PERFORCE change 41570 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=41570

Change 41570 by rwatson at rwatson_paprika on 2003/11/05 22:22:44

	Use MAC label UMA zone for pipe labels, rather than their own
	malloc pool.  Currently, the zone is used only for labels on
	pipes themselves, and we retain the externally visible functions
	to initialize and destroy temporary pipe labels used in
	kern_mac.c for internalization/externalization.  Better
	abstraction will migrate that code into mac_pipe.c, or other
	objects will also use dynamically allocated labels at some
	point.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_pipe.c#7 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_pipe.c#7 (text+ko) ====

@@ -61,8 +61,6 @@
     &nmacpipes, 0, "number of pipes in use");
 #endif
 
-MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
-
 void
 mac_init_pipe_label(struct label *label)
 {
@@ -72,15 +70,23 @@
 	MAC_DEBUG_COUNTER_INC(&nmacpipes);
 }
 
+static struct label *
+mac_pipe_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_pipe_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacpipes);
+	return (label);
+}
+
 void
 mac_init_pipe(struct pipe *pipe)
 {
-	struct label *label;
 
-	label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
-	pipe->pipe_label = label;
-	pipe->pipe_peer->pipe_label = label;
-	mac_init_pipe_label(label);
+	pipe->pipe_label = pipe->pipe_peer->pipe_label =
+	    mac_pipe_label_alloc();
 }
 
 void
@@ -92,12 +98,20 @@
 	MAC_DEBUG_COUNTER_DEC(&nmacpipes);
 }
 
+static void
+mac_pipe_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_pipe_label, label);
+	MAC_DEBUG_COUNTER_DEC(&nmacpipes);
+}
+
 void
 mac_destroy_pipe(struct pipe *pipe)
 {
 
-	mac_destroy_pipe_label(pipe->pipe_label);
-	free(pipe->pipe_label, M_MACPIPELABEL);
+	mac_pipe_label_free(pipe->pipe_label);
+	pipe->pipe_label = NULL;
 }
 
 void