diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 411fddbb9eab..4cb5262a6082 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -259,6 +259,7 @@ int mac_proc_check_signal(struct ucred *cred, struct proc *p, int mac_proc_check_wait(struct ucred *cred, struct proc *p); void mac_proc_destroy(struct proc *); void mac_proc_init(struct proc *); +void mac_proc_vm_revoke(struct thread *td); int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); void mac_execve_exit(struct image_params *imgp); void mac_execve_interpreter_enter(struct vnode *interpvp, @@ -434,8 +435,6 @@ int mac_vnode_execve_will_transition(struct ucred *cred, void mac_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *newlabel); -void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); - /* * Calls to help various file systems implement labeling functionality using * their existing EA implementation. diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 98ee6cf692c5..bb29aaabb8e6 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -81,7 +81,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); -static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, +static void mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, struct vm_map *map); struct label * @@ -314,13 +314,20 @@ mac_execve_interpreter_exit(struct label *interpvplabel) * The process lock is not held here. */ void -mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) +mac_proc_vm_revoke(struct thread *td) { + struct ucred *cred; + + PROC_LOCK(td->td_proc); + cred = crhold(td->td_proc->p_ucred); + PROC_UNLOCK(td->td_proc); /* XXX freeze all other threads */ - mac_cred_mmapped_drop_perms_recurse(td, cred, + mac_proc_vm_revoke_recurse(td, cred, &td->td_proc->p_vmspace->vm_map); /* XXX allow other threads to continue */ + + crfree(cred); } static __inline const char * @@ -348,7 +355,7 @@ prot2str(vm_prot_t prot) } static void -mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, +mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, struct vm_map *map) { struct vm_map_entry *vme; @@ -365,7 +372,7 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, vm_map_lock_read(map); for (vme = map->header.next; vme != &map->header; vme = vme->next) { if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { - mac_cred_mmapped_drop_perms_recurse(td, cred, + mac_proc_vm_revoke_recurse(td, cred, vme->object.sub_map); continue; } diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 5cff18561a2c..c4b060641cc4 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -203,17 +203,9 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) mac_cred_relabel(newcred, intlabel); p->p_ucred = newcred; - /* - * Grab additional reference for use while revoking mmaps, prior to - * releasing the proc lock and sharing the cred. - */ - crhold(newcred); PROC_UNLOCK(p); - - mac_cred_mmapped_drop_perms(td, newcred); - - crfree(newcred); /* Free revocation reference. */ crfree(oldcred); + mac_proc_vm_revoke(td); out: mac_cred_label_free(intlabel); diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 2dc438904efe..304a7127c06a 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -2225,9 +2225,9 @@ lomac_thread_userret(struct thread *td) mtx_unlock(&subj->mtx); newcred = crget(); /* - * Prevent a lock order reversal in - * mac_cred_mmapped_drop_perms; ideally, the other user of - * subj->mtx wouldn't be holding Giant. + * Prevent a lock order reversal in mac_proc_vm_revoke; + * ideally, the other user of subj->mtx wouldn't be holding + * Giant. */ mtx_lock(&Giant); PROC_LOCK(p); @@ -2250,7 +2250,7 @@ lomac_thread_userret(struct thread *td) mtx_unlock(&subj->mtx); PROC_UNLOCK(p); if (dodrop) - mac_cred_mmapped_drop_perms(curthread, newcred); + mac_proc_vm_revoke(curthread); mtx_unlock(&Giant); } else { mtx_unlock(&subj->mtx);