PERFORCE change 41615 for review
Robert Watson
rwatson at FreeBSD.org
Fri Nov 7 04:36:30 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41615
Change 41615 by rwatson at rwatson_paprika on 2003/11/06 20:35:59
Whitespace, linewrap, sync.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#15 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#15 (text+ko) ====
@@ -74,7 +74,7 @@
long msg_type; /* type of this message */
/* >0 -> type of this message */
/* 0 -> free header */
- unsigned short msg_ts; /* size of this message */
+ u_short msg_ts; /* size of this message */
short msg_spot; /* location of start of msg in buffer */
};
#endif
@@ -167,7 +167,8 @@
msghdrs = malloc(sizeof(struct msg) * msginfo.msgtql, M_MSG, M_WAITOK);
if (msghdrs == NULL)
panic("msghdrs is NULL");
- msqids = malloc(sizeof(struct msqid_kernel) * msginfo.msgmni, M_MSG, M_WAITOK);
+ msqids = malloc(sizeof(struct msqid_kernel) * msginfo.msgmni, M_MSG,
+ M_WAITOK);
if (msqids == NULL)
panic("msqids is NULL");
@@ -230,13 +231,13 @@
mtx_init(&msq_mtx, "msq", NULL, MTX_DEF);
refcount = 0;
/*
- * It is not permissible to pass the same mutex to mtx_init() multiple
- * times without intervening calls to mtx_destroy().
- * Since we cannot destroy the refcnt_mtx during msgunload, we check if the
- * mtx_init has ever been called. If so, we dont need to do mtx_init as the
- * mutex is already initialized.
+ * It is not permissible to pass the same mutex to mtx_init()
+ * multiple times without intervening calls to mtx_destroy(). Since
+ * we cannot destroy the refcnt_mtx during msgunload, we check if the
+ * mtx_init has ever been called. If so, we dont need to do mtx_init
+ * as the mutex is already initialized.
*/
- if ( mtx_initialized(&refcnt_mtx) == 0 )
+ if (mtx_initialized(&refcnt_mtx) == 0)
mtx_init(&refcnt_mtx, "msgrefcnt", NULL, MTX_DEF);
}
@@ -247,11 +248,11 @@
int msqid;
/*
- * Make sure that the msgunload maintains the consistency of the msqids
- * and msghdrs data structures. This assures that the unload doesn't take
- * place if any thread is in any of the code-paths (tinkering with the
- * data structures), and also that no thread can enter the code-paths once
- * the module is unloaded.
+ * Make sure that the msgunload maintains the consistency of the
+ * msqids and msghdrs data structures. This assures that the unload
+ * doesn't take place if any thread is in any of the code-paths
+ * (tinkering with the data structures), and also that no thread
+ * can enter the code-paths once the module is unloaded.
*/
mtx_lock(&refcnt_mtx);
if (refcount > 0) {
@@ -293,8 +294,8 @@
free(msqids, M_MSG);
mtx_destroy(&msq_mtx);
/*
- * NOTE: We cannot destroy the refcnt_mtx as it is possible that some thread
- * might (attempt to) hold the mutex.
+ * NOTE: We cannot destroy the refcnt_mtx as it is possible that
+ * some thread might (attempt to) hold the mutex.
*/
/* mtx_destroy(&refcnt_mtx); */
return (0);
@@ -422,7 +423,10 @@
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
- /* Prevent thread from going any further if module is (being) unloaded */
+ /*
+ * Prevent thread from going any further if module is (being)
+ * unloaded.
+ */
mtx_lock(&refcnt_mtx);
if (refcount < 0 ) {
mtx_unlock(&refcnt_mtx);
@@ -457,9 +461,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_ipc_msqctl(td->td_ucred,msqkptr,cmd)))
- {
- MPRINTF(("MAC Framework: mac_check_ipc_msqctl permission denied!\n"));
+ if ((error = mac_check_ipc_msqctl(td->td_ucred,msqkptr,cmd))) {
+ MPRINTF((
+ "MAC Framework: mac_check_ipc_msqctl permission denied!\n"));
goto done2;
}
#endif
@@ -477,22 +481,25 @@
goto done2;
#ifdef MAC
- /*
- * Check that the thread has MAC access permissions to individual
- * msghdrs.
- * Note: We need to do this in a separate loop because the actual loop
- * alters the msq/msghdr info as it progresses, and there is no going
- * back if half the way through we discover that the thread cannot free
- * a certain msghdr. The msq will get into an inconsistent state.
- */
+ /*
+ * Check that the thread has MAC access permissions to
+ * individual msghdrs. Note: We need to do this in a
+ * separate loop because the actual loop alters the
+ * msq/msghdr info as it progresses, and there is no going
+ * back if half the way through we discover that the
+ * thread cannot free a certain msghdr. The msq will get
+ * into an inconsistent state.
+ */
msghdr = msqkptr->u.msg_first;
while (msghdr != NULL) {
- if((error = mac_check_ipc_msgrmid(td->td_ucred,msghdr))) {
- MPRINTF("MAC Framework: mac_check_ipc_msgrmid permission denied\n");
- /* XXX wakeup(msqkptr); ??? */
- goto done2;
- }
- msghdr = msghdr->msg_next;
+ if ((error = mac_check_ipc_msgrmid(td->td_ucred,
+ msghdr))) {
+ MPRINTF(
+ "MAC Framework: mac_check_ipc_msgrmid permission denied\n");
+ /* XXX wakeup(msqkptr); ??? */
+ goto done2;
+ }
+ msghdr = msghdr->msg_next;
}
#endif
@@ -604,7 +611,10 @@
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
- /* Prevent thread from going any further if module is (being) unloaded */
+ /*
+ * Prevent thread from going any further if module is (being)
+ * unloaded.
+ */
mtx_lock(&refcnt_mtx);
if (refcount < 0 ) {
mtx_unlock(&refcnt_mtx);
@@ -634,8 +644,9 @@
goto done2;
}
#ifdef MAC
- if(( error = mac_check_ipc_msqget(cred, msqkptr) )) {
- MPRINTF("MAC Framework: mac_check_ipc_msqget access denied\n");
+ if ((error = mac_check_ipc_msqget(cred, msqkptr))) {
+ MPRINTF(
+ "MAC Framework: mac_check_ipc_msqget access denied\n");
goto done2;
}
#endif
@@ -732,7 +743,10 @@
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
- /* Prevent thread from going any further if module is (being) unloaded */
+ /*
+ * Prevent thread from going any further if module is (being)
+ * unloaded.
+ */
mtx_lock(&refcnt_mtx);
if (refcount < 0 ) {
mtx_unlock(&refcnt_mtx);
@@ -769,9 +783,13 @@
}
#ifdef MAC
- /* Make sure that the thread has access rights to the message queue */
+ /*
+ * Make sure that the thread has access rights to the message
+ * queue.
+ */
if ((error = mac_check_ipc_msqsnd(td->td_ucred, msqkptr))) {
- MPRINTF(("MAC Framework: mac_check_ipc_msqsnd permission denied\n"));
+ MPRINTF((
+"MAC Framework: mac_check_ipc_msqsnd permission denied\n"));
goto done2;
}
#endif
@@ -892,11 +910,10 @@
#ifdef MAC
mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr);
/*
- * XXX: Should the mac_check_ipc_msgmsq check follow here immediately ?
- * Or, should it be checked just before the msg is enqueued in the msgq
- * (as it is done now) ?
+ * XXX: Should the mac_check_ipc_msgmsq check follow here
+ * immediately? Or, should it be checked just before the msg is
+ * enqueued in the msgq (as it is done now)?
*/
-
#endif
/*
@@ -1008,17 +1025,19 @@
#ifdef MAC
/*
- * Note: Since the task/thread allocates the msghdr and usually primes
- * it with its own MAC label,for a majority of policies, it won't be
- * necessary to check whether the msghdr has access permissions to the
- * msgq. The mac_check_ipc_msqsnd check would suffice in that case.
- * However, this hook may be required where individual policies derive
- * a non-identical label for the msghdr from the current thread label
- * and may want to check the msghdr enqueue permissions, along with
- * read/write permissions to the msgq.
+ * Note: Since the task/thread allocates the msghdr and usually
+ * primes it with its own MAC label,for a majority of policies, it
+ * won't be necessary to check whether the msghdr has access
+ * permissions to the msgq. The mac_check_ipc_msqsnd check would
+ * suffice in that case. However, this hook may be required where
+ * individual policies derive a non-identical label for the msghdr
+ * from the current thread label and may want to check the msghdr
+ * enqueue permissions, along with read/write permissions to the
+ * msgq.
*/
- if((error= mac_check_ipc_msgmsq(td->td_ucred,msghdr,msqkptr))) {
- MPRINTF(("MAC Framework: mac_check_ipc_msqmsq permission denied\n"));
+ if ((error = mac_check_ipc_msgmsq(td->td_ucred,msghdr,msqkptr))) {
+ MPRINTF((
+ "MAC Framework: mac_check_ipc_msqmsq permission denied\n"));
msg_freehdr(msghdr);
wakeup(msqkptr);
goto done2;
@@ -1084,7 +1103,10 @@
if (!jail_sysvipc_allowed && jailed(td->td_ucred))
return (ENOSYS);
- /* Prevent thread from going any further if module is (being) unloaded */
+ /*
+ * Prevent thread from going any further if module is (being)
+ * unloaded.
+ */
mtx_lock(&refcnt_mtx);
if (refcount < 0 ) {
mtx_unlock(&refcnt_mtx);
@@ -1121,9 +1143,12 @@
}
#ifdef MAC
- /* Make sure that the thread has access rights to the message queue */
+ /*
+ * Make sure that the thread has access rights to the message queue.
+ */
if ((error = mac_check_ipc_msqrcv(td->td_ucred, msqkptr))) {
- MPRINTF(("MAC Framework: mac_check_ipc_msqrcv permission denied\n"));
+ MPRINTF((
+"MAC Framework: mac_check_ipc_msqrcv permission denied\n"));
goto done2;
}
#endif
@@ -1142,10 +1167,14 @@
goto done2;
}
#ifdef MAC
- /* Make sure that the thread has access rights to the message header */
+ /*
+ * Make sure that the thread has access
+ * rights to the message header.
+ */
if ((error = mac_check_ipc_msgrcv(td->td_ucred,
msghdr))) {
- MPRINTF(("MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
+ MPRINTF((
+ "MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
goto done2;
}
#endif
@@ -1189,9 +1218,16 @@
goto done2;
}
#ifdef MAC
- /* Make sure that the thread has access rights to the message header */
- if ((error = mac_check_ipc_msgrcv(td->td_ucred, msghdr))) {
- MPRINTF(("MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
+ /*
+ * Make sure that the thread has
+ * access rights to the message
+ * header.
+ */
+ if ((error =
+ mac_check_ipc_msgrcv(td->td_ucred,
+ msghdr))) {
+ MPRINTF((
+ "MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
goto done2;
}
#endif
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list