PERFORCE change 108432 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=108432

Change 108432 by millert at millert_macbook on 2006/10/25 20:54:25

	Fix for panic when unloading an unloadable policy.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#18 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#18 (text+ko) ====

@@ -585,6 +585,8 @@
  * the policy manages from the non-static list of namespaces.
  * The removal only takes place when no other policy is interested in the
  * namespace.
+ *
+ * Must be called with the policy exclusive lock held.
  */
 void
 mac_policy_removefrom_labellist(mac_policy_handle_t handle)
@@ -607,9 +609,6 @@
 	 * that label element from the list.  Note that we only
 	 * have to worry about the non-static list.
 	 */
-	/* XXX - how could mac_late *not* be set here?!? */
-	if (mac_late)
-		mac_policy_grab_exclusive();
 	LIST_FOREACH(mle, &mac_label_element_list, mle_list) {
 		LIST_FOREACH(mll, &mle->mle_listeners, mll_list) {
 			if (mll->mll_handle == handle) {
@@ -619,13 +618,10 @@
 					LIST_REMOVE(mle, mle_list);
 					FREE(mle, M_MACTEMP);
 				}
-				goto done;
+				return;
 			}
 		}
 	}
-done:
-	if (mac_late)
-		mac_policy_release_exclusive();
 }
 
 /*
@@ -913,6 +909,8 @@
 		return (EBUSY);
 	}
 
+	mac_policy_removefrom_labellist(handle);
+
 	mac_get_mpc(handle) = NULL;
 	if (handle < mac_policy_list.freehint &&
 	    handle >= mac_policy_list.staticmax)
@@ -926,7 +924,6 @@
 
 	mac_policy_release_exclusive();
 
-	mac_policy_removefrom_labellist(handle);
 	if (mpc->mpc_data) {
 		struct mac_module_data *mmd = mpc->mpc_data;
 		kfree(mmd, mmd->size);