1 files changed, 38 insertions, 9 deletions

diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 6d13505..a0669c7 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson
  * Copyright (c) 2001-2005 McAfee, Inc.
  * Copyright (c) 2006 SPARTA, Inc.
  * All rights reserved.
@@ -1116,6 +1116,8 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
 {
 	struct mac_mls *source, *dest;
 
+	SOCK_LOCK_ASSERT(so);
+
 	source = SLOT(solabel);
 	dest = SLOT(inplabel);
 
@@ -1623,6 +1625,7 @@ mls_socket_check_deliver(struct socket *so, struct label *solabel,
     struct mbuf *m, struct label *mlabel)
 {
 	struct mac_mls *p, *s;
+	int error;
 
 	if (!mls_enabled)
 		return (0);
@@ -1630,7 +1633,11 @@ mls_socket_check_deliver(struct socket *so, struct label *solabel,
 	p = SLOT(mlabel);
 	s = SLOT(solabel);
 
-	return (mls_equal_effective(p, s) ? 0 : EACCES);
+	SOCK_LOCK(so);
+	error = mls_equal_effective(p, s) ? 0 : EACCES;
+	SOCK_UNLOCK(so);
+
+	return (error);
 }
 
 static int
@@ -1640,6 +1647,8 @@ mls_socket_check_relabel(struct ucred *cred, struct socket *so,
 	struct mac_mls *subj, *obj, *new;
 	int error;
 
+	SOCK_LOCK_ASSERT(so);
+
 	new = SLOT(newlabel);
 	subj = SLOT(cred->cr_label);
 	obj = SLOT(solabel);
@@ -1696,8 +1705,12 @@ mls_socket_check_visible(struct ucred *cred, struct socket *so,
 	subj = SLOT(cred->cr_label);
 	obj = SLOT(solabel);
 
-	if (!mls_dominate_effective(subj, obj))
+	SOCK_LOCK(so);
+	if (!mls_dominate_effective(subj, obj)) {
+		SOCK_UNLOCK(so);
 		return (ENOENT);
+	}
+	SOCK_UNLOCK(so);
 
 	return (0);
 }
@@ -1723,19 +1736,26 @@ mls_socket_create_mbuf(struct socket *so, struct label *solabel,
 	source = SLOT(solabel);
 	dest = SLOT(mlabel);
 
+	SOCK_LOCK(so);
 	mls_copy_effective(source, dest);
+	SOCK_UNLOCK(so);
 }
 
 static void
 mls_socket_newconn(struct socket *oldso, struct label *oldsolabel,
     struct socket *newso, struct label *newsolabel)
 {
-	struct mac_mls *source, *dest;
+	struct mac_mls source, *dest;
+
+	SOCK_LOCK(oldso);
+	source = *SLOT(oldsolabel);
+	SOCK_UNLOCK(oldso);
 
-	source = SLOT(oldsolabel);
 	dest = SLOT(newsolabel);
 
-	mls_copy_effective(source, dest);
+	SOCK_LOCK(newso);
+	mls_copy_effective(&source, dest);
+	SOCK_UNLOCK(newso);
 }
 
 static void
@@ -1744,6 +1764,8 @@ mls_socket_relabel(struct ucred *cred, struct socket *so,
 {
 	struct mac_mls *source, *dest;
 
+	SOCK_LOCK_ASSERT(so);
+
 	source = SLOT(newlabel);
 	dest = SLOT(solabel);
 
@@ -1759,7 +1781,9 @@ mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
 	source = SLOT(mlabel);
 	dest = SLOT(sopeerlabel);
 
+	SOCK_LOCK(so);
 	mls_copy_effective(source, dest);
+	SOCK_UNLOCK(so);
 }
 
 static void
@@ -1767,12 +1791,17 @@ mls_socketpeer_set_from_socket(struct socket *oldso,
     struct label *oldsolabel, struct socket *newso,
     struct label *newsopeerlabel)
 {
-	struct mac_mls *source, *dest;
+	struct mac_mls source, *dest;
+
+	SOCK_LOCK(oldso);
+	source = *SLOT(oldsolabel);
+	SOCK_UNLOCK(oldso);
 
-	source = SLOT(oldsolabel);
 	dest = SLOT(newsopeerlabel);
 
-	mls_copy_effective(source, dest);
+	SOCK_LOCK(newso);
+	mls_copy_effective(&source, dest);
+	SOCK_UNLOCK(newso);
 }
 
 static void