PERFORCE change 52022 for review

Sat May 1 03:28:51 GMT 2004

http://perforce.freebsd.org/chv.cgi?CH=52022

Change 52022 by rwatson at rwatson_tislabs on 2004/04/30 20:28:16

	Apply changes from changeset 51880 to the TrustedBSD MAC branch
	for testing prior to merge to the base FreeBSD tree:
	
	In IP divert sockets, annotate that it would be preferable to use
	the inpcb label to the socket label when sending an outgoing packet,
	but don't change it for now because the inpcb isn't always used when
	transmitting.  
	
	In raw sockets, assert the inpcb lock when sending with a raw
	socket (it's always true, and also necessary).  Re-code the MAC
	Framework interaction here to use the inpcb rather than the socket
	label to avoid interactions between inpcb and socket locking while
	holding the inpcb lock.
	
	In tcp_input(), assert the inpcb lock before checking with MAC that
	the inpcb can receive the mbuf.  This is redundant with a locking 
	assertion in the MAC Framework.
	
	In tcp_output(), use the TCP inpcb rather than the socket to set
	the label for a new mbuf.  This avoids acquiring the socket lock
	when we already hold the inpcb lock, which is sufficient.
	
	In tcp_respond() and tcp_twrespond(), perform initial assertions
	and setup of the inp pointer before starting to handle the packet.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/netinet/ip_divert.c#21 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#31 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#50 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_output.c#22 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#43 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_syncache.c#26 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#30 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/netinet/ip_divert.c#21 (text+ko) ====

@@ -282,6 +282,9 @@
 	KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null"));
 
 #ifdef MAC
+	/*
+	 * XXXRW: perhaps should be mac_create_mbuf_from_inpcb()?
+	 */
 	mac_create_mbuf_from_socket(so, m);
 #endif
 

==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#31 (text+ko) ====

@@ -145,6 +145,8 @@
 {
 	int policyfail = 0;
 
+	INP_LOCK_ASSERT(last);
+
 #if defined(IPSEC) || defined(FAST_IPSEC)
 	/* check AH/ESP integrity. */
 	if (ipsec4_in_reject(n, last)) {
@@ -244,9 +246,22 @@
 	struct inpcb *inp = sotoinpcb(so);
 	int flags = (so->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST;
 
+	/*
+	 * XXXRW: Due to use of inp fields later in this function, the
+	 * inp lock almost certainly needs to be held for the duration
+	 * of the function, not just the MAC entry point.
+	 */
 #ifdef MAC
+	INP_LOCK(inp);
+	mac_create_mbuf_from_inpcb(inp, m);
+	INP_UNLOCK(inp);
+#if 0
+	/*
+	 * XXXRW: Use inpcb instead.
+	 */
 	mac_create_mbuf_from_socket(so, m);
 #endif
+#endif
 
 	/*
 	 * If the user handed us a complete IP packet, use it.

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#50 (text+ko) ====

@@ -751,6 +751,7 @@
 		tiwin = th->th_win;
 
 #ifdef MAC
+	INP_LOCK_ASSERT(inp);
 	if (mac_check_inpcb_deliver(inp, m))
 		goto drop;
 #endif

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_output.c#22 (text+ko) ====

@@ -696,8 +696,14 @@
 	}
 	m->m_pkthdr.rcvif = (struct ifnet *)0;
 #ifdef MAC
+	/*
+	 * XXX: use mac_create_mbuf_from_inpcb(inp, m) instead of socket.
+	 */
+	mac_create_mbuf_from_inpcb(tp->t_inpcb, m);
+#if 0
 	mac_create_mbuf_from_socket(so, m);
 #endif
+#endif
 #ifdef INET6
 	if (isipv6) {
 		ip6 = mtod(m, struct ip6_hdr *);

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#43 (text+ko) ====

@@ -402,7 +402,7 @@
 	int isipv6;
 #endif /* INET6 */
 	int ipflags = 0;
-	struct inpcb *inp = NULL;
+	struct inpcb *inp;
 
 	KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL"));
 
@@ -417,6 +417,10 @@
 		KASSERT(inp != NULL, ("tcp control block w/o inpcb"));
 		INP_INFO_WLOCK_ASSERT(&tcbinfo);
 		INP_LOCK_ASSERT(inp);
+	} else
+		inp = NULL;
+
+	if (tp != NULL) {
 		if (!(flags & TH_RST)) {
 			win = sbspace(&inp->inp_socket->so_rcv);
 			if (win > (long)TCP_MAXWIN << tp->rcv_scale)
@@ -499,7 +503,14 @@
 		 * Packet is associated with a socket, so allow the
 		 * label of the response to reflect the socket label.
 		 */
+		INP_LOCK_ASSERT(inp);
+		mac_create_mbuf_from_inpcb(inp, m);
+#if 0
+		/*
+		 * XXXRW: Use inpcb instead of socket here.
+		 */
 		mac_create_mbuf_from_socket(inp->inp_socket, m);
+#endif
 	} else {
 		/*
 		 * Packet is not associated with a socket, so possibly

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_syncache.c#26 (text+ko) ====

@@ -1129,8 +1129,15 @@
 	inp = sc->sc_tp->t_inpcb;
 	INP_LOCK(inp);
 #ifdef MAC
+	/*
+	 * XXXRW: Should be mac_create_mbuf_from_inpcb(inp, m) rather than
+	 * from socket for locking reasons.
+	 */
+	mac_create_mbuf_from_inpcb(inp, m);
+#if 0
 	mac_create_mbuf_from_socket(inp->inp_socket, m);
 #endif
+#endif
 
 #ifdef INET6
 	if (sc->sc_inc.inc_isipv6) {

==== //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#30 (text+ko) ====

@@ -457,6 +457,8 @@
 	struct sockaddr *append_sa;
 	struct mbuf *opts = 0;
 
+	INP_LOCK_ASSERT(inp);
+
 #if defined(IPSEC) || defined(FAST_IPSEC)
 	/* check AH/ESP integrity. */
 	if (ipsec4_in_reject(n, last)) {
@@ -734,8 +736,14 @@
 
 	INP_LOCK_ASSERT(inp);
 #ifdef MAC
+	/*
+	 * XXXRW: Use inpcb instead of socket.
+	 */
+	mac_create_mbuf_from_inpcb(inp, m);
+#if 0
 	mac_create_mbuf_from_socket(inp->inp_socket, m);
 #endif
+#endif
 
 	if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) {
 		error = EMSGSIZE;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

