Define BPFD_LOCK_ASSERT() to assert the BPF descriptor lock.
Assert the BPF descriptor lock in the MAC calls referencing live BPF descriptors. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
This commit is contained in:
parent
d108afc2e8
commit
c1b863ca38
@ -102,6 +102,7 @@ struct bpf_d {
|
|||||||
|
|
||||||
#define BPFD_LOCK(bd) mtx_lock(&(bd)->bd_mtx)
|
#define BPFD_LOCK(bd) mtx_lock(&(bd)->bd_mtx)
|
||||||
#define BPFD_UNLOCK(bd) mtx_unlock(&(bd)->bd_mtx)
|
#define BPFD_UNLOCK(bd) mtx_unlock(&(bd)->bd_mtx)
|
||||||
|
#define BPFD_LOCK_ASSERT(bd) mtx_assert(&(bd)->bd_mtx, MA_OWNED)
|
||||||
|
|
||||||
/* Test whether a BPF is ready for read(). */
|
/* Test whether a BPF is ready for read(). */
|
||||||
#define bpf_ready(bd) \
|
#define bpf_ready(bd) \
|
||||||
|
@ -292,6 +292,8 @@ mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
|
|||||||
{
|
{
|
||||||
struct label *label;
|
struct label *label;
|
||||||
|
|
||||||
|
BPFD_LOCK_ASSERT(bpf_d);
|
||||||
|
|
||||||
label = mac_mbuf_to_label(mbuf);
|
label = mac_mbuf_to_label(mbuf);
|
||||||
|
|
||||||
MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf,
|
MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf,
|
||||||
@ -350,6 +352,8 @@ mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
|
|||||||
{
|
{
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
|
BPFD_LOCK_ASSERT(bpf_d);
|
||||||
|
|
||||||
if (!mac_enforce_network)
|
if (!mac_enforce_network)
|
||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user