From owner-p4-projects  Fri Aug 23  7: 5:48 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 288AF37B400; Fri, 23 Aug 2002 07:05:41 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B9DFC37B401
	for <perforce@freebsd.org>; Fri, 23 Aug 2002 07:05:40 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 31BE943E6E
	for <perforce@freebsd.org>; Fri, 23 Aug 2002 07:05:40 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7NE5eJU067683
	for <perforce@freebsd.org>; Fri, 23 Aug 2002 07:05:40 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7NE5dOK067653
	for perforce@freebsd.org; Fri, 23 Aug 2002 07:05:39 -0700 (PDT)
Date: Fri, 23 Aug 2002 07:05:39 -0700 (PDT)
Message-Id: <200208231405.g7NE5dOK067653@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 16462 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16462

Change 16462 by green@green_laptop_2 on 2002/08/23 07:04:41

	* Don't grab Giant implicitly in mac_cred_mmapped_drop_perms(9).
	* Select a good default label (read: "equal") for tty devices.
	* Don't crhold(9) before calling crcopy(9) due to undocumented
	  reference-count assertions.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#257 (text+ko) ====

@@ -202,8 +202,6 @@
 static int	mac_policy_unregister(struct mac_policy_conf *mpc);
 
 static int	mac_stdcreatevnode_ea(struct vnode *vp);
-void		mac_cred_mmapped_drop_perms(struct thread *td,
-		    struct ucred *cred);
 static void	mac_cred_mmapped_drop_perms_recurse(struct thread *td,
 		    struct ucred *cred, struct vm_map *map);
 
@@ -2170,10 +2168,8 @@
 {
 
 	/* XXX freeze all other threads */
-	mtx_lock(&Giant);
 	mac_cred_mmapped_drop_perms_recurse(td, cred,
 	    &td->td_proc->p_vmspace->vm_map);
-	mtx_unlock(&Giant);
 	/* XXX allow other threads to continue */
 }
 
@@ -3136,7 +3132,9 @@
 	crhold(newcred);
 	PROC_UNLOCK(p);
 
+	mtx_lock(&Giant);
 	mac_cred_mmapped_drop_perms(td, newcred);
+	mtx_unlock(&Giant);
 
 	crfree(newcred);	/* Free revocation reference. */
 	crfree(oldcred);

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#3 (text+ko) ====

@@ -743,7 +743,9 @@
 	if (strcmp(dev->si_name, "null") == 0 ||
 	    strcmp(dev->si_name, "zero") == 0 ||
 	    strcmp(dev->si_name, "random") == 0 ||
-	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
+	    strcmp(dev->si_name, "ctty") == 0 ||
+	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 ||
+	    strncmp(dev->si_name, "tty", strlen("tty")) == 0)
 		biba_type = MAC_BIBA_TYPE_EQUAL;
 	else
 		biba_type = MAC_BIBA_TYPE_HIGH;
@@ -2294,7 +2296,12 @@
 	if (subj->mac_biba.mb_flags & MAC_BIBA_FLAG_UPDATESUBJ) {
 		mtx_unlock(&subj->mtx);
 		newcred = crget();
-		crhold(newcred);
+		/*
+		 * Prevent a lock order reversal in
+		 * mac_cred_mmapped_drop_perms; ideally, the other
+		 * user of subj->mtx wouldn't be holding Giant.
+		 */
+		mtx_lock(&Giant);
 		mtx_lock(&subj->mtx);
 		/*
 		 * Check if we lost the race while allocating the cred.
@@ -2304,12 +2311,14 @@
 		PROC_LOCK(p);
 		oldcred = p->p_ucred;
 		crcopy(newcred, oldcred);
+		crhold(newcred);
 		mac_biba_copy(&subj->mac_biba, SLOT(&newcred->cr_label));
 		p->p_ucred = newcred;
 		crfree(oldcred);
 		PROC_UNLOCK(p);
 		mac_cred_mmapped_drop_perms(curthread, newcred);
 	out:
+		mtx_unlock(&Giant);
 		crfree(newcred);
 	}
 	mtx_unlock(&subj->mtx);

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#2 (text+ko) ====


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message