Socket MAC labels so_label and so_peerlabel are now protected by

SOCK_LOCK(so):

- Hold socket lock over calls to MAC entry points reading or
  manipulating socket labels.

- Assert socket lock in MAC entry point implementations.

- When externalizing the socket label, first make a thread-local
  copy while holding the socket lock, then release the socket lock
  to externalize to userspace.

2 files changed, 5 insertions, 0 deletions

diff --git a/sys/netatalk/ddp_input.c b/sys/netatalk/ddp_input.c
index 44c0f6f..679f943 100644
--- a/sys/netatalk/ddp_input.c
+++ b/sys/netatalk/ddp_input.c
@@ -366,10 +366,13 @@ ddp_input(m, ifp, elh, phase)
     }
 
 #ifdef MAC
+    SOCK_LOCK(ddp->ddp_socket);
     if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) {
+	SOCK_UNLOCK(ddp->ddp_socket);
 	m_freem(m);
 	return;
     }
+    SOCK_UNLOCK(ddp->ddp_socket);
 #endif
 
     /* 
diff --git a/sys/netatalk/ddp_output.c b/sys/netatalk/ddp_output.c
index 232fa2b..7270d54 100644
--- a/sys/netatalk/ddp_output.c
+++ b/sys/netatalk/ddp_output.c
@@ -52,7 +52,9 @@ ddp_output(struct mbuf *m, struct socket *so)
     struct ddpcb *ddp = sotoddpcb(so);
 
 #ifdef MAC
+    SOCK_LOCK(so);
     mac_create_mbuf_from_socket(so, m);
+    SOCK_UNLOCK(so);
 #endif
 
     M_PREPEND(m, sizeof(struct ddpehdr), M_TRYWAIT);