From db4f882c76df49663bf718c966c5e5fd6bebaff4 Mon Sep 17 00:00:00 2001
From: arr <arr@FreeBSD.org>
Date: Mon, 25 Mar 2002 18:26:34 +0000
Subject: - Recommit the securelevel_gt() calls removed by commits rev. 1.84 of
   kern_linker.c and rev. 1.237 of vfs_syscalls.c since these are not the  
 source of the recent panics occuring around kldloading file system   support
 modules.

Requested by: rwatson
---
 sys/kern/kern_linker.c  | 12 ++++++------
 sys/kern/vfs_extattr.c  |  5 +++++
 sys/kern/vfs_syscalls.c |  5 +++++
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index 192877c..1050b33 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -698,11 +698,11 @@ kldload(struct thread *td, struct kldload_args *uap)
 
 	td->td_retval[0] = -1;
 
-	if (securelevel > 0)	/* redundant, but that's OK */
-		return (EPERM);
-
 	mtx_lock(&Giant);
 
+	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
+		goto out;
+
 	if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
 		goto out;
 
@@ -745,11 +745,11 @@ kldunload(struct thread *td, struct kldunload_args *uap)
 	linker_file_t lf;
 	int error = 0;
 
-	if (securelevel > 0)	/* redundant, but that's OK */
-		return (EPERM);
-
 	mtx_lock(&Giant);
 
+	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
+		goto out;
+
 	if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
 		goto out;
 
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 915e26a..77eece4 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
 			vput(vp);
 			return error;
 		}
+		error = securelevel_gt(td->td_ucred, 0);
+		if (error != 0) {
+			vput(vp);
+			return (EPERM);
+		}
 		error = linker_load_file(fstype, &lf);
 		if (error || lf == NULL) {
 			vput(vp);
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 915e26a..77eece4 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -307,6 +307,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
 			vput(vp);
 			return error;
 		}
+		error = securelevel_gt(td->td_ucred, 0);
+		if (error != 0) {
+			vput(vp);
+			return (EPERM);
+		}
 		error = linker_load_file(fstype, &lf);
 		if (error || lf == NULL) {
 			vput(vp);
-- 
cgit v1.1