Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/ufs/lfs Move the security checks for lfs_bmapv/lfs_markv...



details:   https://anonhg.NetBSD.org/src/rev/95ae6abe00ba
branches:  trunk
changeset: 809965:95ae6abe00ba
user:      dholland <dholland%NetBSD.org@localhost>
date:      Wed Aug 12 18:23:47 2015 +0000

description:
Move the security checks for lfs_bmapv/lfs_markv into those functions.
(instead of the system call entry points)

Avoids duplication.

While touching these, pass the lwp around instead of the proc -- the
latter was there for no other reason than because once upon a time
struct proc was the first argument of all syscalls.

(For that matter, why not just use curlwp instead of passing it around
all over the place? The cost of passing it to every syscall probably
exceeds the cost of loading it from curcpu, even on machines where
it's not just kept in a register all the time.)

diffstat:

 sys/ufs/lfs/lfs_extern.h   |   6 +++---
 sys/ufs/lfs/lfs_syscalls.c |  42 ++++++++++++++++--------------------------
 sys/ufs/lfs/lfs_vnops.c    |   8 ++++----
 3 files changed, 23 insertions(+), 33 deletions(-)

diffs (176 lines):

diff -r 31d088f947d9 -r 95ae6abe00ba sys/ufs/lfs/lfs_extern.h
--- a/sys/ufs/lfs/lfs_extern.h  Wed Aug 12 18:23:16 2015 +0000
+++ b/sys/ufs/lfs/lfs_extern.h  Wed Aug 12 18:23:47 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: lfs_extern.h,v 1.108 2015/08/12 18:23:16 dholland Exp $        */
+/*     $NetBSD: lfs_extern.h,v 1.109 2015/08/12 18:23:47 dholland Exp $        */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@@ -213,8 +213,8 @@
 /* lfs_syscalls.c */
 int lfs_do_segclean(struct lfs *, unsigned long);
 int lfs_segwait(fsid_t *, struct timeval *);
-int lfs_bmapv(struct proc *, fsid_t *, struct block_info *, int);
-int lfs_markv(struct proc *, fsid_t *, struct block_info *, int);
+int lfs_bmapv(struct lwp *, fsid_t *, struct block_info *, int);
+int lfs_markv(struct lwp *, fsid_t *, struct block_info *, int);
 
 /* lfs_vfsops.c */
 VFS_PROTOS(lfs);
diff -r 31d088f947d9 -r 95ae6abe00ba sys/ufs/lfs/lfs_syscalls.c
--- a/sys/ufs/lfs/lfs_syscalls.c        Wed Aug 12 18:23:16 2015 +0000
+++ b/sys/ufs/lfs/lfs_syscalls.c        Wed Aug 12 18:23:47 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: lfs_syscalls.c,v 1.165 2015/08/12 18:23:16 dholland Exp $      */
+/*     $NetBSD: lfs_syscalls.c,v 1.166 2015/08/12 18:23:47 dholland Exp $      */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007, 2007, 2008
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.165 2015/08/12 18:23:16 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.166 2015/08/12 18:23:47 dholland Exp $");
 
 #ifndef LFS
 # define LFS           /* for prototypes in syscallargs.h */
@@ -119,11 +119,6 @@
        struct lfs *fs;
        struct mount *mntp;
 
-       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-           KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
-       if (error)
-               return (error);
-
        if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
                return (error);
 
@@ -165,11 +160,6 @@
        struct lfs *fs;
        struct mount *mntp;
 
-       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-           KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
-       if (error)
-               return (error);
-
        if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
                return (error);
 
@@ -198,7 +188,7 @@
                blkiov[i].bi_size      = blkiov15[i].bi_size;
        }
 
-       if ((error = lfs_markv(l->l_proc, &fsid, blkiov, blkcnt)) == 0) {
+       if ((error = lfs_markv(l, &fsid, blkiov, blkcnt)) == 0) {
                for (i = 0; i < blkcnt; i++) {
                        blkiov15[i].bi_inode     = blkiov[i].bi_inode;
                        blkiov15[i].bi_lbn       = blkiov[i].bi_lbn;
@@ -222,7 +212,7 @@
 #define        LFS_MARKV_MAX_BLOCKS    (LFS_MAX_BUFS)
 
 int
-lfs_markv(struct proc *p, fsid_t *fsidp, BLOCK_INFO *blkiov,
+lfs_markv(struct lwp *l, fsid_t *fsidp, BLOCK_INFO *blkiov,
     int blkcnt)
 {
        BLOCK_INFO *blkp;
@@ -244,6 +234,11 @@
        /* number of blocks/inodes that we have already bwrite'ed */
        int nblkwritten, ninowritten;
 
+       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+           KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
+       if (error)
+               return (error);
+
        if ((mntp = vfs_getvfs(fsidp)) == NULL)
                return (ENOENT);
 
@@ -548,11 +543,6 @@
        struct lfs *fs;
        struct mount *mntp;
 
-       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-           KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
-       if (error)
-               return (error);
-
        if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
                return (error);
 
@@ -593,11 +583,6 @@
        struct lfs *fs;
        struct mount *mntp;
 
-       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-           KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
-       if (error)
-               return (error);
-
        if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
                return (error);
 
@@ -625,7 +610,7 @@
                blkiov[i].bi_size      = blkiov15[i].bi_size;
        }
 
-       if ((error = lfs_bmapv(l->l_proc, &fsid, blkiov, blkcnt)) == 0) {
+       if ((error = lfs_bmapv(l, &fsid, blkiov, blkcnt)) == 0) {
                for (i = 0; i < blkcnt; i++) {
                        blkiov15[i].bi_inode     = blkiov[i].bi_inode;
                        blkiov15[i].bi_lbn       = blkiov[i].bi_lbn;
@@ -647,7 +632,7 @@
 #endif
 
 int
-lfs_bmapv(struct proc *p, fsid_t *fsidp, BLOCK_INFO *blkiov, int blkcnt)
+lfs_bmapv(struct lwp *l, fsid_t *fsidp, BLOCK_INFO *blkiov, int blkcnt)
 {
        BLOCK_INFO *blkp;
        IFILE *ifp;
@@ -662,6 +647,11 @@
        int cnt, error;
        int numrefed = 0;
 
+       error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+           KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
+       if (error)
+               return (error);
+
        if ((mntp = vfs_getvfs(fsidp)) == NULL)
                return (ENOENT);
 
diff -r 31d088f947d9 -r 95ae6abe00ba sys/ufs/lfs/lfs_vnops.c
--- a/sys/ufs/lfs/lfs_vnops.c   Wed Aug 12 18:23:16 2015 +0000
+++ b/sys/ufs/lfs/lfs_vnops.c   Wed Aug 12 18:23:47 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: lfs_vnops.c,v 1.281 2015/08/03 17:33:54 dholland Exp $ */
+/*     $NetBSD: lfs_vnops.c,v 1.282 2015/08/12 18:23:47 dholland Exp $ */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@@ -125,7 +125,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.281 2015/08/03 17:33:54 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.282 2015/08/12 18:23:47 dholland Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -1821,9 +1821,9 @@
                ++fs->lfs_sleepers;
                mutex_exit(&lfs_lock);
                if (ap->a_command == LFCNBMAPV)
-                       error = lfs_bmapv(l->l_proc, fsidp, blkiov, blkcnt);
+                       error = lfs_bmapv(l, fsidp, blkiov, blkcnt);
                else /* LFCNMARKV */
-                       error = lfs_markv(l->l_proc, fsidp, blkiov, blkcnt);
+                       error = lfs_markv(l, fsidp, blkiov, blkcnt);
                if (error == 0)
                        error = copyout(blkiov, blkvp.blkiov,
                                        blkcnt * sizeof(BLOCK_INFO));



Home | Main Index | Thread Index | Old Index