PERFORCE change 41812 for review
Robert Watson
rwatson at FreeBSD.org
Sun Nov 9 09:44:17 PST 2003
http://perforce.freebsd.org/chv.cgi?CH=41812
Change 41812 by rwatson at rwatson_paprika on 2003/11/09 09:43:58
For System V IPC objects, store a (struct label *) instead of
a (struct label) to make changes in the size/shape of
struct label ABI-clean. Use the label UMA zone to allocate
label storage.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#18 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/sys/msg.h#7 edit
.. //depot/projects/trustedbsd/mac/sys/sys/msg_msg.h#2 edit
.. //depot/projects/trustedbsd/mac/sys/sys/sem.h#6 edit
.. //depot/projects/trustedbsd/mac/sys/sys/shm.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#17 (text+ko) ====
@@ -38,7 +38,6 @@
#include <sys/jail.h>
#ifdef MAC
#include <sys/msg_msg.h>
-#include <sys/_label.h>
#include <sys/mac.h>
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#18 (text+ko) ====
@@ -27,7 +27,6 @@
#include <sys/malloc.h>
#include <sys/jail.h>
#ifdef MAC
-#include <sys/_label.h>
#include <sys/mac.h>
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#17 (text+ko) ====
@@ -53,7 +53,6 @@
#include <sys/sysproto.h>
#include <sys/jail.h>
#ifdef MAC
-#include <sys/_label.h>
#include <sys/mac.h>
#endif
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#5 (text+ko) ====
@@ -67,40 +67,75 @@
&nmacipcmsqs, 0, "number of sysv ipc message queue identifiers inuse");
#endif
+static struct label *
+mac_ipc_msgmsg_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_ipc_msgmsg_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacipcmsgs);
+ return (label);
+}
+
void
mac_init_ipc_msgmsg(struct msg *msgptr)
{
- mac_init_label(&msgptr->label);
- MAC_PERFORM(init_ipc_msgmsg_label, &msgptr->label);
- MAC_DEBUG_COUNTER_INC(&nmacipcmsgs);
+ msgptr->label = mac_ipc_msgmsg_label_alloc();
+}
+
+static struct label *
+mac_ipc_msgqueue_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_ipc_msgqueue_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacipcmsqs);
+ return (label);
}
void
mac_init_ipc_msgqueue(struct msqid_kernel *msqkptr)
{
- mac_init_label(&msqkptr->label);
- MAC_PERFORM(init_ipc_msgqueue_label, &msqkptr->label);
- MAC_DEBUG_COUNTER_INC(&nmacipcmsqs);
+ msqkptr->label = mac_ipc_msgqueue_label_alloc();
+ msqkptr->label = NULL;
+}
+
+static void
+mac_ipc_msgmsg_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_ipc_msgmsg_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs);
}
void
mac_destroy_ipc_msgmsg(struct msg *msgptr)
{
- MAC_PERFORM(destroy_ipc_msgmsg_label, &msgptr->label);
- mac_destroy_label(&msgptr->label);
- MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs);
+ mac_ipc_msgmsg_label_free(msgptr->label);
+ msgptr->label = NULL;
+}
+
+static void
+mac_ipc_msgqueue_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_ipc_msgqueue_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs);
}
void
mac_destroy_ipc_msgqueue(struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(destroy_ipc_msgqueue_label, &msqkptr->label);
- mac_destroy_label(&msqkptr->label);
- MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs);
+ mac_ipc_msgqueue_label_free(msqkptr->label);
+ msqkptr->label = NULL;
}
void
@@ -108,29 +143,29 @@
struct msg *msgptr)
{
- MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, &msqkptr->label,
- msgptr, &msgptr->label);
+ MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, msqkptr->label,
+ msgptr, msgptr->label);
}
void
mac_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, &msqkptr->label);
+ MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, msqkptr->label);
}
void
mac_cleanup_ipc_msgmsg(struct msg *msgptr)
{
- MAC_PERFORM(cleanup_ipc_msgmsg, &msgptr->label);
+ MAC_PERFORM(cleanup_ipc_msgmsg, msgptr->label);
}
void
mac_cleanup_ipc_msgqueue(struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(cleanup_ipc_msgqueue, &msqkptr->label);
+ MAC_PERFORM(cleanup_ipc_msgqueue, msqkptr->label);
}
int
@@ -142,8 +177,8 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msgmsq, cred, msgptr, &msgptr->label, msqkptr,
- &msqkptr->label);
+ MAC_CHECK(check_ipc_msgmsq, cred, msgptr, msgptr->label, msqkptr,
+ msqkptr->label);
return(error);
}
@@ -156,7 +191,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msgrcv, cred, msgptr, &msgptr->label);
+ MAC_CHECK(check_ipc_msgrcv, cred, msgptr, msgptr->label);
return(error);
}
@@ -169,7 +204,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msgrmid, cred, msgptr, &msgptr->label);
+ MAC_CHECK(check_ipc_msgrmid, cred, msgptr, msgptr->label);
return(error);
}
@@ -182,7 +217,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msqget, cred, msqkptr, &msqkptr->label);
+ MAC_CHECK(check_ipc_msqget, cred, msqkptr, msqkptr->label);
return(error);
}
@@ -195,7 +230,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, &msqkptr->label);
+ MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, msqkptr->label);
return(error);
}
@@ -208,7 +243,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, &msqkptr->label);
+ MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, msqkptr->label);
return(error);
}
@@ -222,7 +257,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_msqctl, cred, msqkptr, &msqkptr->label, cmd);
+ MAC_CHECK(check_ipc_msqctl, cred, msqkptr, msqkptr->label, cmd);
return(error);
}
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#5 (text+ko) ====
@@ -59,36 +59,53 @@
&nmacipcsemass, 0, "number of sysv ipc semaphore identifiers inuse");
#endif
+static struct label *
+mac_ipc_sema_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_ipc_sema_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacipcsemas);
+ return (label);
+}
+
void
mac_init_ipc_sema(struct semid_kernel *semakptr)
{
- mac_init_label(&semakptr->label);
- MAC_PERFORM(init_ipc_sema_label, &semakptr->label);
- MAC_DEBUG_COUNTER_INC(&nmacipcsemas);
+ semakptr->label = mac_ipc_sema_label_alloc();
+}
+
+static void
+mac_ipc_sema_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_ipc_sema_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacipcsemas);
}
void
mac_destroy_ipc_sema(struct semid_kernel *semakptr)
{
- MAC_PERFORM(destroy_ipc_sema_label, &semakptr->label);
- mac_destroy_label(&semakptr->label);
- MAC_DEBUG_COUNTER_DEC(&nmacipcsemas);
+ mac_ipc_sema_label_free(semakptr->label);
+ semakptr->label = NULL;
}
void
mac_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr)
{
- MAC_PERFORM(create_ipc_sema, cred, semakptr, &semakptr->label);
+ MAC_PERFORM(create_ipc_sema, cred, semakptr, semakptr->label);
}
void
mac_cleanup_ipc_sema(struct semid_kernel *semakptr)
{
- MAC_PERFORM(cleanup_ipc_sema, &semakptr->label);
+ MAC_PERFORM(cleanup_ipc_sema, semakptr->label);
}
int
@@ -100,7 +117,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_semctl, cred, semakptr, &semakptr->label, cmd);
+ MAC_CHECK(check_ipc_semctl, cred, semakptr, semakptr->label, cmd);
return(error);
}
@@ -113,7 +130,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_semget, cred, semakptr, &semakptr->label);
+ MAC_CHECK(check_ipc_semget, cred, semakptr, semakptr->label);
return(error);
}
@@ -127,7 +144,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_semop, cred, semakptr, &semakptr->label,
+ MAC_CHECK(check_ipc_semop, cred, semakptr, semakptr->label,
accesstype);
return(error);
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#5 (text+ko) ====
@@ -59,36 +59,53 @@
&nmacipcshms, 0, "number of sysv ipc shm identifiers inuse");
#endif
+static struct label *
+mac_ipc_shm_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_ipc_shm_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacipcshms);
+ return (label);
+}
+
void
mac_init_ipc_shm(struct shmid_kernel *shmsegptr)
{
- mac_init_label(&shmsegptr->label);
- MAC_PERFORM(init_ipc_shm_label, &shmsegptr->label);
- MAC_DEBUG_COUNTER_INC(&nmacipcshms);
+ shmsegptr->label = mac_ipc_shm_label_alloc();
+}
+
+static void
+mac_ipc_shm_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_ipc_shm_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacipcshms);
}
void
mac_destroy_ipc_shm(struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(destroy_ipc_shm_label, &shmsegptr->label);
- mac_destroy_label(&shmsegptr->label);
- MAC_DEBUG_COUNTER_DEC(&nmacipcshms);
+ mac_ipc_shm_label_free(shmsegptr->label);
+ shmsegptr->label = NULL;
}
void
mac_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label);
+ MAC_PERFORM(create_ipc_shm, cred, shmsegptr, shmsegptr->label);
}
void
mac_cleanup_ipc_shm(struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(cleanup_ipc_shm, &shmsegptr->label);
+ MAC_PERFORM(cleanup_ipc_shm, shmsegptr->label);
}
int
@@ -100,7 +117,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_shmat, cred, shmsegptr, &shmsegptr->label,
+ MAC_CHECK(check_ipc_shmat, cred, shmsegptr, shmsegptr->label,
shmflg);
return(error);
@@ -115,7 +132,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, &shmsegptr->label,
+ MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, shmsegptr->label,
cmd);
return(error);
@@ -129,7 +146,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, &shmsegptr->label);
+ MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, shmsegptr->label);
return(error);
}
@@ -143,7 +160,7 @@
if (!mac_enforce_sysv)
return (0);
- MAC_CHECK(check_ipc_shmget, cred, shmsegptr, &shmsegptr->label,
+ MAC_CHECK(check_ipc_shmget, cred, shmsegptr, shmsegptr->label,
shmflg);
return(error);
==== //depot/projects/trustedbsd/mac/sys/sys/msg.h#7 (text+ko) ====
@@ -26,7 +26,6 @@
#include <sys/cdefs.h>
#include <sys/_types.h>
#include <sys/ipc.h>
-#include <sys/_label.h>
/*
* The MSG_NOERROR identifier value, the msqid_ds struct and the msg struct
@@ -126,7 +125,7 @@
{
struct msqid_ds u;
/* the following are private */
- struct label label; /* MAC label */
+ struct label *label; /* MAC label */
};
#else /* !_KERNEL */
==== //depot/projects/trustedbsd/mac/sys/sys/msg_msg.h#2 (text+ko) ====
@@ -22,7 +22,6 @@
#include <sys/cdefs.h>
#include <sys/_types.h>
-#include <sys/_label.h>
#ifdef _KERNEL
@@ -41,7 +40,7 @@
/* 0 -> free header */
unsigned short msg_ts; /* size of this message */
short msg_spot; /* location of start of msg in buffer */
- struct label label; /* MAC Framework label */
+ struct label *label; /* MAC Framework label */
};
#endif /* _KERNEL */
==== //depot/projects/trustedbsd/mac/sys/sys/sem.h#6 (text+ko) ====
@@ -11,7 +11,6 @@
#define _SYS_SEM_H_
#include <sys/ipc.h>
-#include <sys/_label.h>
struct sem;
@@ -89,7 +88,7 @@
struct semid_kernel {
struct semid_ds u;
/* the following are private */
- struct label label; /* MAC framework label */
+ struct label *label; /* MAC framework label */
};
/* internal "mode" bits */
==== //depot/projects/trustedbsd/mac/sys/sys/shm.h#6 (text+ko) ====
@@ -40,7 +40,6 @@
#define _SYS_SHM_H_
#include <sys/ipc.h>
-#include <sys/_label.h>
#define SHM_RDONLY 010000 /* Attach read-only (else read-write) */
#define SHM_RND 020000 /* Round attach address to SHMLBA */
@@ -93,7 +92,7 @@
struct shmid_kernel {
struct shmid_ds u;
/* the following are private */
- struct label label; /* MAC label */
+ struct label *label; /* MAC label */
};
extern struct shminfo shminfo;
More information about the p4-projects
mailing list