PERFORCE change 79559 for review
Christian S.J. Peron
csjp at FreeBSD.org
Mon Jul 4 14:52:31 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=79559
Change 79559 by csjp at csjp_xor on 2005/07/04 14:51:31
Make VFS operations performed by mac_chkexec MPsafe through the aquisition
of giant. Giant is now aquired while:
1) Calculation and storage of current file checksum
2) Calculation and lookup of checksums associated with dependencies.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#12 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#12 (text+ko) ====
@@ -531,15 +531,18 @@
if (++ap >= &paths[10])
break;
for (i = 0; i < npaths; i++) {
+ mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW,
UIO_SYSSPACE, paths[i], curthread);
if ((error = namei(&nd)) != 0) {
free(depends, M_CHKEXEC);
+ mtx_unlock(&Giant);
return (error);
}
error = mac_chkexec_check(nd.ni_vp, cred);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_vp);
+ mtx_unlock(&Giant);
if (error) {
free(depends, M_CHKEXEC);
return (error);
@@ -841,13 +844,17 @@
return (EPERM);
}
/* XXX MPSAFE VFS */
+ mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, arg, td);
- if ((error = namei(&nd)) != 0)
+ if ((error = namei(&nd)) != 0) {
+ mtx_unlock(&Giant);
return (error);
+ }
error = ha->crypto_hash(nd.ni_vp, td->td_ucred, digest);
if (error) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_vp);
+ mtx_unlock(&Giant);
return (error);
}
bzero(&vcsum, sizeof(vcsum));
@@ -856,6 +863,7 @@
error = mac_chkexec_set_vcsum(nd.ni_vp, &vcsum);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_vp);
+ mtx_unlock(&Giant);
return (error);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list