From owner-p4-projects Tue Oct 15 17: 5: 0 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A14F737B404; Tue, 15 Oct 2002 17:04:47 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48F3337B401 for ; Tue, 15 Oct 2002 17:04:47 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B6ED843E65 for ; Tue, 15 Oct 2002 17:04:46 -0700 (PDT) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9G04kMt083406 for ; Tue, 15 Oct 2002 17:04:46 -0700 (PDT) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.3/Submit) id g9G04j3k083148 for perforce@freebsd.org; Tue, 15 Oct 2002 17:04:45 -0700 (PDT) Date: Tue, 15 Oct 2002 17:04:45 -0700 (PDT) Message-Id: <200210160004.g9G04j3k083148@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 19359 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=19359 Change 19359 by green@green_laptop_2 on 2002/10/15 17:04:08 Remove the new potential deadlock from exec and replace it with a simple race :-) Cache the shell script's label for use by execve(2) transitions. Note this pollutes execve(2) with a bit more mac knowledge now... Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#37 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#311 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#133 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#8 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#113 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#84 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#86 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#57 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#41 edit .. //depot/projects/trustedbsd/mac/sys/sys/imgact.h#11 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#179 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#140 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#37 (text+ko) ==== @@ -171,7 +171,8 @@ int credential_changing; int textset; #ifdef MAC - int will_transition; + struct label interplabel; /* label of the interpreted file */ + int will_transition, interplabelvalid = 0; #endif imgp = &image_params; @@ -216,7 +217,6 @@ imgp->interpreter_name[0] = '\0'; imgp->auxargs = NULL; imgp->vp = NULL; - imgp->interpvp = NULL; imgp->object = NULL; imgp->firstpage = NULL; imgp->ps_strings = 0; @@ -331,14 +331,18 @@ imgp->vp->v_vflag &= ~VV_TEXT; /* free name buffer and old vnode */ NDFREE(ndp, NDF_ONLY_PNBUF); - VOP_UNLOCK(ndp->ni_vp, 0, td); +#ifdef MAC + mac_init_vnode_label(&interplabel); + mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel); + interplabelvalid = 1; +#endif /* MAC */ + vput(ndp->ni_vp); vm_object_deallocate(imgp->object); imgp->object = NULL; vrele(ndp->ni_dvp); /* set new name to that of the interpreter */ NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME | SAVESTART, UIO_SYSSPACE, imgp->interpreter_name, td); - imgp->interpvp = imgp->vp; goto interpret; } @@ -453,12 +457,8 @@ attr.va_gid; #ifdef MAC - if (imgp->interpvp != NULL) /* XXX Could this ever deadlock? */ - vn_lock(imgp->interpvp, LK_EXCLUSIVE | LK_RETRY, td); will_transition = mac_execve_will_transition(oldcred, imgp->vp, - imgp->interpvp); - if (imgp->interpvp != NULL) - VOP_UNLOCK(imgp->interpvp, 0, td); + interplabelvalid ? &interplabel : NULL); credential_changing |= will_transition; #endif @@ -505,13 +505,8 @@ change_egid(newcred, attr.va_gid); #ifdef MAC if (will_transition) { - if (imgp->interpvp != NULL) - vn_lock(imgp->interpvp, LK_EXCLUSIVE | - LK_RETRY, td); mac_execve_transition(oldcred, newcred, imgp->vp, - imgp->interpvp); - if (imgp->interpvp != NULL) - VOP_UNLOCK(imgp->interpvp, 0, td); + interplabelvalid ? &interplabel : NULL); } #endif /* @@ -643,8 +638,6 @@ vput(imgp->vp); vrele(ndp->ni_dvp); } - if (imgp->interpvp != NULL) - vrele(imgp->interpvp); if (imgp->object) vm_object_deallocate(imgp->object); @@ -665,6 +658,10 @@ error = 0; } done2: +#ifdef MAC + if (interplabelvalid) + mac_destroy_vnode_label(&interplabel); +#endif /* MAC */ mtx_unlock(&Giant); return (error); } ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#311 (text+ko) ==== @@ -1350,7 +1350,7 @@ return (error); } -static void +void mac_init_vnode_label(struct label *label) { @@ -1517,7 +1517,7 @@ mac_destroy_socket_peer_label(&socket->so_peerlabel); } -static void +void mac_destroy_vnode_label(struct label *label) { @@ -1542,7 +1542,7 @@ MAC_PERFORM(copy_pipe_label, src, dest); } -static void +void mac_copy_vnode_label(struct label *src, struct label *dest) { @@ -2058,7 +2058,7 @@ void mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, - struct vnode *shellvp) + struct label *shelllabel) { int error; @@ -2070,31 +2070,23 @@ error); printf("mac_execve_transition: using old vnode label\n"); } - if (shellvp != NULL) - (void)vn_refreshlabel(shellvp, old); - MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, shellvp, - shellvp != NULL ? &shellvp->v_label : NULL); + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, shelllabel); } int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct vnode *shellvp) + struct label *shelllabel) { int error, result; error = vn_refreshlabel(vp, old); if (error) return (error); - if (shellvp != NULL) { - error = vn_refreshlabel(shellvp, old); - if (error) - return (error); - } result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, - shellvp, shellvp != NULL ? &shellvp->v_label : NULL); + shelllabel); return (result); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#133 (text+ko) ==== @@ -1236,8 +1236,7 @@ static void mac_biba_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct mac *vnodelabel, struct vnode *shellvp, - struct mac *shellvnodelabel) + struct vnode *vp, struct mac *vnodelabel, struct mac *shellvnodelabel) { struct mac_biba *source, *dest; @@ -1250,8 +1249,7 @@ static int mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, - struct mac *vnodelabel, struct vnode *shellvp, - struct vnode *shellvnodelabel) + struct mac *vnodelabel, struct vnode *shellvnodelabel) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#8 (text+ko) ==== @@ -1229,7 +1229,7 @@ static void mac_biba_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct mac *vnodelabel) + struct vnode *vp, struct label *vnodelabel) { struct mac_biba *source, *dest; @@ -1242,7 +1242,7 @@ static int mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, - struct mac *vnodelabel) + struct label *vnodelabel) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#113 (text+ko) ==== @@ -1278,8 +1278,7 @@ static void mac_mls_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct mac *vnodelabel, struct vnode *shellvp, - struct vnode *shellvnodelabel) + struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel) { struct mac_mls *source, *dest; @@ -1292,8 +1291,7 @@ static int mac_mls_execve_will_transition(struct ucred *old, struct vnode *vp, - struct mac *vnodelabel, struct vnode *shellvp, - struct vnode *shellvnodelabel) + struct label *vnodelabel, struct label *shellvnodelabel) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#84 (text+ko) ==== @@ -415,16 +415,14 @@ static void mac_none_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct vnode *shellvp, - struct vnode *shellvnodelabel) + struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel) { } static int mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct vnode *shellvp, - struct vnode *shellvnodelabel) + struct label *vnodelabel, struct label *shellvnodelabel) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#86 (text+ko) ==== @@ -1534,8 +1534,7 @@ static void mac_te_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, struct vp *shellvp, - struct label *shellfilelabel) + struct vnode *vp, struct label *filelabel, struct label *shellfilelabel) { int rule; @@ -1567,8 +1566,7 @@ static int mac_te_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct vnode *shellvp, - struct label *shellfilelabel) + struct label *filelabel, struct label *shellfilelabel) { int rule; ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#57 (text+ko) ==== @@ -794,16 +794,14 @@ static void mac_test_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, - struct vnode *shellvp, struct vnode *shellfilelabel) + struct vnode *vp, struct label *filelabel, struct label *shellfilelabel) { } static int mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct vnode *shellvp, - struct vnode *shellfilelabel) + struct label *filelabel, struct label *shellfilelabel) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#41 (text+ko) ==== @@ -297,8 +297,8 @@ static void sebsd_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct mac *vnodelabel, - struct vnode *shellvp, struct mac *shellvnodelabel) + struct vnode *vp, struct label *vnodelabel, + struct label *shellvnodelabel) { struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; @@ -306,10 +306,10 @@ otask = SLOT(&old->cr_label); ntask = SLOT(&new->cr_label); - if (shellvp != NULL) - file = SLOT(&shellvp->v_label); + if (shellvnodelabel != NULL) + file = SLOT(shellvnodelabel); else - file = SLOT(&vp->v_label); + file = SLOT(vnodelabel); /* * Should have already checked all the permissions @@ -335,8 +335,8 @@ static int sebsd_execve_will_transition(struct ucred *old, struct vnode *vp, - struct mac *vnodelabel, struct vnode *shellvp, - struct mac *shellvnodelabel) + struct label *vnodelabel, + struct label *shellvnodelabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -344,10 +344,10 @@ int rc; task = SLOT(&old->cr_label); - if (shellvp != NULL) - file = SLOT(&shellvp->v_label); + if (shellvnodelabel != NULL) + file = SLOT(shellvnodelabel); else - file = SLOT(&vp->v_label); + file = SLOT(vnodelabel); /* * Should have already checked all the permissions, so just see if ==== //depot/projects/trustedbsd/mac/sys/sys/imgact.h#11 (text+ko) ==== @@ -46,7 +46,6 @@ struct proc *proc; /* our process struct */ struct execve_args *uap; /* syscall arguments */ struct vnode *vp; /* pointer to vnode of file to exec */ - struct vnode *interpvp; /* vnode of the shell script, if interpreted */ struct vm_object *object; /* The vm object for this vp */ struct vattr *attr; /* attributes of file */ const char *image_header; /* head of file to exec */ ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#179 (text+ko) ==== @@ -250,6 +250,10 @@ void mac_destroy_mbuf(struct mbuf *); void mac_destroy_mount(struct mount *); void mac_destroy_vnode(struct vnode *); +/* XXXMAC: shouldn't be exported? */ +void mac_init_vnode_label(struct label *); +void mac_copy_vnode_label(struct label *, struct label *label); +void mac_destroy_vnode_label(struct label *); /* * Labeling event operations: file system objects, and things that @@ -307,9 +311,9 @@ */ void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); void mac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct vnode *shellvp); + struct vnode *vp, struct label *shelllabel); int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct vnode *shellvp); + struct label *shelllabel); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#140 (text+ko) ==== @@ -252,10 +252,10 @@ struct ucred *child_cred); void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, - struct vnode *shellvp, struct label *shellvnodelabel); + struct label *shellvnodelabel); int (*mpo_execve_will_transition)(struct ucred *old, struct vnode *vp, struct label *vnodelabel, - struct vnode *shellvp, struct label *shellvnodelabel); + struct label *shellvnodelabel); void (*mpo_create_proc0)(struct ucred *cred); void (*mpo_create_proc1)(struct ucred *cred); void (*mpo_relabel_cred)(struct ucred *cred, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message