CVS commit: src/sys/ufs/lfs

David A. Holland Wed, 12 Aug 2015 11:24:23 -0700

Module Name:    src
Committed By:   dholland
Date:           Wed Aug 12 18:23:47 UTC 2015


Modified Files:
        src/sys/ufs/lfs: lfs_extern.h lfs_syscalls.c lfs_vnops.c

Log Message:
Move the security checks for lfs_bmapv/lfs_markv into those functions.
(instead of the system call entry points)

Avoids duplication.

While touching these, pass the lwp around instead of the proc -- the
latter was there for no other reason than because once upon a time
struct proc was the first argument of all syscalls.

(For that matter, why not just use curlwp instead of passing it around
all over the place? The cost of passing it to every syscall probably
exceeds the cost of loading it from curcpu, even on machines where
it's not just kept in a register all the time.)


To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 src/sys/ufs/lfs/lfs_extern.h
cvs rdiff -u -r1.165 -r1.166 src/sys/ufs/lfs/lfs_syscalls.c
cvs rdiff -u -r1.281 -r1.282 src/sys/ufs/lfs/lfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/ufs/lfs/lfs_extern.h
diff -u src/sys/ufs/lfs/lfs_extern.h:1.108 src/sys/ufs/lfs/lfs_extern.h:1.109
--- src/sys/ufs/lfs/lfs_extern.h:1.108	Wed Aug 12 18:23:16 2015
+++ src/sys/ufs/lfs/lfs_extern.h	Wed Aug 12 18:23:47 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_extern.h,v 1.108 2015/08/12 18:23:16 dholland Exp $	*/
+/*	$NetBSD: lfs_extern.h,v 1.109 2015/08/12 18:23:47 dholland Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@@ -213,8 +213,8 @@ void lfs_wakeup_cleaner(struct lfs *);
 /* lfs_syscalls.c */
 int lfs_do_segclean(struct lfs *, unsigned long);
 int lfs_segwait(fsid_t *, struct timeval *);
-int lfs_bmapv(struct proc *, fsid_t *, struct block_info *, int);
-int lfs_markv(struct proc *, fsid_t *, struct block_info *, int);
+int lfs_bmapv(struct lwp *, fsid_t *, struct block_info *, int);
+int lfs_markv(struct lwp *, fsid_t *, struct block_info *, int);
 
 /* lfs_vfsops.c */
 VFS_PROTOS(lfs);

Index: src/sys/ufs/lfs/lfs_syscalls.c
diff -u src/sys/ufs/lfs/lfs_syscalls.c:1.165 src/sys/ufs/lfs/lfs_syscalls.c:1.166
--- src/sys/ufs/lfs/lfs_syscalls.c:1.165	Wed Aug 12 18:23:16 2015
+++ src/sys/ufs/lfs/lfs_syscalls.c	Wed Aug 12 18:23:47 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_syscalls.c,v 1.165 2015/08/12 18:23:16 dholland Exp $	*/
+/*	$NetBSD: lfs_syscalls.c,v 1.166 2015/08/12 18:23:47 dholland Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007, 2007, 2008
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.165 2015/08/12 18:23:16 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.166 2015/08/12 18:23:47 dholland Exp $");
 
 #ifndef LFS
 # define LFS		/* for prototypes in syscallargs.h */
@@ -119,11 +119,6 @@ sys_lfs_markv(struct lwp *l, const struc
 	struct lfs *fs;
 	struct mount *mntp;
 
-	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-	    KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
-	if (error)
-		return (error);
-
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
 		return (error);
 
@@ -165,11 +160,6 @@ sys_lfs_markv(struct lwp *l, const struc
 	struct lfs *fs;
 	struct mount *mntp;
 
-	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-	    KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
-	if (error)
-		return (error);
-
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
 		return (error);
 
@@ -198,7 +188,7 @@ sys_lfs_markv(struct lwp *l, const struc
 		blkiov[i].bi_size      = blkiov15[i].bi_size;
 	}
 
-	if ((error = lfs_markv(l->l_proc, &fsid, blkiov, blkcnt)) == 0) {
+	if ((error = lfs_markv(l, &fsid, blkiov, blkcnt)) == 0) {
 		for (i = 0; i < blkcnt; i++) {
 			blkiov15[i].bi_inode	 = blkiov[i].bi_inode;
 			blkiov15[i].bi_lbn	 = blkiov[i].bi_lbn;
@@ -222,7 +212,7 @@ sys_lfs_markv(struct lwp *l, const struc
 #define	LFS_MARKV_MAX_BLOCKS	(LFS_MAX_BUFS)
 
 int
-lfs_markv(struct proc *p, fsid_t *fsidp, BLOCK_INFO *blkiov,
+lfs_markv(struct lwp *l, fsid_t *fsidp, BLOCK_INFO *blkiov,
     int blkcnt)
 {
 	BLOCK_INFO *blkp;
@@ -244,6 +234,11 @@ lfs_markv(struct proc *p, fsid_t *fsidp,
 	/* number of blocks/inodes that we have already bwrite'ed */
 	int nblkwritten, ninowritten;
 
+	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+	    KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((mntp = vfs_getvfs(fsidp)) == NULL)
 		return (ENOENT);
 
@@ -548,11 +543,6 @@ sys_lfs_bmapv(struct lwp *l, const struc
 	struct lfs *fs;
 	struct mount *mntp;
 
-	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-	    KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
-	if (error)
-		return (error);
-
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
 		return (error);
 
@@ -593,11 +583,6 @@ sys_lfs_bmapv(struct lwp *l, const struc
 	struct lfs *fs;
 	struct mount *mntp;
 
-	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
-	    KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
-	if (error)
-		return (error);
-
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
 		return (error);
 
@@ -625,7 +610,7 @@ sys_lfs_bmapv(struct lwp *l, const struc
 		blkiov[i].bi_size      = blkiov15[i].bi_size;
 	}
 
-	if ((error = lfs_bmapv(l->l_proc, &fsid, blkiov, blkcnt)) == 0) {
+	if ((error = lfs_bmapv(l, &fsid, blkiov, blkcnt)) == 0) {
 		for (i = 0; i < blkcnt; i++) {
 			blkiov15[i].bi_inode	 = blkiov[i].bi_inode;
 			blkiov15[i].bi_lbn	 = blkiov[i].bi_lbn;
@@ -647,7 +632,7 @@ sys_lfs_bmapv(struct lwp *l, const struc
 #endif
 
 int
-lfs_bmapv(struct proc *p, fsid_t *fsidp, BLOCK_INFO *blkiov, int blkcnt)
+lfs_bmapv(struct lwp *l, fsid_t *fsidp, BLOCK_INFO *blkiov, int blkcnt)
 {
 	BLOCK_INFO *blkp;
 	IFILE *ifp;
@@ -662,6 +647,11 @@ lfs_bmapv(struct proc *p, fsid_t *fsidp,
 	int cnt, error;
 	int numrefed = 0;
 
+	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+	    KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((mntp = vfs_getvfs(fsidp)) == NULL)
 		return (ENOENT);
 

Index: src/sys/ufs/lfs/lfs_vnops.c
diff -u src/sys/ufs/lfs/lfs_vnops.c:1.281 src/sys/ufs/lfs/lfs_vnops.c:1.282
--- src/sys/ufs/lfs/lfs_vnops.c:1.281	Mon Aug  3 17:33:54 2015
+++ src/sys/ufs/lfs/lfs_vnops.c	Wed Aug 12 18:23:47 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_vnops.c,v 1.281 2015/08/03 17:33:54 dholland Exp $	*/
+/*	$NetBSD: lfs_vnops.c,v 1.282 2015/08/12 18:23:47 dholland Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@@ -125,7 +125,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.281 2015/08/03 17:33:54 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.282 2015/08/12 18:23:47 dholland Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -1821,9 +1821,9 @@ segwait_common:
 		++fs->lfs_sleepers;
 		mutex_exit(&lfs_lock);
 		if (ap->a_command == LFCNBMAPV)
-			error = lfs_bmapv(l->l_proc, fsidp, blkiov, blkcnt);
+			error = lfs_bmapv(l, fsidp, blkiov, blkcnt);
 		else /* LFCNMARKV */
-			error = lfs_markv(l->l_proc, fsidp, blkiov, blkcnt);
+			error = lfs_markv(l, fsidp, blkiov, blkcnt);
 		if (error == 0)
 			error = copyout(blkiov, blkvp.blkiov,
 					blkcnt * sizeof(BLOCK_INFO));

CVS commit: src/sys/ufs/lfs

Reply via email to