aboutsummaryrefslogtreecommitdiff
path: root/sys/compat/svr4/svr4_stream.c
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2004-06-13 02:50:07 +0000
committerRobert Watson <rwatson@FreeBSD.org>2004-06-13 02:50:07 +0000
commit310e7ceb94990acce70c4a1230d0f397aaf93555 (patch)
treeb82bb2c8445f7117f831d6287d086e05ebd1953e /sys/compat/svr4/svr4_stream.c
parentcc4dbc7c7d0eb0aaba9bf1ff6ef45b6861057e57 (diff)
downloadsrc-310e7ceb94990acce70c4a1230d0f397aaf93555.tar.gz
src-310e7ceb94990acce70c4a1230d0f397aaf93555.zip
Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so): - Hold socket lock over calls to MAC entry points reading or manipulating socket labels. - Assert socket lock in MAC entry point implementations. - When externalizing the socket label, first make a thread-local copy while holding the socket lock, then release the socket lock to externalize to userspace.
Notes
Notes: svn path=/head/; revision=130398
Diffstat (limited to 'sys/compat/svr4/svr4_stream.c')
-rw-r--r--sys/compat/svr4/svr4_stream.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/compat/svr4/svr4_stream.c b/sys/compat/svr4/svr4_stream.c
index 6bb41891949b..db7eabcd67af 100644
--- a/sys/compat/svr4/svr4_stream.c
+++ b/sys/compat/svr4/svr4_stream.c
@@ -171,7 +171,9 @@ svr4_sendit(td, s, mp, flags)
return (error);
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_send(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done1;
#endif
@@ -275,7 +277,9 @@ svr4_recvit(td, s, mp, namelenp)
return (error);
#ifdef MAC
+ SOCK_LOCK(so);
error = mac_check_socket_receive(td->td_ucred, so);
+ SOCK_UNLOCK(so);
if (error)
goto done1;
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 10:16:22 +0000