diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-02-29 15:33:56 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-02-29 15:33:56 +0000 |
| commit | c1b863ca38a168a91fc0a9af58bd8c517458847a (patch) | |
| tree | c567eb68dd71ab9a9e68ae96544eddee259d5757 /sys/security | |
| parent | d108afc2e8f67ee2f8cf2ee59b7637118c70f43a (diff) | |
| download | FreeBSD-src-c1b863ca38a168a91fc0a9af58bd8c517458847a.zip FreeBSD-src-c1b863ca38a168a91fc0a9af58bd8c517458847a.tar.gz | |
Define BPFD_LOCK_ASSERT() to assert the BPF descriptor lock.
Assert the BPF descriptor lock in the MAC calls referencing live
BPF descriptors.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_net.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index f5bb742..a5fc29b 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -292,6 +292,8 @@ mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { struct label *label; + BPFD_LOCK_ASSERT(bpf_d); + label = mac_mbuf_to_label(mbuf); MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf, @@ -350,6 +352,8 @@ mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet) { int error; + BPFD_LOCK_ASSERT(bpf_d); + if (!mac_enforce_network) return (0); |
