From owner-p4-projects  Thu Jan  2 12:19:55 2003
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2E21A37B405; Thu,  2 Jan 2003 12:19:49 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ACBB137B401
	for <perforce@freebsd.org>; Thu,  2 Jan 2003 12:19:48 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4929A43E4A
	for <perforce@freebsd.org>; Thu,  2 Jan 2003 12:19:48 -0800 (PST)
	(envelope-from green@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h02KJmfh011353
	for <perforce@freebsd.org>; Thu, 2 Jan 2003 12:19:48 -0800 (PST)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h02KJleP011350
	for perforce@freebsd.org; Thu, 2 Jan 2003 12:19:47 -0800 (PST)
Date: Thu, 2 Jan 2003 12:19:47 -0800 (PST)
Message-Id: <200301022019.h02KJleP011350@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 23058 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=23058

Change 23058 by green@green_laptop_2 on 2003/01/02 12:18:49

	* Add locking to SEBSD's AVC.  Linux uses spin-locks here, but
	  in FreeBSD spin-locks are almost always the improper type to
	  use.
	* Add some locking-related comments to the SEBSD sysctls.
	* Remove the debugging printf() from the SEBSD syscalls.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#11 (text+ko) ====

@@ -20,6 +20,7 @@
 #include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
+#include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
 #include <sys/sysproto.h>
@@ -43,6 +44,8 @@
 extern int ss_initialized;
 int avc_debug_always_allow = 1;
 
+struct mtx avc_lock;
+
 typedef struct avc_node {
 	struct avc_entry ae;
 	struct avc_node *next;
@@ -231,6 +234,7 @@
 	avc_audit_buffer = (char *)malloc(4000, M_SEBSD_AVC, M_WAITOK);
 	if (!avc_audit_buffer)
 		panic("AVC:  unable to allocate audit buffer\n");
+	mtx_init(&avc_lock, "SEBSD AVC", NULL, MTX_DEF);
 }
 
 /* 
@@ -612,7 +616,7 @@
 	avc_node_t     *node;	
 	int i;
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 
 	if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
 		/* apply to all matching nodes */
@@ -634,7 +638,7 @@
 		}
 	}
 
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 
 	return 0;
 }
@@ -693,10 +697,10 @@
 		*out_retained = tretained;
 	}
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 	if (seqno > avc_cache.latest_notif)
 		avc_cache.latest_notif = seqno;
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 	
 	return 0;
 }
@@ -760,7 +764,7 @@
 
 	avc_hash_eval("reset");
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 
 	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 		node = avc_cache.slots[i];
@@ -780,7 +784,7 @@
 	}
 	avc_cache.lru_hint = 0;
 
-/* 	spin_unlock(&avc_lock); */
+	mtx_unlock(&avc_lock);
 
 	for (i = 0; i < AVC_NSTATS; i++)
 		avc_cache_stats[i] = 0;
@@ -794,10 +798,10 @@
 		}
 	}
 
-/* 	spin_lock(&avc_lock); */
+	mtx_lock(&avc_lock);
 	if (seqno > avc_cache.latest_notif)
 		avc_cache.latest_notif = seqno;
-/* 	spin_unlock(&avc_lock);	 */
+	mtx_unlock(&avc_lock);
 
 	return 0;
 }

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#9 (text+ko) ====

@@ -23,6 +23,8 @@
 #ifdef _KERNEL
 #include <sys/malloc.h>
 MALLOC_DECLARE(M_SEBSD_AVC);
+#include <sys/lock.h>
+#include <sys/mutex.h>
 #else /* _KERNEL */
 #include <unistd.h>
 #endif /* _KERNEL */
@@ -123,9 +125,7 @@
         { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
 
 
-#ifdef CDV_TBD
-/* extern spinlock_t avc_lock; */
-#endif
+extern struct mtx avc_lock;
 
 
 /* 
@@ -240,11 +240,10 @@
 {
 	struct avc_entry *ae;
 	int             rc;
-/* 	unsigned long	flags; */
 	struct avc_entry entry;
 	__u32 seqno;
 
-/* 	spin_lock_irqsave(&avc_lock, flags); */
+	mtx_lock(&avc_lock);
 	avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
 	ae = aeref->ae;
 	if (ae) {
@@ -264,7 +263,7 @@
 		avc_cache_stats_incr(AVC_ENTRY_MISSES);
 		rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
 		if (rc) {
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			rc = security_compute_av(ssid,tsid,tclass,requested,
 						 &entry.allowed, 
 						 &entry.decided,
@@ -273,10 +272,10 @@
 						 &seqno);
 			if (rc)
 				return rc;
-/* 			spin_lock_irqsave(&avc_lock, flags); */
+			mtx_lock(&avc_lock);
 			rc = avc_insert(ssid,tsid,tclass,&entry,seqno,aeref);
 			if (rc) {
-/* 				spin_unlock_irqrestore(&avc_lock,flags); */
+				mtx_unlock(&avc_lock);
 				return rc;
 			}
 		}
@@ -293,14 +292,14 @@
 #ifndef __TBD_CDV__
 		if (avc_debug_always_allow) {
 			ae->allowed |= requested; 
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			return 0;
 		} else {
-/* 			spin_unlock_irqrestore(&avc_lock,flags); */
+			mtx_unlock(&avc_lock);
 			return -EACCES;
 		}
 #else /* __TBD_CDV__ */
-/* 		spin_unlock_irqrestore(&avc_lock,flags); */
+		mtx_unlock(&avc_lock);
 		return -EACCES;
 #endif /* __TBD_CDV__ */
 	}
@@ -309,7 +308,7 @@
 		avc_audit(ssid, tsid, tclass, requested, ae, 
 			  AVC_AUDITALLOW, auditdata);
 
-/* 	spin_unlock_irqrestore(&avc_lock,flags); */
+	mtx_unlock(&avc_lock);
 	return 0;    
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#4 (text+ko) ====

@@ -89,7 +89,5 @@
 		break;
 	}
 
-	printf("SEBSD syscall: call=%d err=%d\n", call, err);
-
 	return err;
 }

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#6 (text+ko) ====

@@ -67,6 +67,11 @@
 	error = SYSCTL_OUT(req, buffer, len);
 	if (error)
 		goto out;
+	/*
+	 * XXX What's keeping the SID table from changing?  POLICY_RDLOCK
+	 * would not be able to do it as of now, so what we really need is
+	 * SIDTAB_LOCK.
+	 */
 	for (i = 0; i < SIDTAB_SIZE; i++) {
 		cur = sidtab.htable[i];
 		while (cur != NULL && count > 0) {
@@ -155,6 +160,9 @@
 		goto out;
 	}
 	username = context + len + 1;
+	/*
+	 * XXX We need POLICY_RDLOCK here, but it's not exported!
+	 */
 	error = security_context_to_sid(context, len + 1, &sid);
 	if (error)
 		goto out;
@@ -211,6 +219,9 @@
 		goto out;
 	}
 	bcopy(&scontext[strlen(scontext) + 1], &tclass, sizeof(tclass));
+	/*
+	 * XXX We need POLICY_RDLOCK here, but it's not exported!
+	 */
 	error = security_context_to_sid(scontext, strlen(scontext) + 1, &sid);
 	if (error)
 		goto out;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message