 +272,10 @@
 						 &seqno);
 			if (rc)
 				return rc;
-/* 			spin_lock_irqsave(&avc_lock, flags); */
+			mtx_lock(&avc_lock);
 			rc = avc_insert(ssid,tsid,tclass,&entry,seqno,aeref);
 			if (rc) {
-/* 				spin_unlock_irqrestore(&avc_lock,flags); */
+				mtx_unlock(&avc_lock);
 				return rc;
 			}
 		}
@@ -293,14 +292,14 @@
 #ifndef __TBD_CDV__
 		if (avc_debug_always_allow) {
 			ae->allowed |= requested; 
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			return 0;
 		} else {
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			return -EACCES;
 		}
 #else /* __TBD_CDV__ */
-/* 		spin_unlock_irqrestore(&avc_lock,flags); */
+		mtx_unlock(&avc_lock);
 		return -EACCES;
 #endif /* __TBD_CDV__ */
 	}
@@ -309,7 +308,7 @@
 		avc_audit(ssid, tsid, tclass, requested, ae, 
 			  AVC_AUDITALLOW, auditdata);
 
-/* 	spin_unlock_irqrestore(&avc_lock,flags); */
+	mtx_unlock(&avc_lock);
 	return 0;    
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 (text+ko) ====

@@ -89,7 +89,5 @@
 		break;
 	}
 
-	printf("SEBSD syscall: call=%d err=%d\n", call, err);
-
 	return err;
 }

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 (text+ko) ====

@@ -67,6 +67,11 @@
 	error = SYSCTL_OUT(req, buffer, len);
 	if (error)
 		goto out;
+	/*
+	 * XXX What's keeping the SID table from changing?  POLICY_RDLOCK
+	 * would not be able to do it as of now, so what we really need is
+	 * SIDTAB_LOCK.
+	 */
 	for (i = 0; i < SIDTAB_SIZE; i++) {
 		cur = sidtab.htable[i];
 		while (cur != NULL && count > 0) {
@@ -155,6 +160,9 @@
 		goto out;
 	}
 	username = context + len + 1;
+	/*
+	 * XXX We need POLICY_RDLOCK here, but it's not exported!
+	 */
 	error = security_context_to_sid(context, len + 1, &sid);
 	if (error)
 		goto out;
@@ -211,6 +219,9 @@
 		goto out;
 	}
 	bcopy(&scontext[strlen(scontext) + 1], &tclass, sizeof(tclass));
+	/*
+	 * XXX We need POLICY_RDLOCK here, but it's not exported!
+	 */
 	error = security_context_to_sid(scontext, strlen(scontext) + 1, &sid);
 	if (error)
 		goto out;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list