diff options
Diffstat (limited to 'sys/security/mac/mac_syscalls.c')
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 33 |
1 files changed, 10 insertions, 23 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index a20938c..ff55ec9 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -230,7 +230,7 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) struct pipe *pipe; struct socket *so; short label_type; - int vfslocked, error; + int error; error = copyin(uap->mac_p, &mac, sizeof(mac)); if (error) @@ -262,11 +262,9 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) } vp = fp->f_vnode; intlabel = mac_vnode_label_alloc(); - vfslocked = VFS_LOCK_GIANT(vp->v_mount); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); mac_vnode_copy_label(vp->v_label, intlabel); VOP_UNLOCK(vp, 0); - VFS_UNLOCK_GIANT(vfslocked); error = mac_vnode_externalize_label(intlabel, elements, buffer, mac.m_buflen); mac_vnode_label_free(intlabel); @@ -322,7 +320,7 @@ sys___mac_get_file(struct thread *td, struct __mac_get_file_args *uap) struct nameidata nd; struct label *intlabel; struct mac mac; - int vfslocked, error; + int error; if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); @@ -343,20 +341,18 @@ sys___mac_get_file(struct thread *td, struct __mac_get_file_args *uap) } buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | FOLLOW, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p, td); error = namei(&nd); if (error) goto out; intlabel = mac_vnode_label_alloc(); - vfslocked = NDHASGIANT(&nd); mac_vnode_copy_label(nd.ni_vp->v_label, intlabel); error = mac_vnode_externalize_label(intlabel, elements, buffer, mac.m_buflen); NDFREE(&nd, 0); - VFS_UNLOCK_GIANT(vfslocked); mac_vnode_label_free(intlabel); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); @@ -375,7 +371,7 @@ sys___mac_get_link(struct thread *td, struct __mac_get_link_args *uap) struct nameidata nd; struct label *intlabel; struct mac mac; - int vfslocked, error; + int error; if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); @@ -396,19 +392,17 @@ sys___mac_get_link(struct thread *td, struct __mac_get_link_args *uap) } buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | NOFOLLOW, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p, td); error = namei(&nd); if (error) goto out; intlabel = mac_vnode_label_alloc(); - vfslocked = NDHASGIANT(&nd); mac_vnode_copy_label(nd.ni_vp->v_label, intlabel); error = mac_vnode_externalize_label(intlabel, elements, buffer, mac.m_buflen); NDFREE(&nd, 0); - VFS_UNLOCK_GIANT(vfslocked); mac_vnode_label_free(intlabel); if (error == 0) @@ -432,7 +426,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) struct vnode *vp; struct mac mac; char *buffer; - int error, vfslocked; + int error; error = copyin(uap->mac_p, &mac, sizeof(mac)); if (error) @@ -467,10 +461,8 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) break; } vp = fp->f_vnode; - vfslocked = VFS_LOCK_GIANT(vp->v_mount); error = vn_start_write(vp, &mp, V_WAIT | PCATCH); if (error != 0) { - VFS_UNLOCK_GIANT(vfslocked); mac_vnode_label_free(intlabel); break; } @@ -478,7 +470,6 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) error = vn_setlabel(vp, intlabel, td->td_ucred); VOP_UNLOCK(vp, 0); vn_finished_write(mp); - VFS_UNLOCK_GIANT(vfslocked); mac_vnode_label_free(intlabel); break; @@ -532,7 +523,7 @@ sys___mac_set_file(struct thread *td, struct __mac_set_file_args *uap) struct mount *mp; struct mac mac; char *buffer; - int vfslocked, error; + int error; if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); @@ -558,10 +549,9 @@ sys___mac_set_file(struct thread *td, struct __mac_set_file_args *uap) if (error) goto out; - NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | FOLLOW, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p, td); error = namei(&nd); - vfslocked = NDHASGIANT(&nd); if (error == 0) { error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH); if (error == 0) { @@ -572,7 +562,6 @@ sys___mac_set_file(struct thread *td, struct __mac_set_file_args *uap) } NDFREE(&nd, 0); - VFS_UNLOCK_GIANT(vfslocked); out: mac_vnode_label_free(intlabel); return (error); @@ -586,7 +575,7 @@ sys___mac_set_link(struct thread *td, struct __mac_set_link_args *uap) struct mount *mp; struct mac mac; char *buffer; - int vfslocked, error; + int error; if (!(mac_labeled & MPC_OBJECT_VNODE)) return (EINVAL); @@ -612,10 +601,9 @@ sys___mac_set_link(struct thread *td, struct __mac_set_link_args *uap) if (error) goto out; - NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | NOFOLLOW, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p, td); error = namei(&nd); - vfslocked = NDHASGIANT(&nd); if (error == 0) { error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH); if (error == 0) { @@ -626,7 +614,6 @@ sys___mac_set_link(struct thread *td, struct __mac_set_link_args *uap) } NDFREE(&nd, 0); - VFS_UNLOCK_GIANT(vfslocked); out: mac_vnode_label_free(intlabel); return (error); |