The branch main has been updated by olce:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=83fcbbff6b01ebbd1d8538cb5396d87d0a816db6

commit 83fcbbff6b01ebbd1d8538cb5396d87d0a816db6
Author:     Olivier Certner <o...@freebsd.org>
AuthorDate: 2024-07-01 14:50:40 +0000
Commit:     Olivier Certner <o...@freebsd.org>
CommitDate: 2024-12-16 14:42:33 +0000

    MAC/do: Use prison_lock()/prison_unlock()
    
    Instead of fiddling directly with 'pr_mtx'.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47595
---
 sys/security/mac_do/mac_do.c | 46 ++++++++++++++++++++++----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 1037a4811ada..ce4ab7fa9e3a 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -160,7 +160,7 @@ find_rules(struct prison *spr, struct prison **prp)
        struct rules *rules;
 
        for (pr = spr;; pr = pr->pr_parent) {
-               mtx_lock(&pr->pr_mtx);
+               prison_lock(pr);
                if (pr == &prison0) {
                        rules = &rules0;
                        break;
@@ -168,7 +168,7 @@ find_rules(struct prison *spr, struct prison **prp)
                rules = osd_jail_get(pr, mac_do_osd_jail_slot);
                if (rules != NULL)
                        break;
-               mtx_unlock(&pr->pr_mtx);
+               prison_unlock(pr);
        }
        *prp = pr;
 
@@ -185,15 +185,15 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
        int error;
 
        rules = find_rules(req->td->td_ucred->cr_prison, &pr);
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
        if (req->newptr == NULL)
                return (sysctl_handle_string(oidp, rules->string, 
MAC_RULE_STRING_LEN, req));
 
        new_string = malloc(MAC_RULE_STRING_LEN, M_DO,
            M_WAITOK|M_ZERO);
-       mtx_lock(&pr->pr_mtx);
+       prison_lock(pr);
        strlcpy(new_string, rules->string, MAC_RULE_STRING_LEN);
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
 
        error = sysctl_handle_string(oidp, new_string, MAC_RULE_STRING_LEN, 
req);
        if (error)
@@ -204,11 +204,11 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
        if (error)
                goto out;
        TAILQ_INIT(&saved_head);
-       mtx_lock(&pr->pr_mtx);
+       prison_lock(pr);
        TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
        TAILQ_CONCAT(&rules->head, &head, r_entries);
        strlcpy(rules->string, new_string, MAC_RULE_STRING_LEN);
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
        toast_rules(&saved_head);
 
 out:
@@ -239,7 +239,7 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
        if (ppr == pr)
                goto done;
 
-       mtx_unlock(&ppr->pr_mtx);
+       prison_unlock(ppr);
        new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO);
        rsv = osd_reserve(mac_do_osd_jail_slot);
        rules = find_rules(pr, &ppr);
@@ -248,14 +248,14 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
                osd_free_reserved(rsv);
                goto done;
        }
-       mtx_lock(&pr->pr_mtx);
+       prison_lock(pr);
        osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules);
        TAILQ_INIT(&new_rules->head);
 done:
        if (lrp != NULL)
                *lrp = rules;
-       mtx_unlock(&pr->pr_mtx);
-       mtx_unlock(&ppr->pr_mtx);
+       prison_unlock(pr);
+       prison_unlock(ppr);
 }
 
 static void
@@ -286,9 +286,9 @@ mac_do_prison_set(void *obj, void *data)
                jsys = JAIL_SYS_NEW;
        switch (jsys) {
        case JAIL_SYS_INHERIT:
-               mtx_lock(&pr->pr_mtx);
+               prison_lock(pr);
                osd_jail_del(pr, mac_do_osd_jail_slot);
-               mtx_unlock(&pr->pr_mtx);
+               prison_unlock(pr);
                break;
        case JAIL_SYS_NEW:
                mac_do_alloc_prison(pr, &rules);
@@ -299,11 +299,11 @@ mac_do_prison_set(void *obj, void *data)
                if (error)
                        return (1);
                TAILQ_INIT(&saved_head);
-               mtx_lock(&pr->pr_mtx);
+               prison_lock(pr);
                TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
                TAILQ_CONCAT(&rules->head, &head, r_entries);
                strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN);
-               mtx_unlock(&pr->pr_mtx);
+               prison_unlock(pr);
                toast_rules(&saved_head);
                break;
        }
@@ -329,7 +329,7 @@ mac_do_prison_get(void *obj, void *data)
        error = vfs_setopts(opts, "mdo.rules", rules->string);
        if (error != 0 && error != ENOENT)
                goto done;
-       mtx_unlock(&ppr->pr_mtx);
+       prison_unlock(ppr);
        error = 0;
 done:
        return (0);
@@ -350,9 +350,9 @@ mac_do_prison_remove(void *obj, void *data __unused)
        struct prison *pr = obj;
        struct rules *r;
 
-       mtx_lock(&pr->pr_mtx);
+       prison_lock(pr);
        r = osd_jail_get(pr, mac_do_osd_jail_slot);
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
        toast_rules(&r->head);
        return (0);
 }
@@ -431,14 +431,14 @@ priv_grant(struct ucred *cred, int priv)
                        switch (priv) {
                        case PRIV_CRED_SETGROUPS:
                        case PRIV_CRED_SETUID:
-                               mtx_unlock(&pr->pr_mtx);
+                               prison_unlock(pr);
                                return (0);
                        default:
                                break;
                        }
                }
        }
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
        return (EPERM);
 }
 
@@ -467,11 +467,11 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t 
*groups)
        rule = find_rules(cred->cr_prison, &pr);
        TAILQ_FOREACH(r, &rule->head, r_entries) {
                if (rule_applies(cred, r)) {
-                       mtx_unlock(&pr->pr_mtx);
+                       prison_unlock(pr);
                        return (0);
                }
        }
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
 
        return (EPERM);
 }
@@ -527,7 +527,7 @@ check_setuid(struct ucred *cred, uid_t uid)
                        }
                }
        }
-       mtx_unlock(&pr->pr_mtx);
+       prison_unlock(pr);
        return (error);
 }
 

Reply via email to