Modify the mac_init_ipq() MAC Framework entry point to accept an

additional flags argument to indicate blocking disposition, and
pass in M_NOWAIT from the IP reassembly code to indicate that
blocking is not OK when labeling a new IP fragment reassembly
queue.  This should eliminate some of the WITNESS warnings that
have started popping up since fine-grained IP stack locking
started going in; if memory allocation fails, the creation of
the fragment queue will be aborted.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

16 files changed, 106 insertions, 41 deletions

diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index b12ba2a..3cc856d 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -133,7 +133,7 @@ void	mac_init_bpfdesc(struct bpf_d *);
 void	mac_init_cred(struct ucred *);
 void	mac_init_devfsdirent(struct devfs_dirent *);
 void	mac_init_ifnet(struct ifnet *);
-void	mac_init_ipq(struct ipq *);
+int	mac_init_ipq(struct ipq *, int flag);
 int	mac_init_socket(struct socket *, int flag);
 void	mac_init_pipe(struct pipe *);
 int	mac_init_mbuf(struct mbuf *m, int flag);
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index d536f05..4e00577 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -73,7 +73,7 @@ struct mac_policy_ops {
 	void	(*mpo_init_cred_label)(struct label *label);
 	void	(*mpo_init_devfsdirent_label)(struct label *label);
 	void	(*mpo_init_ifnet_label)(struct label *label);
-	void	(*mpo_init_ipq_label)(struct label *label);
+	int	(*mpo_init_ipq_label)(struct label *label, int flag);
 	int	(*mpo_init_mbuf_label)(struct label *label, int flag);
 	void	(*mpo_init_mount_label)(struct label *label);
 	void	(*mpo_init_mount_fs_label)(struct label *label);
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 6b2e653..17b37d8 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
 	mac_init_ifnet_label(&ifp->if_label);
 }
 
-void
-mac_init_ipq(struct ipq *ipq)
+int
+mac_init_ipq(struct ipq *ipq, int flag)
 {
+	int error;
 
 	mac_init_label(&ipq->ipq_label);
-	MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+
+	MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+		mac_destroy_label(&ipq->ipq_label);
+	}
 #ifdef MAC_DEBUG
-	atomic_add_int(&nmacipqs, 1);
+	if (error == 0)
+		atomic_add_int(&nmacipqs, 1);
 #endif
+	return (error);
 }
 
 int
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 2b045e4..8f2efe4 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -2621,7 +2621,7 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_init_cred_label = mac_biba_init_label,
 	.mpo_init_devfsdirent_label = mac_biba_init_label,
 	.mpo_init_ifnet_label = mac_biba_init_label,
-	.mpo_init_ipq_label = mac_biba_init_label,
+	.mpo_init_ipq_label = mac_biba_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_biba_init_label_waitcheck,
 	.mpo_init_mount_label = mac_biba_init_label,
 	.mpo_init_mount_fs_label = mac_biba_init_label,
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index ef11d63..0287ad2 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -2612,7 +2612,7 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_init_cred_label = mac_lomac_init_label,
 	.mpo_init_devfsdirent_label = mac_lomac_init_label,
 	.mpo_init_ifnet_label = mac_lomac_init_label,
-	.mpo_init_ipq_label = mac_lomac_init_label,
+	.mpo_init_ipq_label = mac_lomac_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_lomac_init_label_waitcheck,
 	.mpo_init_mount_label = mac_lomac_init_label,
 	.mpo_init_mount_fs_label = mac_lomac_init_label,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index ed7ac61..0645cf9 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2384,7 +2384,7 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_init_cred_label = mac_mls_init_label,
 	.mpo_init_devfsdirent_label = mac_mls_init_label,
 	.mpo_init_ifnet_label = mac_mls_init_label,
-	.mpo_init_ipq_label = mac_mls_init_label,
+	.mpo_init_ipq_label = mac_mls_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_mls_init_label_waitcheck,
 	.mpo_init_mount_label = mac_mls_init_label,
 	.mpo_init_mount_fs_label = mac_mls_init_label,
diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c
index 482128a..5bb8a42 100644
--- a/sys/security/mac_none/mac_none.c
+++ b/sys/security/mac_none/mac_none.c
@@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
 	.mpo_init_cred_label = mac_none_init_label,
 	.mpo_init_devfsdirent_label = mac_none_init_label,
 	.mpo_init_ifnet_label = mac_none_init_label,
-	.mpo_init_ipq_label = mac_none_init_label,
+	.mpo_init_ipq_label = mac_none_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
 	.mpo_init_mount_label = mac_none_init_label,
 	.mpo_init_mount_fs_label = mac_none_init_label,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 482128a..5bb8a42 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
 	.mpo_init_cred_label = mac_none_init_label,
 	.mpo_init_devfsdirent_label = mac_none_init_label,
 	.mpo_init_ifnet_label = mac_none_init_label,
-	.mpo_init_ipq_label = mac_none_init_label,
+	.mpo_init_ipq_label = mac_none_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
 	.mpo_init_mount_label = mac_none_init_label,
 	.mpo_init_mount_fs_label = mac_none_init_label,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 2509731..751186d 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -242,12 +242,13 @@ mac_test_init_ifnet_label(struct label *label)
 	atomic_add_int(&init_count_ifnet, 1);
 }
 
-static void
-mac_test_init_ipq_label(struct label *label)
+static int
+mac_test_init_ipq_label(struct label *label, int flag)
 {
 
 	SLOT(label) = IPQMAGIC;
 	atomic_add_int(&init_count_ipq, 1);
+	return (0);
 }
 
 static int