PERFORCE change 76561 for review

Thu May 5 16:06:40 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=76561

Change 76561 by csjp at csjp_xor on 2005/05/05 16:05:39

	
	Fix long standing kernel panic associated with NFS. The problem
	stems from dispatching VOP_GETATTR from the kernel using NOCRED.
	The NFS subsystem will dereference ucred when forming the NFS
	request resulting in a panic.
	
	I have changed the code to use the calling credential of the user
	in order to retrieve information about the file. However this
	in itself is fairly futile in that NFS does not support extended
	attributes. While this change should not do any harm, a more long
	term fix would be to implement an efficient way to check the
	capabilities of the files system. 

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#5 (text+ko) ====

@@ -204,10 +204,11 @@
 	struct vcache_fs *vfc;
 	struct vattr va, *vap;
 	int error;
+	struct thread *td = curthread;	/* XXX */
 
 	ASSERT_VOP_LOCKED(vp, "mac_chkexec_get_fs_cache: no vlock held");
 	vap = &va;
-	error = VOP_GETATTR(vp, vap, NOCRED, curthread);
+	error = VOP_GETATTR(vp, vap, td->td_ucred, td);
 	if (error)
 		return (NULL);
 	mtx_lock(&cache_mtx);
@@ -239,6 +240,7 @@
 	struct vcache *vcp;
 	int error;
 	struct vattr *vap, va;
+	struct thread *td = curthread;
 
 	ASSERT_VOP_LOCKED(vp, "no vlock held");
 	if (!mac_chkexec_cache)
@@ -249,7 +251,7 @@
 	if (vfc == NULL)
 		return;
 	vap = &va;
-	error = VOP_GETATTR(vp, vap, NOCRED, curthread);
+	error = VOP_GETATTR(vp, vap, td->td_ucred, td);
 	if (error)
 		return;
 	vcp = uma_zalloc(cache_zone, M_WAITOK);
@@ -284,13 +286,14 @@
 	struct vcache_fs *vfc;
 	struct vattr *vap, va;
 	int error;
+	struct thread *td = curthread;
 
 	ASSERT_VOP_LOCKED(vp, "no vlock held");
 	vfc = mac_chkexec_get_fs_cache(vp);
 	if (vfc == NULL)
 		return;
 	vap = &va;
-	error = VOP_GETATTR(vp, vap, NOCRED, curthread);
+	error = VOP_GETATTR(vp, vap, td->td_ucred, td);
 	if (error)
 		return;
 	vc.fileid = vap->va_fileid;
@@ -319,12 +322,13 @@
 	int error;
 	struct vcache_fs *vfc;
 	struct vattr va, *vap;
+	struct thread *td = curthread;
 
 	if (!mac_chkexec_cache)
 		return (NULL);
 	ASSERT_VOP_LOCKED(vp, "no vlock held");
 	vap = &va;
-	error = VOP_GETATTR(vp, &va, NOCRED, curthread);
+	error = VOP_GETATTR(vp, &va, td->td_ucred, td);
 	if (error)
 		return (NULL);
 	vfc = mac_chkexec_get_fs_cache(vp);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

