diff options
author | jhb <jhb@FreeBSD.org> | 2002-03-05 18:57:36 +0000 |
---|---|---|
committer | jhb <jhb@FreeBSD.org> | 2002-03-05 18:57:36 +0000 |
commit | 3a1d17e45b65f471a48cabb1b46335480f777c36 (patch) | |
tree | 7e1937b212c5be424e36cf0162f689d568fe1325 /sys/kern | |
parent | 679afc69e30f49b444a094dee93fd3d00543507a (diff) | |
download | FreeBSD-src-3a1d17e45b65f471a48cabb1b46335480f777c36.zip FreeBSD-src-3a1d17e45b65f471a48cabb1b46335480f777c36.tar.gz |
- Use td_ucred for jail checks.
- Move jail checks and some other checks involving constants and stack
variables out from under Giant. This isn't perfectly safe atm because
jail_sysvipc_allowed is read w/o a lock meaning that its value could be
stale. This global variable will soon become a per-jail flag, however,
at which time it will either not need a lock or will use the prison lock.
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/sysv_msg.c | 47 | ||||
-rw-r--r-- | sys/kern/sysv_sem.c | 39 | ||||
-rw-r--r-- | sys/kern/sysv_shm.c | 43 |
3 files changed, 45 insertions, 84 deletions
diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index 2c176dd..a203823 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -288,17 +288,12 @@ msgsys(td, uap) { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(msgcalls)/sizeof(msgcalls[0])) { - error = EINVAL; - goto done2; - } error = (*msgcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } @@ -353,12 +348,10 @@ msgctl(td, uap) #ifdef MSG_DEBUG_OK printf("call to msgctl(%d, %d, 0x%x)\n", msqid, cmd, user_msqptr); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { @@ -498,19 +491,17 @@ msgget(td, uap) int msqid, error = 0; int key = uap->key; int msgflg = uap->msgflg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; register struct msqid_ds *msqptr = NULL; #ifdef MSG_DEBUG_OK printf("msgget(0x%x, 0%o)\n", key, msgflg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); if (key != IPC_PRIVATE) { for (msqid = 0; msqid < msginfo.msgmni; msqid++) { msqptr = &msqids[msqid]; @@ -630,12 +621,10 @@ msgsnd(td, uap) printf("call to msgsnd(%d, 0x%x, %d, %d)\n", msqid, user_msgp, msgsz, msgflg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { @@ -974,12 +963,10 @@ msgrcv(td, uap) msgsz, msgtyp, msgflg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); msqid = IPCID_TO_IX(msqid); if (msqid < 0 || msqid >= msginfo.msgmni) { diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index 1b3c827..2b2e227 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -261,17 +261,12 @@ semsys(td, uap) { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) { - error = EINVAL; - goto done2; - } error = (*semcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } @@ -485,12 +480,10 @@ __semctl(td, uap) #ifdef SEM_DEBUG printf("call to semctl(%d, %d, %d, 0x%x)\n", semid, semnum, cmd, arg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); switch(cmd) { case SEM_STAT: if (semid < 0 || semid >= seminfo.semmsl) @@ -693,17 +686,15 @@ semget(td, uap) int key = uap->key; int nsems = uap->nsems; int semflg = uap->semflg; - struct ucred *cred = td->td_proc->p_ucred; + struct ucred *cred = td->td_ucred; #ifdef SEM_DEBUG printf("semget(0x%x, %d, 0%o)\n", key, nsems, semflg); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); if (key != IPC_PRIVATE) { for (semid = 0; semid < seminfo.semmni; semid++) { if ((sema[semid].sem_perm.mode & SEM_ALLOC) && @@ -834,12 +825,10 @@ semop(td, uap) printf("call to semop(%d, 0x%x, %u)\n", semid, sops, nsops); #endif - mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + mtx_lock(&Giant); semid = IPCID_TO_IX(semid); /* Convert back to zero origin */ if (semid < 0 || semid >= seminfo.semmsl) { diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index fbcca94..1220aec 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -260,11 +260,9 @@ shmdt(td, uap) int i; int error = 0; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(p->p_ucred)) { - error = ENOSYS; - goto done2; - } shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; if (shmmap_s == NULL) { error = EINVAL; @@ -313,11 +311,9 @@ shmat(td, uap) int rv; int error = 0; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(p->p_ucred)) { - error = ENOSYS; - goto done2; - } shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; if (shmmap_s == NULL) { size = shminfo.shmseg * sizeof(struct shmmap_state); @@ -425,11 +421,9 @@ oshmctl(td, uap) struct shmid_ds *shmseg; struct oshmid_ds outbuf; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } shmseg = shm_find_segment_by_shmid(uap->shmid); if (shmseg == NULL) { error = EINVAL; @@ -486,11 +480,9 @@ shmctl(td, uap) struct shmid_ds inbuf; struct shmid_ds *shmseg; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } switch (uap->cmd) { case IPC_INFO: error = copyout( (caddr_t)&shminfo, uap->buf, sizeof( shminfo ) ); @@ -706,11 +698,9 @@ shmget(td, uap) int segnum, mode; int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } mode = uap->shmflg & ACCESSPERMS; if (uap->key != IPC_PRIVATE) { again: @@ -748,17 +738,12 @@ shmsys(td, uap) { int error; + if (!jail_sysvipc_allowed && jailed(td->td_ucred)) + return (ENOSYS); + if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) + return (EINVAL); mtx_lock(&Giant); - if (!jail_sysvipc_allowed && jailed(td->td_proc->p_ucred)) { - error = ENOSYS; - goto done2; - } - if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) { - error = EINVAL; - goto done2; - } error = (*shmcalls[uap->which])(td, &uap->a2); -done2: mtx_unlock(&Giant); return (error); } |