diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 8ea9d8d7daef..5c2aea6a5cf2 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1657,7 +1657,6 @@ getnewvnode(const char *tag, struct mount *mp, struct vop_vector *vops, KASSERT(vp->v_lockf == NULL, ("stale v_lockf %p", vp)); KASSERT(vp->v_pollinfo == NULL, ("stale v_pollinfo %p", vp)); vp->v_type = VNON; - vp->v_tag = tag; vp->v_op = vops; v_init_counters(vp); vp->v_bufobj.bo_ops = &buf_ops_bio; @@ -3679,7 +3678,7 @@ vgonel(struct vnode *vp) if (mp != NULL) vn_finished_secondary_write(mp); VNASSERT(vp->v_object == NULL, vp, - ("vop_reclaim left v_object vp=%p, tag=%s", vp, vp->v_tag)); + ("vop_reclaim left v_object vp=%p", vp)); /* * Clear the advisory locks and wake up waiting threads. */ @@ -3697,7 +3696,6 @@ vgonel(struct vnode *vp) VI_LOCK(vp); vp->v_vnlock = &vp->v_lock; vp->v_op = &dead_vnodeops; - vp->v_tag = "none"; vp->v_type = VBAD; } @@ -3733,7 +3731,7 @@ vn_printf(struct vnode *vp, const char *fmt, ...) vprintf(fmt, ap); va_end(ap); printf("%p: ", (void *)vp); - printf("tag %s, type %s\n", vp->v_tag, typename[vp->v_type]); + printf("type %s\n", typename[vp->v_type]); printf(" usecount %d, writecount %d, refcount %d", vp->v_usecount, vp->v_writecount, vp->v_holdcnt); switch (vp->v_type) { diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index 5867320a2018..5bf3d25c3bd0 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -737,6 +737,22 @@ MAC_POLICY_SET(&mac_veriexec_ops, mac_veriexec, MAC_VERIEXEC_FULLNAME, MPC_LOADTIME_FLAG_NOTLATE, &mac_veriexec_slot); MODULE_VERSION(mac_veriexec, 1); +static struct vnode * +mac_veriexec_bottom_vnode(struct vnode *vp) +{ + struct vnode *ldvp = NULL; + + /* + * XXX This code is bogus. nullfs is not the only stacking + * filesystem. Less bogus code would add a VOP to reach bottom + * vnode and would not make assumptions how to get there. + */ + if (vp->v_mount != NULL && + strcmp(vp->v_mount->mnt_vfc->vfc_name, "nullfs") == 0) + ldvp = NULLVPTOLOWERVP(vp); + return (ldvp); +} + /** * @brief Get the fingerprint status set on a vnode. * @@ -748,6 +764,7 @@ fingerprint_status_t mac_veriexec_get_fingerprint_status(struct vnode *vp) { fingerprint_status_t fps; + struct vnode *ldvp; fps = SLOT(vp->v_label); switch (fps) { @@ -757,12 +774,9 @@ mac_veriexec_get_fingerprint_status(struct vnode *vp) break; default: /* we may need to recurse */ - if (strcmp(vp->v_tag, "null") == 0) { - struct vnode *ldvp; - - ldvp = NULLVPTOLOWERVP(vp); + ldvp = mac_veriexec_bottom_vnode(vp); + if (ldvp != NULL) return mac_veriexec_get_fingerprint_status(ldvp); - } break; } return fps; @@ -808,12 +822,11 @@ void mac_veriexec_set_fingerprint_status(struct vnode *vp, fingerprint_status_t fp_status) { + struct vnode *ldvp; /* recurse until we find the real storage */ - if (strcmp(vp->v_tag, "null") == 0) { - struct vnode *ldvp; - - ldvp = NULLVPTOLOWERVP(vp); + ldvp = mac_veriexec_bottom_vnode(vp); + if (ldvp != NULL) { mac_veriexec_set_fingerprint_status(ldvp, fp_status); return; } diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 06810eb9a9cd..97a04c3dd088 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -174,7 +174,6 @@ struct vnode { int v_writecount; /* I ref count of writers or (negative) text users */ u_int v_hash; - const char *v_tag; /* u type of underlying data */ }; #endif /* defined(_KERNEL) || defined(_KVM_VNODE) */