PERFORCE change 15683 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 8 15:25:26 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15683
Change 15683 by rwatson at rwatson_paprika on 2002/08/08 08:25:24
Add an IO_NOMACCHECK vnode operation flag to vn_rdwr(), which permits
callers to specify that MAC checks are not required. This is needed
because vn_rdwr() is used both to service user requests directly,
and as a utility function inside UFS and ext2fs. Set the flag
when invoking vn_rdwr() inside file systems, but otherwise not.
Note that vn_rdwr() still needs an active_cred/saved_cred argument.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 edit
.. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 edit
.. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 (text+ko) ====
@@ -1009,8 +1009,9 @@
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
for (off = 0; off < ip->i_size; off += dp->rec_len) {
- error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
- UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
+ error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
+ off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
+ &count, (struct thread *)0);
/*
* Since we read MINDIRSIZ, residual must
* be 0 unless we're at end of file.
@@ -1074,7 +1075,8 @@
}
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
- IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
+ IO_NODELOCKED | IO_NOMACCHEK, cred, (int *)0,
+ (struct thread *)0);
if (error != 0)
break;
namlen = dirbuf.dotdot_type; /* like ufs little-endian */
==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 (text+ko) ====
@@ -1220,7 +1220,7 @@
dp->i_flag |= IN_CHANGE;
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0,
- UIO_SYSSPACE, IO_NODELOCKED,
+ UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
tcnp->cn_cred, (int *)0, (struct thread *)0);
if (error == 0) {
/* Like ufs little-endian: */
@@ -1236,9 +1236,9 @@
(caddr_t)&dirbuf,
sizeof (struct dirtemplate),
(off_t)0, UIO_SYSSPACE,
- IO_NODELOCKED|IO_SYNC,
- tcnp->cn_cred, (int *)0,
- (struct thread *)0);
+ IO_NODELOCKED | IO_SYNC |
+ IO_NOMACCHECK, tcnp->cn_cred,
+ (int *)0, (struct thread *)0);
cache_purge(fdvp);
}
}
@@ -1373,7 +1373,8 @@
dirtemplate.dotdot_reclen = DIRBLKSIZ - 12;
error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate,
sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE,
- IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0);
+ IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0,
+ (struct thread *)0);
if (error) {
dp->i_nlink--;
dp->i_flag |= IN_CHANGE;
@@ -1509,8 +1510,8 @@
ip->i_flag |= IN_CHANGE | IN_UPDATE;
} else
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
- UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
- (struct thread *)0);
+ UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACHCHECK,
+ ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
if (error)
vput(vp);
return (error);
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 (text+ko) ====
@@ -398,23 +398,19 @@
auio.uio_segflg = segflg;
auio.uio_rw = rw;
auio.uio_td = td;
- if (rw == UIO_READ) {
-#if 0
+ error = 0;
#ifdef MAC
- /* XXXMAC: we should pass in active_cred to vn_rdwr(). */
- error = mac_check_vnode_read(td->td_ucred, cred, vp);
- if (error == 0)
+ if ((ioflg & IO_NOMACCHECK) == 0) {
+ if (rw == UIO_READ)
+ error = mac_check_vnode_read(td->td_ucred, cred, vp);
+ else
+ error = mac_check_vnode_write(td->td_ucred, cred, vp);
+ }
#endif
-#endif
+ if (error == 0) {
+ if (rw == UIO_READ)
error = VOP_READ(vp, &auio, ioflg, cred);
- } else {
-#if 0
-#ifdef MAC
- /* XXXMAC: we should pass in active_cred to vn_rdwr(). */
- error = mac_check_vnode_write(td->td_ucred, cred, vp);
- if (error == 0)
-#endif
-#endif
+ else
error = VOP_WRITE(vp, &auio, ioflg, cred);
}
if (aresid)
==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 (text+ko) ====
@@ -271,6 +271,7 @@
#define IO_NOWDRAIN 0x0200 /* do not block on wdrain */
#define IO_EXT 0x0400 /* operate on external attributes */
#define IO_NORMAL 0x0800 /* operate on regular data */
+#define IO_NOMACCHECK 0x1000 /* MAC checks unnecessary */
/*
* Modes. Some values same as Ixxx entries from inode.h for now.
==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 (text+ko) ====
@@ -1151,8 +1151,9 @@
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
for (off = 0; off < ip->i_size; off += dp->d_reclen) {
- error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
- UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
+ error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
+ off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
+ &count, (struct thread *)0);
/*
* Since we read MINDIRSIZ, residual must
* be 0 unless we're at end of file.
@@ -1224,7 +1225,8 @@
}
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
- IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
+ IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
+ (struct thread *)0);
if (error != 0)
break;
# if (BYTE_ORDER == LITTLE_ENDIAN)
==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 (text+ko) ====
@@ -1824,8 +1824,8 @@
ip->i_flag |= IN_CHANGE | IN_UPDATE;
} else
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
- UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
- (struct thread *)0);
+ UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHEKC,
+ ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
if (error)
vput(vp);
return (error);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list