cvs commit: src/sys/compat/svr4 svr4_stream.c src/sys/kern
kern_prot.c sys_socket.c uipc_socket2.c uipc_syscalls.c
uipc_usrreq.c src/sys/netatalk ddp_input.c ddp_output.c...
Robert Watson
rwatson at FreeBSD.org
Sun Jun 13 02:50:26 GMT 2004
rwatson 2004-06-13 02:50:07 UTC
FreeBSD src repository
Modified files:
sys/compat/svr4 svr4_stream.c
sys/kern kern_prot.c sys_socket.c uipc_socket2.c
uipc_syscalls.c uipc_usrreq.c
sys/netatalk ddp_input.c ddp_output.c
sys/netinet in_pcb.c ip_divert.c tcp_input.c
tcp_syncache.c
sys/security/mac mac_socket.c
sys/sys socketvar.h
Log:
Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so):
- Hold socket lock over calls to MAC entry points reading or
manipulating socket labels.
- Assert socket lock in MAC entry point implementations.
- When externalizing the socket label, first make a thread-local
copy while holding the socket lock, then release the socket lock
to externalize to userspace.
Revision Changes Path
1.47 +4 -0 src/sys/compat/svr4/svr4_stream.c
1.183 +2 -0 src/sys/kern/kern_prot.c
1.58 +4 -0 src/sys/kern/sys_socket.c
1.129 +2 -0 src/sys/kern/uipc_socket2.c
1.192 +12 -0 src/sys/kern/uipc_syscalls.c
1.124 +2 -0 src/sys/kern/uipc_usrreq.c
1.24 +3 -0 src/sys/netatalk/ddp_input.c
1.24 +2 -0 src/sys/netatalk/ddp_output.c
1.149 +4 -1 src/sys/netinet/in_pcb.c
1.90 +2 -0 src/sys/netinet/ip_divert.c
1.238 +2 -0 src/sys/netinet/tcp_input.c
1.58 +2 -0 src/sys/netinet/tcp_syncache.c
1.2 +57 -8 src/sys/security/mac/mac_socket.c
1.121 +2 -2 src/sys/sys/socketvar.h
More information about the cvs-src
mailing list