diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2004-06-13 02:50:07 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2004-06-13 02:50:07 +0000 |
commit | 310e7ceb94990acce70c4a1230d0f397aaf93555 (patch) | |
tree | b82bb2c8445f7117f831d6287d086e05ebd1953e /sys/compat/svr4/svr4_stream.c | |
parent | cc4dbc7c7d0eb0aaba9bf1ff6ef45b6861057e57 (diff) | |
download | src-310e7ceb94990acce70c4a1230d0f397aaf93555.tar.gz src-310e7ceb94990acce70c4a1230d0f397aaf93555.zip |
Socket MAC labels so_label and so_peerlabel are now protected by
SOCK_LOCK(so):
- Hold socket lock over calls to MAC entry points reading or
manipulating socket labels.
- Assert socket lock in MAC entry point implementations.
- When externalizing the socket label, first make a thread-local
copy while holding the socket lock, then release the socket lock
to externalize to userspace.
Notes
Notes:
svn path=/head/; revision=130398
Diffstat (limited to 'sys/compat/svr4/svr4_stream.c')
-rw-r--r-- | sys/compat/svr4/svr4_stream.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/compat/svr4/svr4_stream.c b/sys/compat/svr4/svr4_stream.c index 6bb41891949b..db7eabcd67af 100644 --- a/sys/compat/svr4/svr4_stream.c +++ b/sys/compat/svr4/svr4_stream.c @@ -171,7 +171,9 @@ svr4_sendit(td, s, mp, flags) return (error); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_send(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done1; #endif @@ -275,7 +277,9 @@ svr4_recvit(td, s, mp, namelenp) return (error); #ifdef MAC + SOCK_LOCK(so); error = mac_check_socket_receive(td->td_ucred, so); + SOCK_UNLOCK(so); if (error) goto done1; #endif |