Socket MAC labels so_label and so_peerlabel are now protected by

SOCK_LOCK(so): - Hold socket lock over calls to MAC entry points reading or manipulating socket labels. - Assert socket lock in MAC entry point implementations. - When externalizing the socket label, first make a thread-local copy while holding the socket lock, then release the socket lock to externalize to userspace.
author: rwatson <rwatson@FreeBSD.org> 2004-06-13 02:50:07 +0000
committer: rwatson <rwatson@FreeBSD.org> 2004-06-13 02:50:07 +0000
commit: f1bc833e9552e6874a5343bfd4a0b2999a185b42 (patch)
tree: b82bb2c8445f7117f831d6287d086e05ebd1953e /sys/netinet/in_pcb.c
parent: b173c880aa20391adf396c098a510e93c583ec02 (diff)
download: FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.zip
FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index ad461fd..adad6de 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -176,7 +176,9 @@ in_pcballoc(so, pcbinfo, type)
 	error = mac_init_inpcb(inp, M_NOWAIT);
 	if (error != 0)
 		goto out;
+	SOCK_LOCK(so);
 	mac_create_inpcb_from_socket(so, inp);
+	SOCK_UNLOCK(so);
 #endif
 #if defined(IPSEC) || defined(FAST_IPSEC)
 #ifdef FAST_IPSEC
@@ -1175,10 +1177,11 @@ in_pcbsosetlabel(so)
 #ifdef MAC
 	struct inpcb *inp;
 
-	/* XXX: Will assert socket lock when we have them. */
 	inp = (struct inpcb *)so->so_pcb;
 	INP_LOCK(inp);
+	SOCK_LOCK(so);
 	mac_inpcb_sosetlabel(so, inp);
+	SOCK_UNLOCK(so);
 	INP_UNLOCK(inp);
 #endif
 }
author	rwatson <rwatson@FreeBSD.org>	2004-06-13 02:50:07 +0000
committer	rwatson <rwatson@FreeBSD.org>	2004-06-13 02:50:07 +0000
commit	f1bc833e9552e6874a5343bfd4a0b2999a185b42 (patch)
tree	b82bb2c8445f7117f831d6287d086e05ebd1953e /sys/netinet/in_pcb.c
parent	b173c880aa20391adf396c098a510e93c583ec02 (diff)
download	FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.zip FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.tar.gz