diff options
author | rwatson <rwatson@FreeBSD.org> | 2004-06-13 02:50:07 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2004-06-13 02:50:07 +0000 |
commit | f1bc833e9552e6874a5343bfd4a0b2999a185b42 (patch) | |
tree | b82bb2c8445f7117f831d6287d086e05ebd1953e /sys/netinet | |
parent | b173c880aa20391adf396c098a510e93c583ec02 (diff) | |
download | FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.zip FreeBSD-src-f1bc833e9552e6874a5343bfd4a0b2999a185b42.tar.gz |
Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so):
- Hold socket lock over calls to MAC entry points reading or
manipulating socket labels.
- Assert socket lock in MAC entry point implementations.
- When externalizing the socket label, first make a thread-local
copy while holding the socket lock, then release the socket lock
to externalize to userspace.
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in_pcb.c | 5 | ||||
-rw-r--r-- | sys/netinet/ip_divert.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_input.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_reass.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_syncache.c | 2 |
5 files changed, 12 insertions, 1 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index ad461fd..adad6de 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -176,7 +176,9 @@ in_pcballoc(so, pcbinfo, type) error = mac_init_inpcb(inp, M_NOWAIT); if (error != 0) goto out; + SOCK_LOCK(so); mac_create_inpcb_from_socket(so, inp); + SOCK_UNLOCK(so); #endif #if defined(IPSEC) || defined(FAST_IPSEC) #ifdef FAST_IPSEC @@ -1175,10 +1177,11 @@ in_pcbsosetlabel(so) #ifdef MAC struct inpcb *inp; - /* XXX: Will assert socket lock when we have them. */ inp = (struct inpcb *)so->so_pcb; INP_LOCK(inp); + SOCK_LOCK(so); mac_inpcb_sosetlabel(so, inp); + SOCK_UNLOCK(so); INP_UNLOCK(inp); #endif } diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index ccf0d96..f745fea 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -263,7 +263,9 @@ div_output(struct socket *so, struct mbuf *m, KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null")); #ifdef MAC + SOCK_LOCK(so); mac_create_mbuf_from_socket(so, m); + SOCK_UNLOCK(so); #endif if (control) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 6178bfb..04b4d2c 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1352,7 +1352,9 @@ after_listen: tcpstat.tcps_connects++; soisconnected(so); #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_mbuf(m, so); + SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) == diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 6178bfb..04b4d2c 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -1352,7 +1352,9 @@ after_listen: tcpstat.tcps_connects++; soisconnected(so); #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_mbuf(m, so); + SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) == diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 1fb7e99..640a9f0 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -559,7 +559,9 @@ syncache_socket(sc, lso, m) goto abort2; } #ifdef MAC + SOCK_LOCK(so); mac_set_socket_peer_from_mbuf(m, so); + SOCK_UNLOCK(so); #endif inp = sotoinpcb(so); |