tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kauth(9) call inside splnet() in if_bridge.c
Hi,
Attached is a diff to move the kauth(9) call in if_bridge.c outside the
splnet() surrounded code.
IIUC, this is something we're interested in, please review. :)
Thanks,
-e.
Index: if_bridge.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_bridge.c,v
retrieving revision 1.68
diff -u -p -r1.68 if_bridge.c
--- if_bridge.c 4 Apr 2009 15:53:49 -0000 1.68
+++ if_bridge.c 8 May 2009 14:38:48 -0000
@@ -445,9 +445,27 @@ bridge_ioctl(struct ifnet *ifp, u_long c
struct ifbrparam ifbrparam;
} args;
struct ifdrv *ifd = (struct ifdrv *) data;
- const struct bridge_control *bc;
+ const struct bridge_control *bc = NULL; /* XXXGCC */
int s, error = 0;
+ /* Authorize command before calling splnet(). */
+ switch (cmd) {
+ case SIOCGDRVSPEC:
+ case SIOCSDRVSPEC:
+ bc = &bridge_control_table[ifd->ifd_cmd];
+
+ /* We only care about BC_F_SUSER at this point. */
+ if ((bc->bc_flags & BC_F_SUSER) == 0)
+ break;
+
+ error = kauth_authorize_generic(l->l_cred,
+ KAUTH_GENERIC_ISSUSER, NULL);
+ if (error)
+ return (error);
+
+ break;
+ }
+
s = splnet();
switch (cmd) {
@@ -457,7 +475,6 @@ bridge_ioctl(struct ifnet *ifp, u_long c
error = EINVAL;
break;
}
- bc = &bridge_control_table[ifd->ifd_cmd];
if (cmd == SIOCGDRVSPEC &&
(bc->bc_flags & BC_F_COPYOUT) == 0) {
@@ -470,12 +487,7 @@ bridge_ioctl(struct ifnet *ifp, u_long c
break;
}
- if (bc->bc_flags & BC_F_SUSER) {
- error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
- if (error)
- break;
- }
+ /* BC_F_SUSER is checked above, before splnet(). */
if (ifd->ifd_len != bc->bc_argsize ||
ifd->ifd_len > sizeof(args)) {
Home |
Main Index |
Thread Index |
Old Index