Date: Thu, 8 Aug 2002 08:25:26 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15683 for review Message-ID: <200208081525.g78FPQaI056673@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15683 Change 15683 by rwatson@rwatson_paprika on 2002/08/08 08:25:24 Add an IO_NOMACCHECK vnode operation flag to vn_rdwr(), which permits callers to specify that MAC checks are not required. This is needed because vn_rdwr() is used both to service user requests directly, and as a utility function inside UFS and ext2fs. Set the flag when invoking vn_rdwr() inside file systems, but otherwise not. Note that vn_rdwr() still needs an active_cred/saved_cred argument. Affected files ... .. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 edit .. //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 edit .. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 edit .. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 edit .. //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_lookup.c#5 (text+ko) ==== @@ -1009,8 +1009,9 @@ #define MINDIRSIZ (sizeof (struct dirtemplate) / 2) for (off = 0; off < ip->i_size; off += dp->rec_len) { - error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off, - UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0); + error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, + off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred, + &count, (struct thread *)0); /* * Since we read MINDIRSIZ, residual must * be 0 unless we're at end of file. @@ -1074,7 +1075,8 @@ } error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED, cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_NOMACCHEK, cred, (int *)0, + (struct thread *)0); if (error != 0) break; namlen = dirbuf.dotdot_type; /* like ufs little-endian */ ==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vnops.c#5 (text+ko) ==== @@ -1220,7 +1220,7 @@ dp->i_flag |= IN_CHANGE; error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, tcnp->cn_cred, (int *)0, (struct thread *)0); if (error == 0) { /* Like ufs little-endian: */ @@ -1236,9 +1236,9 @@ (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED|IO_SYNC, - tcnp->cn_cred, (int *)0, - (struct thread *)0); + IO_NODELOCKED | IO_SYNC | + IO_NOMACCHECK, tcnp->cn_cred, + (int *)0, (struct thread *)0); cache_purge(fdvp); } } @@ -1373,7 +1373,8 @@ dirtemplate.dotdot_reclen = DIRBLKSIZ - 12; error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate, sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0, + (struct thread *)0); if (error) { dp->i_nlink--; dp->i_flag |= IN_CHANGE; @@ -1509,8 +1510,8 @@ ip->i_flag |= IN_CHANGE | IN_UPDATE; } else error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0, - (struct thread *)0); + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACHCHECK, + ap->a_cnp->cn_cred, (int *)0, (struct thread *)0); if (error) vput(vp); return (error); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#41 (text+ko) ==== @@ -398,23 +398,19 @@ auio.uio_segflg = segflg; auio.uio_rw = rw; auio.uio_td = td; - if (rw == UIO_READ) { -#if 0 + error = 0; #ifdef MAC - /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ - error = mac_check_vnode_read(td->td_ucred, cred, vp); - if (error == 0) + if ((ioflg & IO_NOMACCHECK) == 0) { + if (rw == UIO_READ) + error = mac_check_vnode_read(td->td_ucred, cred, vp); + else + error = mac_check_vnode_write(td->td_ucred, cred, vp); + } #endif -#endif + if (error == 0) { + if (rw == UIO_READ) error = VOP_READ(vp, &auio, ioflg, cred); - } else { -#if 0 -#ifdef MAC - /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ - error = mac_check_vnode_write(td->td_ucred, cred, vp); - if (error == 0) -#endif -#endif + else error = VOP_WRITE(vp, &auio, ioflg, cred); } if (aresid) ==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#38 (text+ko) ==== @@ -271,6 +271,7 @@ #define IO_NOWDRAIN 0x0200 /* do not block on wdrain */ #define IO_EXT 0x0400 /* operate on external attributes */ #define IO_NORMAL 0x0800 /* operate on regular data */ +#define IO_NOMACCHECK 0x1000 /* MAC checks unnecessary */ /* * Modes. Some values same as Ixxx entries from inode.h for now. ==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_lookup.c#7 (text+ko) ==== @@ -1151,8 +1151,9 @@ #define MINDIRSIZ (sizeof (struct dirtemplate) / 2) for (off = 0; off < ip->i_size; off += dp->d_reclen) { - error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off, - UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0); + error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, + off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred, + &count, (struct thread *)0); /* * Since we read MINDIRSIZ, residual must * be 0 unless we're at end of file. @@ -1224,7 +1225,8 @@ } error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED, cred, (int *)0, (struct thread *)0); + IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0, + (struct thread *)0); if (error != 0) break; # if (BYTE_ORDER == LITTLE_ENDIAN) ==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#44 (text+ko) ==== @@ -1824,8 +1824,8 @@ ip->i_flag |= IN_CHANGE | IN_UPDATE; } else error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, - UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0, - (struct thread *)0); + UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHEKC, + ap->a_cnp->cn_cred, (int *)0, (struct thread *)0); if (error) vput(vp); return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208081525.g78FPQaI056673>