PERFORCE change 16462 for review

Fri Aug 23 14:05:39 GMT 2002

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16462

Change 16462 by green at green_laptop_2 on 2002/08/23 07:04:41

	* Don't grab Giant implicitly in mac_cred_mmapped_drop_perms(9).
	* Select a good default label (read: "equal") for tty devices.
	* Don't crhold(9) before calling crcopy(9) due to undocumented
	  reference-count assertions.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 (text+ko) ====

@@ -202,8 +202,6 @@
 static int	mac_policy_unregister(struct mac_policy_conf *mpc);
 
 static int	mac_stdcreatevnode_ea(struct vnode *vp);
-void		mac_cred_mmapped_drop_perms(struct thread *td,
-		    struct ucred *cred);
 static void	mac_cred_mmapped_drop_perms_recurse(struct thread *td,
 		    struct ucred *cred, struct vm_map *map);
 
@@ -2170,10 +2168,8 @@
 {
 
 	/* XXX freeze all other threads */
-	mtx_lock(&Giant);
 	mac_cred_mmapped_drop_perms_recurse(td, cred,
 	    &td->td_proc->p_vmspace->vm_map);
-	mtx_unlock(&Giant);
 	/* XXX allow other threads to continue */
 }
 
@@ -3136,7 +3132,9 @@
 	crhold(newcred);
 	PROC_UNLOCK(p);
 
+	mtx_lock(&Giant);
 	mac_cred_mmapped_drop_perms(td, newcred);
+	mtx_unlock(&Giant);
 
 	crfree(newcred);	/* Free revocation reference. */
 	crfree(oldcred);

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 (text+ko) ====

@@ -743,7 +743,9 @@
 	if (strcmp(dev->si_name, "null") == 0 ||
 	    strcmp(dev->si_name, "zero") == 0 ||
 	    strcmp(dev->si_name, "random") == 0 ||
-	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
+	    strcmp(dev->si_name, "ctty") == 0 ||
+	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 ||
+	    strncmp(dev->si_name, "tty", strlen("tty")) == 0)
 		biba_type = MAC_BIBA_TYPE_EQUAL;
 	else
 		biba_type = MAC_BIBA_TYPE_HIGH;
@@ -2294,7 +2296,12 @@
 	if (subj->mac_biba.mb_flags & MAC_BIBA_FLAG_UPDATESUBJ) {
 		mtx_unlock(&subj->mtx);
 		newcred = crget();
-		crhold(newcred);
+		/*
+		 * Prevent a lock order reversal in
+		 * mac_cred_mmapped_drop_perms; ideally, the other
+		 * user of subj->mtx wouldn't be holding Giant.
+		 */
+		mtx_lock(&Giant);
 		mtx_lock(&subj->mtx);
 		/*
 		 * Check if we lost the race while allocating the cred.
@@ -2304,12 +2311,14 @@
 		PROC_LOCK(p);
 		oldcred = p->p_ucred;
 		crcopy(newcred, oldcred);
+		crhold(newcred);
 		mac_biba_copy(&subj->mac_biba, SLOT(&newcred->cr_label));
 		p->p_ucred = newcred;
 		crfree(oldcred);
 		PROC_UNLOCK(p);
 		mac_cred_mmapped_drop_perms(curthread, newcred);
 	out:
+		mtx_unlock(&Giant);
 		crfree(newcred);
 	}
 	mtx_unlock(&subj->mtx);

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 (text+ko) ====

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

