From 9e986ac16e888641c9e9fcd1e44ca74b8c201603 Mon Sep 17 00:00:00 2001 From: alc Date: Mon, 22 Dec 2008 17:32:52 +0000 Subject: Make preparations for resurrecting shared/read locks on vm maps: mac_proc_vm_revoke_recurse() requests a read lock on the vm map at the start but does not handle failure by vm_map_lock_upgrade() when it seeks to modify the vm map. At present, this works because all lock request on a vm map are implemented as exclusive locks. Thus, vm_map_lock_upgrade() is a no-op that always reports success. However, that is about to change, and proc_vm_revoke_recurse() will require substantial modifications to handle vm_map_lock_upgrade() failures. For the time being, I am changing mac_proc_vm_revoke_recurse() to request a write lock on the vm map at the start. Approved by: rwatson MFC after: 3 months --- sys/security/mac/mac_process.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'sys/security') diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index dba4769..9e95d10 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -260,7 +260,7 @@ mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, if (!mac_mmap_revocation) return; - vm_map_lock_read(map); + vm_map_lock(map); for (vme = map->header.next; vme != &map->header; vme = vme->next) { if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { mac_proc_vm_revoke_recurse(td, cred, @@ -315,7 +315,6 @@ mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, prot2str(revokeperms), (u_long)vme->start, (long)(vme->end - vme->start), prot2str(vme->max_protection), prot2str(vme->protection)); - vm_map_lock_upgrade(map); /* * This is the really simple case: if a map has more * max_protection than is allowed, but it's not being @@ -369,10 +368,9 @@ mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, vme->protection & ~revokeperms); vm_map_simplify_entry(map, vme); } - vm_map_lock_downgrade(map); VFS_UNLOCK_GIANT(vfslocked); } - vm_map_unlock_read(map); + vm_map_unlock(map); } int -- cgit v1.1