PERFORCE change 23058 for review
Brian Feldman
green at freebsd.org
Thu Jan 2 20:19:47 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23058
Change 23058 by green at green_laptop_2 on 2003/01/02 12:18:49
* Add locking to SEBSD's AVC. Linux uses spin-locks here, but
in FreeBSD spin-locks are almost always the improper type to
use.
* Add some locking-related comments to the SEBSD sysctls.
* Remove the debugging printf() from the SEBSD syscalls.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 (text+ko) ====
@@ -20,6 +20,7 @@
#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mount.h>
+#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
@@ -43,6 +44,8 @@
extern int ss_initialized;
int avc_debug_always_allow = 1;
+struct mtx avc_lock;
+
typedef struct avc_node {
struct avc_entry ae;
struct avc_node *next;
@@ -231,6 +234,7 @@
avc_audit_buffer = (char *)malloc(4000, M_SEBSD_AVC, M_WAITOK);
if (!avc_audit_buffer)
panic("AVC: unable to allocate audit buffer\n");
+ mtx_init(&avc_lock, "SEBSD AVC", NULL, MTX_DEF);
}
/*
@@ -612,7 +616,7 @@
avc_node_t *node;
int i;
-/* spin_lock(&avc_lock); */
+ mtx_lock(&avc_lock);
if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
/* apply to all matching nodes */
@@ -634,7 +638,7 @@
}
}
-/* spin_unlock(&avc_lock); */
+ mtx_unlock(&avc_lock);
return 0;
}
@@ -693,10 +697,10 @@
*out_retained = tretained;
}
-/* spin_lock(&avc_lock); */
+ mtx_lock(&avc_lock);
if (seqno > avc_cache.latest_notif)
avc_cache.latest_notif = seqno;
-/* spin_unlock(&avc_lock); */
+ mtx_unlock(&avc_lock);
return 0;
}
@@ -760,7 +764,7 @@
avc_hash_eval("reset");
-/* spin_lock(&avc_lock); */
+ mtx_lock(&avc_lock);
for (i = 0; i < AVC_CACHE_SLOTS; i++) {
node = avc_cache.slots[i];
@@ -780,7 +784,7 @@
}
avc_cache.lru_hint = 0;
-/* spin_unlock(&avc_lock); */
+ mtx_unlock(&avc_lock);
for (i = 0; i < AVC_NSTATS; i++)
avc_cache_stats[i] = 0;
@@ -794,10 +798,10 @@
}
}
-/* spin_lock(&avc_lock); */
+ mtx_lock(&avc_lock);
if (seqno > avc_cache.latest_notif)
avc_cache.latest_notif = seqno;
-/* spin_unlock(&avc_lock); */
+ mtx_unlock(&avc_lock);
return 0;
}
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 (text+ko) ====
@@ -23,6 +23,8 @@
#ifdef _KERNEL
#include <sys/malloc.h>
MALLOC_DECLARE(M_SEBSD_AVC);
+#include <sys/lock.h>
+#include <sys/mutex.h>
#else /* _KERNEL */
#include <unistd.h>
#endif /* _KERNEL */
@@ -123,9 +125,7 @@
{ memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-#ifdef CDV_TBD
-/* extern spinlock_t avc_lock; */
-#endif
+extern struct mtx avc_lock;
/*
@@ -240,11 +240,10 @@
{
struct avc_entry *ae;
int rc;
-/* unsigned long flags; */
struct avc_entry entry;
__u32 seqno;
-/* spin_lock_irqsave(&avc_lock, flags); */
+ mtx_lock(&avc_lock);
avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
ae = aeref->ae;
if (ae) {
@@ -264,7 +263,7 @@
avc_cache_stats_incr(AVC_ENTRY_MISSES);
rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
if (rc) {
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
rc = security_compute_av(ssid,tsid,tclass,requested,
&entry.allowed,
&entry.decided,
@@ -273,10 +272,10 @@
&seqno);
if (rc)
return rc;
-/* spin_lock_irqsave(&avc_lock, flags); */
+ mtx_lock(&avc_lock);
rc = avc_insert(ssid,tsid,tclass,&entry,seqno,aeref);
if (rc) {
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
return rc;
}
}
@@ -293,14 +292,14 @@
#ifndef __TBD_CDV__
if (avc_debug_always_allow) {
ae->allowed |= requested;
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
return 0;
} else {
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
return -EACCES;
}
#else /* __TBD_CDV__ */
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
return -EACCES;
#endif /* __TBD_CDV__ */
}
@@ -309,7 +308,7 @@
avc_audit(ssid, tsid, tclass, requested, ae,
AVC_AUDITALLOW, auditdata);
-/* spin_unlock_irqrestore(&avc_lock,flags); */
+ mtx_unlock(&avc_lock);
return 0;
}
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 (text+ko) ====
@@ -89,7 +89,5 @@
break;
}
- printf("SEBSD syscall: call=%d err=%d\n", call, err);
-
return err;
}
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 (text+ko) ====
@@ -67,6 +67,11 @@
error = SYSCTL_OUT(req, buffer, len);
if (error)
goto out;
+ /*
+ * XXX What's keeping the SID table from changing? POLICY_RDLOCK
+ * would not be able to do it as of now, so what we really need is
+ * SIDTAB_LOCK.
+ */
for (i = 0; i < SIDTAB_SIZE; i++) {
cur = sidtab.htable[i];
while (cur != NULL && count > 0) {
@@ -155,6 +160,9 @@
goto out;
}
username = context + len + 1;
+ /*
+ * XXX We need POLICY_RDLOCK here, but it's not exported!
+ */
error = security_context_to_sid(context, len + 1, &sid);
if (error)
goto out;
@@ -211,6 +219,9 @@
goto out;
}
bcopy(&scontext[strlen(scontext) + 1], &tclass, sizeof(tclass));
+ /*
+ * XXX We need POLICY_RDLOCK here, but it's not exported!
+ */
error = security_context_to_sid(scontext, strlen(scontext) + 1, &sid);
if (error)
goto out;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list