diff options
| author | jeff <jeff@FreeBSD.org> | 2002-08-04 10:29:36 +0000 |
|---|---|---|
| committer | jeff <jeff@FreeBSD.org> | 2002-08-04 10:29:36 +0000 |
| commit | 02517b6731ab2da44ce9b49260429744cf0114d5 (patch) | |
| tree | e889f56910bf98cbee3be239655a9e4bbb928b2e /sys/security | |
| parent | a03ca02ee99a255a2c14a75ff8eb488960b13ea7 (diff) | |
| download | FreeBSD-src-02517b6731ab2da44ce9b49260429744cf0114d5.zip FreeBSD-src-02517b6731ab2da44ce9b49260429744cf0114d5.tar.gz | |
- Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
with VOP calls is needed.
- v_iflag is protected by interlock and is used for dealing with vnode
management issues. These flags include X/O LOCK, FREE, DOOMED, etc.
- All accesses to v_iflag and v_vflag have either been locked or marked with
mp_fixme's.
- Many ASSERT_VOP_LOCKED calls have been added where the locking was not
clear.
- Many functions in vfs_subr.c were restructured to provide for stronger
locking.
Idea stolen from: BSD/OS
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/lomac/kernel_interface.c | 6 | ||||
| -rw-r--r-- | sys/security/lomac/kernel_util.c | 5 | ||||
| -rw-r--r-- | sys/security/lomac/lomacfs_subr.c | 2 | ||||
| -rw-r--r-- | sys/security/lomac/lomacfs_vfsops.c | 14 | ||||
| -rw-r--r-- | sys/security/lomac/lomacfs_vnops.c | 4 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_net.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_system.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_vfs.c | 12 |
13 files changed, 72 insertions, 55 deletions
diff --git a/sys/security/lomac/kernel_interface.c b/sys/security/lomac/kernel_interface.c index adaff99..c4a0c04 100644 --- a/sys/security/lomac/kernel_interface.c +++ b/sys/security/lomac/kernel_interface.c @@ -374,7 +374,7 @@ set_object_lattr(lomac_object_t *obj, lattr_t lattr) { vp = obj->lo_object.vnode; KASSERT(!VISLOMAC(vp), ("is a LOMACFS vnode")); VI_LOCK(vp); - vp->v_flag = (vp->v_flag & ~(UV_LEVEL_MASK | UV_ATTR_MASK)) | + vp->v_iflag = (vp->v_iflag & ~(UV_LEVEL_MASK | UV_ATTR_MASK)) | level2uvnodebits(lattr.level) | attr2uvnodebits(lattr.flags); VI_UNLOCK(vp); @@ -453,8 +453,8 @@ get_object_lattr(const lomac_object_t *obj, lattr_t *lattr) { vp = obj->lo_object.vnode; KASSERT(!VISLOMAC(vp), ("is a LOMACFS vnode")); VI_LOCK(vp); - lattr->level = uvnodebits2level(vp->v_flag); - lattr->flags = uvnodebits2attr(vp->v_flag); + lattr->level = uvnodebits2level(vp->v_iflag); + lattr->flags = uvnodebits2attr(vp->v_iflag); VI_UNLOCK(vp); break; case LO_TYPE_VM_OBJECT: diff --git a/sys/security/lomac/kernel_util.c b/sys/security/lomac/kernel_util.c index 4a4999d..91e488e 100644 --- a/sys/security/lomac/kernel_util.c +++ b/sys/security/lomac/kernel_util.c @@ -400,7 +400,7 @@ unmount(td, uap) /* * Must be the root of the filesystem */ - if ((vp->v_flag & VROOT) == 0) { + if ((vp->v_vflag & VV_ROOT) == 0) { vput(vp); return (EINVAL); } @@ -542,7 +542,8 @@ lomac_getcwd( struct dirent *dp; int direof; - if (vp->v_flag & VROOT) { + ASSERT_VOP_LOCKED(vp, "lomac_getcwd"); + if (vp->v_vflag & VV_ROOT) { if (vp->v_mount == NULL) /* forced unmount */ return (EBADF); dvp = vp->v_mount->mnt_vnodecovered; diff --git a/sys/security/lomac/lomacfs_subr.c b/sys/security/lomac/lomacfs_subr.c index 1bd559d..10519da 100644 --- a/sys/security/lomac/lomacfs_subr.c +++ b/sys/security/lomac/lomacfs_subr.c @@ -112,7 +112,7 @@ lomacfs_node_alloc(struct mount *mp, struct componentname *cnp, if (error) panic("lomacfs_node_alloc: can't lock new vnode\n"); if (cnp == NULL) - vp->v_flag |= VROOT; + vp->v_vflag |= VV_ROOT; else if (cnp->cn_flags & MAKEENTRY) cache_enter(dvp, vp, cnp); diff --git a/sys/security/lomac/lomacfs_vfsops.c b/sys/security/lomac/lomacfs_vfsops.c index 95b99e8..4df2484 100644 --- a/sys/security/lomac/lomacfs_vfsops.c +++ b/sys/security/lomac/lomacfs_vfsops.c @@ -121,11 +121,10 @@ lomacfs_unmount(struct mount *mp, int mntflags, struct thread *td) { if (mntflags & MNT_FORCE) flags |= FORCECLOSE; - if (VFSTOLOMAC(mp)->lm_flags & LM_TOOKROOT) { - mtx_lock(&crootvp->v_interlock); - crootvp->v_flag |= VROOT; - mtx_unlock(&crootvp->v_interlock); - } + ASSERT_VOP_LOCKED(crootvp, "lomacfs_unmount"); + + if (VFSTOLOMAC(mp)->lm_flags & LM_TOOKROOT) + crootvp->v_vflag |= VV_ROOT; error = vflush(mp, 1, flags); /* have an extra root ref */ if (error) @@ -167,9 +166,10 @@ lomacfs_root(struct mount *mp, struct vnode **vpp) { * that the mounted-on directory isn't a root vnode if I * want things like __getcwd() to just fail and not crash. */ + mp_fixme("This code needs the vn lock, not interlock."); mtx_lock(&crootvp->v_interlock); - if (crootvp->v_flag & VROOT && crootvp == rootvnode) { - crootvp->v_flag &= ~VROOT; + if (crootvp->v_vflag & VV_ROOT && crootvp == rootvnode) { + crootvp->v_vflag &= ~VV_ROOT; VFSTOLOMAC(mp)->lm_flags |= LM_TOOKROOT; } mtx_unlock(&crootvp->v_interlock); diff --git a/sys/security/lomac/lomacfs_vnops.c b/sys/security/lomac/lomacfs_vnops.c index 28e9a26..9d98e69 100644 --- a/sys/security/lomac/lomacfs_vnops.c +++ b/sys/security/lomac/lomacfs_vnops.c @@ -868,7 +868,7 @@ lomacfs_createvobject( error = VOP_CREATEVOBJECT(lowervp, ap->a_cred, ap->a_td); if (error) return (error); - vp->v_flag |= VOBJBUF; + vp->v_vflag |= VV_OBJBUF; return (error); } @@ -884,7 +884,7 @@ lomacfs_destroyvobject( ) { struct vnode *vp = ap->a_vp; - vp->v_flag &= ~VOBJBUF; + vp->v_vflag &= ~VV_OBJBUF; return (0); } diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 43c03cc..6544f01 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -978,8 +978,9 @@ mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp) MAC_PERFORM(update_vnode_from_mount, vp, &vp->v_label, mp, &mp->mnt_fslabel); + ASSERT_VOP_LOCKED(vp, "mac_update_vnode_from_mount"); if (mac_cache_fslabel_in_vnode) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; } /* @@ -1031,7 +1032,7 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); if (error == 0) - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; else { struct vattr va; @@ -1084,7 +1085,7 @@ vn_refreshlabel(struct vnode *vp, struct ucred *cred) return (EBADF); } - if (vp->v_flag & VCACHEDLABEL) { + if (vp->v_vflag & VV_CACHEDLABEL) { mac_vnode_label_cache_hits++; return (0); } else @@ -1124,6 +1125,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) struct mac extmac; int error; + ASSERT_VOP_LOCKED(tvp, "vop_stdcreatevnode_ea"); if ((dvp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) { mac_update_vnode_from_mount(tvp, tvp->v_mount); } else { @@ -1156,7 +1158,7 @@ vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); if (error == 0) - tvp->v_flag |= VCACHEDLABEL; + tvp->v_vflag |= VV_CACHEDLABEL; else { #if 0 /* @@ -2771,7 +2773,7 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap) mac_relabel_vnode(ap->a_cred, vp, intlabel); - vp->v_flag |= VCACHEDLABEL; + vp->v_vflag |= VV_CACHEDLABEL; return (0); } |
