diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-10-30 14:20:59 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-10-30 14:20:59 +0000 |
| commit | 3cbfc417981b51b99dd1b76543b4652db85a135c (patch) | |
| tree | d4cf33e5571ebddd0c4c24c857404f1cc1e76ebf /sys/security | |
| parent | 582a105e3514fc54946a0b6cf1df5d9af5224f9c (diff) | |
| download | FreeBSD-src-3cbfc417981b51b99dd1b76543b4652db85a135c.zip FreeBSD-src-3cbfc417981b51b99dd1b76543b4652db85a135c.tar.gz | |
Disable use of synchronization early in the boot by the MAC Framework;
for modules linked into the kernel or loaded very early, panics will
result otherwise, as the CV code it calls will panic due to its use
of a mutex before it is initialized.
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 21 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 21 |
2 files changed, 42 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index db6fc59..d2a6749 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -188,6 +188,9 @@ mac_policy_grab_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__); mtx_lock(&mac_policy_mtx); @@ -201,6 +204,9 @@ mac_policy_assert_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_assert(&mac_policy_mtx, MA_OWNED); KASSERT(mac_policy_count == 0, ("mac_policy_assert_exclusive(): not exclusive")); @@ -212,6 +218,9 @@ mac_policy_release_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + KASSERT(mac_policy_count == 0, ("mac_policy_release_exclusive(): not exclusive")); mtx_unlock(&mac_policy_mtx); @@ -224,6 +233,9 @@ mac_policy_list_busy(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_lock(&mac_policy_mtx); mac_policy_count++; mtx_unlock(&mac_policy_mtx); @@ -236,6 +248,9 @@ mac_policy_list_conditional_busy(void) #ifndef MAC_STATIC int ret; + if (!mac_late) + return (1); + mtx_lock(&mac_policy_mtx); if (!LIST_EMPTY(&mac_policy_list)) { mac_policy_count++; @@ -245,6 +260,9 @@ mac_policy_list_conditional_busy(void) mtx_unlock(&mac_policy_mtx); return (ret); #else + if (!mac_late) + return (1); + return (1); #endif } @@ -254,6 +272,9 @@ mac_policy_list_unbusy(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_lock(&mac_policy_mtx); mac_policy_count--; KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK")); diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index db6fc59..d2a6749 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -188,6 +188,9 @@ mac_policy_grab_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__); mtx_lock(&mac_policy_mtx); @@ -201,6 +204,9 @@ mac_policy_assert_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_assert(&mac_policy_mtx, MA_OWNED); KASSERT(mac_policy_count == 0, ("mac_policy_assert_exclusive(): not exclusive")); @@ -212,6 +218,9 @@ mac_policy_release_exclusive(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + KASSERT(mac_policy_count == 0, ("mac_policy_release_exclusive(): not exclusive")); mtx_unlock(&mac_policy_mtx); @@ -224,6 +233,9 @@ mac_policy_list_busy(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_lock(&mac_policy_mtx); mac_policy_count++; mtx_unlock(&mac_policy_mtx); @@ -236,6 +248,9 @@ mac_policy_list_conditional_busy(void) #ifndef MAC_STATIC int ret; + if (!mac_late) + return (1); + mtx_lock(&mac_policy_mtx); if (!LIST_EMPTY(&mac_policy_list)) { mac_policy_count++; @@ -245,6 +260,9 @@ mac_policy_list_conditional_busy(void) mtx_unlock(&mac_policy_mtx); return (ret); #else + if (!mac_late) + return (1); + return (1); #endif } @@ -254,6 +272,9 @@ mac_policy_list_unbusy(void) { #ifndef MAC_STATIC + if (!mac_late) + return; + mtx_lock(&mac_policy_mtx); mac_policy_count--; KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK")); |
