diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-10-05 16:46:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-10-05 16:46:03 +0000 |
commit | c98d75349637fed4331f48e5b1b2a9b8ad2472bb (patch) | |
tree | bd3cab7d2eabee2045248977744127da68237200 /sys/kern/kern_mac.c | |
parent | 951c3e53b2ed3b6d204d571d81928a44baf1a85e (diff) | |
download | FreeBSD-src-c98d75349637fed4331f48e5b1b2a9b8ad2472bb.zip FreeBSD-src-c98d75349637fed4331f48e5b1b2a9b8ad2472bb.tar.gz |
Synch from TrustedBSD MAC tree:
- If a policy isn't registered when a policy module unloads, silently
succeed.
- Hold the policy list lock across more of the validity tests to avoid
races.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/kern_mac.c')
-rw-r--r-- | sys/kern/kern_mac.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 85101e1..180b8aa 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -928,16 +928,38 @@ static int mac_policy_unregister(struct mac_policy_conf *mpc) { + /* + * If we fail the load, we may get a request to unload. Check + * to see if we did the run-time registration, and if not, + * silently succeed. + */ + MAC_POLICY_LIST_LOCK(); + if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) { + MAC_POLICY_LIST_UNLOCK(); + return (0); + } #if 0 /* * Don't allow unloading modules with private data. */ - if (mpc->mpc_field_off != NULL) + if (mpc->mpc_field_off != NULL) { + MAC_POLICY_LIST_UNLOCK(); return (EBUSY); + } #endif - if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) + /* + * Only allow the unload to proceed if the module is unloadable + * by its own definition. + */ + if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) { + MAC_POLICY_LIST_UNLOCK(); return (EBUSY); - MAC_POLICY_LIST_LOCK(); + } + /* + * Right now, we EBUSY if the list is in use. In the future, + * for reliability reasons, we might want to sleep and wakeup + * later to try again. + */ if (mac_policy_list_busy > 0) { MAC_POLICY_LIST_UNLOCK(); return (EBUSY); |