diff options
author | dillon <dillon@FreeBSD.org> | 2001-09-01 04:33:22 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 2001-09-01 04:33:22 +0000 |
commit | 4969658e58791180bd5fd92088d6034a28970f81 (patch) | |
tree | 7869a7b3a8a925e7fdbec8a7a69907a6a0a8c132 /sys/kern | |
parent | e04437f4bee199d94dc426f70fe72d19f8e11ddc (diff) | |
download | FreeBSD-src-4969658e58791180bd5fd92088d6034a28970f81.zip FreeBSD-src-4969658e58791180bd5fd92088d6034a28970f81.tar.gz |
Giant Pushdown ACL syscalls:
__acl_get_file, __acl_set_file, __acl_get_fd, __acl_set_fd,
__acl_delete_file, __acl_delete_fd, __acl_aclcheck_file,
__acl_aclcheck_fd
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_acl.c | 102 | ||||
-rw-r--r-- | sys/kern/subr_acl_posix1e.c | 102 | ||||
-rw-r--r-- | sys/kern/vfs_acl.c | 102 |
3 files changed, 213 insertions, 93 deletions
diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c index 2f03e60..4726bfd 100644 --- a/sys/kern/kern_acl.c +++ b/sys/kern/kern_acl.c @@ -37,6 +37,7 @@ #include <sys/malloc.h> #include <sys/vnode.h> #include <sys/lock.h> +#include <sys/mutex.h> #include <sys/namei.h> #include <sys/file.h> #include <sys/proc.h> @@ -636,6 +637,8 @@ vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type, /* * Given a file path, get an ACL for it + * + * MPSAFE */ int __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) @@ -643,18 +646,23 @@ __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); /* what flags are required here -- possible not LOCKLEAF? */ NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, set an ACL for it + * + * MPSAFE */ int __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) @@ -662,17 +670,22 @@ __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, get an ACL for it + * + * MPSAFE */ int __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) @@ -680,15 +693,20 @@ __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_get_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_get_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file descriptor, set an ACL for it + * + * MPSAFE */ int __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) @@ -696,15 +714,20 @@ __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_set_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_set_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) @@ -712,17 +735,21 @@ __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) @@ -730,15 +757,20 @@ __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - error = vacl_delete(p, (struct vnode *)fp->f_data, SCARG(uap, type)); + if (error == 0) { + error = vacl_delete(p, (struct vnode *)fp->f_data, + SCARG(uap, type)); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) @@ -746,17 +778,22 @@ __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) @@ -764,9 +801,12 @@ __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_aclcheck(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_aclcheck(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 2f03e60..4726bfd 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -37,6 +37,7 @@ #include <sys/malloc.h> #include <sys/vnode.h> #include <sys/lock.h> +#include <sys/mutex.h> #include <sys/namei.h> #include <sys/file.h> #include <sys/proc.h> @@ -636,6 +637,8 @@ vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type, /* * Given a file path, get an ACL for it + * + * MPSAFE */ int __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) @@ -643,18 +646,23 @@ __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); /* what flags are required here -- possible not LOCKLEAF? */ NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, set an ACL for it + * + * MPSAFE */ int __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) @@ -662,17 +670,22 @@ __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, get an ACL for it + * + * MPSAFE */ int __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) @@ -680,15 +693,20 @@ __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_get_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_get_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file descriptor, set an ACL for it + * + * MPSAFE */ int __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) @@ -696,15 +714,20 @@ __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_set_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_set_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) @@ -712,17 +735,21 @@ __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) @@ -730,15 +757,20 @@ __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - error = vacl_delete(p, (struct vnode *)fp->f_data, SCARG(uap, type)); + if (error == 0) { + error = vacl_delete(p, (struct vnode *)fp->f_data, + SCARG(uap, type)); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) @@ -746,17 +778,22 @@ __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) @@ -764,9 +801,12 @@ __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_aclcheck(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_aclcheck(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 2f03e60..4726bfd 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -37,6 +37,7 @@ #include <sys/malloc.h> #include <sys/vnode.h> #include <sys/lock.h> +#include <sys/mutex.h> #include <sys/namei.h> #include <sys/file.h> #include <sys/proc.h> @@ -636,6 +637,8 @@ vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type, /* * Given a file path, get an ACL for it + * + * MPSAFE */ int __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) @@ -643,18 +646,23 @@ __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); /* what flags are required here -- possible not LOCKLEAF? */ NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, set an ACL for it + * + * MPSAFE */ int __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) @@ -662,17 +670,22 @@ __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, get an ACL for it + * + * MPSAFE */ int __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) @@ -680,15 +693,20 @@ __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_get_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_get_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file descriptor, set an ACL for it + * + * MPSAFE */ int __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) @@ -696,15 +714,20 @@ __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_set_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_set_acl(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) @@ -712,17 +735,21 @@ __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, delete an ACL from it. + * + * MPSAFE */ int __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) @@ -730,15 +757,20 @@ __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - error = vacl_delete(p, (struct vnode *)fp->f_data, SCARG(uap, type)); + if (error == 0) { + error = vacl_delete(p, (struct vnode *)fp->f_data, + SCARG(uap, type)); + } + mtx_unlock(&Giant); return (error); } /* * Given a file path, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) @@ -746,17 +778,22 @@ __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) struct nameidata nd; int error; + mtx_lock(&Giant); NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); error = namei(&nd); - if (error) - return(error); - error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); - NDFREE(&nd, 0); + if (error == 0) { + error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), + SCARG(uap, aclp)); + NDFREE(&nd, 0); + } + mtx_unlock(&Giant); return (error); } /* * Given a file descriptor, check an ACL for it + * + * MPSAFE */ int __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) @@ -764,9 +801,12 @@ __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) struct file *fp; int error; + mtx_lock(&Giant); error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); - if (error) - return(error); - return vacl_aclcheck(p, (struct vnode *)fp->f_data, SCARG(uap, type), - SCARG(uap, aclp)); + if (error == 0) { + error = vacl_aclcheck(p, (struct vnode *)fp->f_data, + SCARG(uap, type), SCARG(uap, aclp)); + } + mtx_unlock(&Giant); + return (error); } |