Define BPFD_LOCK_ASSERT() to assert the BPF descriptor lock.

Assert the BPF descriptor lock in the MAC calls referencing live BPF descriptors. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
2004-02-29 15:33:56 +00:00 · 2004-02-29 15:33:56 +00:00 · e33d9f2929
commit e33d9f2929
parent f747d2dd90
2 changed files with 5 additions and 0 deletions
--- a/sys/net/bpfdesc.h
+++ b/sys/net/bpfdesc.h
@ -102,6 +102,7 @@ struct bpf_d {

 #define BPFD_LOCK(bd)		mtx_lock(&(bd)->bd_mtx)
 #define BPFD_UNLOCK(bd)		mtx_unlock(&(bd)->bd_mtx)
+#define BPFD_LOCK_ASSERT(bd)	mtx_assert(&(bd)->bd_mtx, MA_OWNED)

 /* Test whether a BPF is ready for read(). */
 #define	bpf_ready(bd)						 \
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@ -292,6 +292,8 @@ mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
 {
 	struct label *label;

+	BPFD_LOCK_ASSERT(bpf_d);
+
 	label = mac_mbuf_to_label(mbuf);

 	MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf,
@ -350,6 +352,8 @@ mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
 {
 	int error;

+	BPFD_LOCK_ASSERT(bpf_d);
+
 	if (!mac_enforce_network)
 		return (0);