Remove all use of vnode->v_tag, replacing with appropriate substitutes.

v_tag is now const char * and should only be used for debugging.

Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.

Suggested by:   phk
Reviewed by:    bde, rwatson (earlier version)

4 files changed, 24 insertions, 20 deletions

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index d88156b..9c091bd 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -53,6 +53,7 @@
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
+#include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/namei.h>
 #include <sys/file.h>
@@ -1407,11 +1408,8 @@ fdfree(td)
 /*
  * For setugid programs, we don't want to people to use that setugidness
  * to generate error messages which write to a file which otherwise would
- * otherwise be off-limits to the process.
- *
- * This is a gross hack to plug the hole.  A better solution would involve
- * a special vop or other form of generalized access control mechanism.  We
- * go ahead and just reject all procfs filesystems accesses as dangerous.
+ * otherwise be off-limits to the process.  We check for filesystems where
+ * the vnode can change out from under us after execve (like [lin]procfs).
  *
  * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
  * sufficient.  We also don't for check setugidness since we know we are.
@@ -1419,9 +1417,12 @@ fdfree(td)
 static int
 is_unsafe(struct file *fp)
 {
-	if (fp->f_type == DTYPE_VNODE && 
-	    ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
-		return (1);
+	if (fp->f_type == DTYPE_VNODE) {
+		struct vnode *vp = (struct vnode *)fp->f_data;
+
+		if ((vp->v_vflag & VV_PROCDEP) != 0)
+			return (1);
+	}
 	return (0);
 }
 
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 07d7b2d..5926f55 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -1116,9 +1116,9 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred)
 		return (0);
  */
 		/* printf("vn_refreshlabel: null v_mount\n"); */
-		if (vp->v_tag != VT_NON)
+		if (vp->v_type != VNON)
 			printf(
-			    "vn_refreshlabel: null v_mount with non-VT_NON\n");
+			    "vn_refreshlabel: null v_mount with non-VNON\n");
 		return (EBADF);
 	}
 
@@ -2951,8 +2951,8 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
 
 	if (vp->v_mount == NULL) {
 		/* printf("vn_setlabel: null v_mount\n"); */
-		if (vp->v_tag != VT_NON)
-			printf("vn_setlabel: null v_mount with non-VT_NON\n");
+		if (vp->v_type != VNON)
+			printf("vn_setlabel: null v_mount with non-VNON\n");
 		return (EBADF);
 	}
 
diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c
index 8490644..a4e0397 100644
--- a/sys/kern/vfs_bio.c
+++ b/sys/kern/vfs_bio.c
@@ -1211,7 +1211,8 @@ brelse(struct buf * bp)
 	 * background write.
 	 */
 	if ((bp->b_flags & B_VMIO)
-	    && !(bp->b_vp->v_tag == VT_NFS &&
+	    && !(bp->b_vp->v_mount != NULL &&
+		 (bp->b_vp->v_mount->mnt_vfc->vfc_flags & VFCF_NETWORK) != 0 &&
 		 !vn_isdisk(bp->b_vp, NULL) &&
 		 (bp->b_flags & B_DELWRI))
 	    ) {
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index b0be385..933a17f 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -792,7 +792,7 @@ done:
  */
 int
 getnewvnode(tag, mp, vops, vpp)
-	enum vtagtype tag;
+	const char *tag;
 	struct mount *mp;
 	vop_t **vops;
 	struct vnode **vpp;
@@ -1591,14 +1591,16 @@ sched_sync(void)
 			s = splbio();
 			if (LIST_FIRST(slp) == vp) {
 				/*
-				 * Note: v_tag VT_VFS vps can remain on the
+				 * Note: VFS vnodes can remain on the
 				 * worklist too with no dirty blocks, but
 				 * since sync_fsync() moves it to a different
 				 * slot we are safe.
 				 */
 				if (TAILQ_EMPTY(&vp->v_dirtyblkhd) &&
-				    !vn_isdisk(vp, NULL))
-					panic("sched_sync: fsync failed vp %p tag %d", vp, vp->v_tag);
+				    !vn_isdisk(vp, NULL)) {
+					panic("sched_sync: fsync failed "
+					      "vp %p tag %s", vp, vp->v_tag);
+				}
 				/*
 				 * Put us back on the worklist.  The worklist
 				 * routine will remove us from our current
@@ -1812,7 +1814,7 @@ bdevvp(dev, vpp)
 	}
 	if (vfinddev(dev, VCHR, vpp))
 		return (0);
-	error = getnewvnode(VT_NON, (struct mount *)0, spec_vnodeop_p, &nvp);
+	error = getnewvnode("none", (struct mount *)0, spec_vnodeop_p, &nvp);
 	if (error) {
 		*vpp = NULLVP;
 		return (error);
@@ -2382,7 +2384,7 @@ vclean(vp, flags, td)
 	vp->v_op = dead_vnodeop_p;
 	if (vp->v_pollinfo != NULL)
 		vn_pollgone(vp);
-	vp->v_tag = VT_NON;
+	vp->v_tag = "none";
 	vp->v_iflag &= ~VI_XLOCK;
 	vp->v_vxproc = NULL;
 	if (vp->v_iflag & VI_XWANT) {
@@ -3190,7 +3192,7 @@ vfs_allocate_syncvnode(mp)
 	int error;
 
 	/* Allocate a new vnode */
-	if ((error = getnewvnode(VT_VFS, mp, sync_vnodeop_p, &vp)) != 0) {
+	if ((error = getnewvnode("vfs", mp, sync_vnodeop_p, &vp)) != 0) {
 		mp->mnt_syncer = NULL;
 		return (error);
 	}