PERFORCE change 114584 for review

Todd Miller millert at FreeBSD.org
Thu Feb 15 20:28:12 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=114584

Change 114584 by millert at millert_p4 on 2007/02/15 20:27:17

	Make avc audit rouines use uma_zalloc() and keep a spare
	buffer around for efficiency.  Also add some more types to
	linux-compat.h and remove the non-kernel pieces.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_audit.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#5 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_audit.c#2 (text+ko) ====

@@ -33,11 +33,13 @@
 #include <sys/lock.h>
 #include <sys/mutex.h>
 #include <sys/systm.h>
+#include <vm/uma.h>
 
 #include <machine/stdarg.h>
 
 #include <security/sebsd/linux-compat.h>
 #include <security/sebsd/sebsd.h>
+#include <security/sebsd/avc/avc.h>
 
 /*
  * Emulate Linux audit API.
@@ -45,7 +47,7 @@
  * TBD: use a freelist so we don't have to mallc/free so much.
  */
 
-static struct mtx avc_log_lock;
+struct mtx avc_log_lock;
 MTX_SYSINIT(avc_log_lock, &avc_log_lock, "SEBSD message lock", MTX_DEF); 
 
 struct audit_buffer {
@@ -53,15 +55,34 @@
 	char buf[1024];
 };
 
+static uma_zone_t avc_audit_zone;		/* audit buffer zone */
+static struct audit_buffer *spare_buf;		/* spare buffer */
+
+void
+avc_audit_init(void)
+{
+
+	avc_audit_zone = uma_zcreate("avc_audit", sizeof(struct audit_buffer),
+	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
+	spare_buf = uma_zalloc(avc_audit_zone, M_WAITOK);
+}
+
 struct audit_buffer *
-audit_log_start(void)
+_audit_log_start(int flag)
 {
-	struct audit_buffer *ab;
+	struct audit_buffer *ab = spare_buf;
 
-	ab = sebsd_malloc(sizeof(*ab), M_SEBSD, M_NOWAIT);
+	/* Use a free buffer if available, else alloc a new one. */
+	if (ab != NULL &&
+	    atomic_cmpset_ptr((intptr_t *)&spare_buf, (intptr_t)ab, 0) == 0)
+		ab = NULL;
 	if (ab == NULL) {
-		printf("%s: unable to allocate audit buffer\n", __func__);
-		return (NULL);
+		ab = uma_zalloc(avc_audit_zone, flag);
+		if (ab == NULL) {
+			printf("%s: unable to allocate audit buffer\n",
+			    __func__);
+			return (NULL);
+		}
 	}
 	sbuf_new(&ab->sbuf, ab->buf, sizeof(ab->buf), SBUF_FIXEDLEN);
 	return (ab);
@@ -75,24 +96,13 @@
 	mtx_lock(&avc_log_lock);
 	printf("\n%s\n", sbuf_data(&ab->sbuf));
 	mtx_unlock(&avc_log_lock);
-	sbuf_delete(&ab->sbuf);
-	sebsd_free(ab, M_SEBSD);
+	/* Always keep a free buffer around. */
+	if (spare_buf != NULL ||
+	    atomic_cmpset_ptr((intptr_t *)&spare_buf, 0, (intptr_t)ab) == 0)
+		uma_zfree(avc_audit_zone, ab);
 }
 
 void
-audit_log(const char *fmt, ...)
-{
-	va_list ap;
-
-	va_start(ap, fmt);
-	mtx_lock(&avc_log_lock);
-	vprintf(fmt, ap);
-	printf("\n");
-	mtx_unlock(&avc_log_lock);
-	va_end(ap);
-}
-
-void
 audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
 {
 	va_list ap;
@@ -106,5 +116,5 @@
 audit_log_untrustedstring(struct audit_buffer *ab, const char *s)
 {
 
-	sbuf_cat(&ab->sbuf, s);
+	sbuf_cat(&ab->sbuf, s);	/* XXX - wants vis(3) support */
 }

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#5 (text+ko) ====

@@ -48,51 +48,31 @@
 
 #include <sys/types.h>
 #include <sys/endian.h>
+#include <sys/libkern.h>
 
 typedef u_int64_t u64;
 typedef u_int64_t __le64;
 typedef u_int32_t u32;
 typedef u_int32_t __le32;
+typedef u_int32_t __be32;
 typedef u_int16_t u16;
 typedef u_int16_t __le16;
 typedef u_int16_t __be16;
 typedef u_int8_t  u8;
+typedef int	  gfp_t;
 
 
-#ifndef _KERNEL
-
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define	cpu_to_le16(x)	((__uint16_t)(x))
-#define	cpu_to_le32(x)	((__uint32_t)(x))
-#define	cpu_to_le64(x)	((__uint64_t)(x))
-#define	le16_to_cpu(x)	((__uint16_t)(x))
-#define	le32_to_cpu(x)	((__uint32_t)(x))
-#define	le64_to_cpu(x)	((__uint64_t)(x))
-#else /* BYTE_ORDER != LITTLE_ENDIAN */
-#define	cpu_to_le16(x)	bswap16((x))
-#define	cpu_to_le32(x)	bswap32((x))
-#define	cpu_to_le64(x)	bswap64((x))
-#define	le16_to_cpu(x)	bswap16((x))
-#define	le32_to_cpu(x)	bswap32((x))
-#define	le64_to_cpu(x)	bswap64((x))
-#endif /* BYTE_ORDER */
-
-/* sebsd uses same ss source files for userspace */
-
-#define kcalloc(nmemb, size, flags) calloc(nmemb, size)
-#define kmalloc(size,flags) malloc(size)
-#define kzalloc(size,flags) calloc(1, size)
-#define kfree(v) free(v)
-#define __get_free_page(flags) malloc (4096) /* XXX need page size */
-#define GFP_ATOMIC  1
-#define GFP_KERNEL  2
-
-#else /* _KERNEL */
-
+#define cpu_to_le16(a) htole16(a) 
+#define cpu_to_le32(a) htole32(a) 
+#define cpu_to_le64(a) htole64(a) 
 #define le16_to_cpu(a) le16toh(a) 
 #define le32_to_cpu(a) le32toh(a) 
 #define le64_to_cpu(a) le64toh(a) 
 
+/* branch prediction macros, uses a GCC extension. */
+#define likely(exp)	__builtin_expect(!!(exp), 1)
+#define unlikely(exp)	__builtin_expect(!!(exp), 0)
+
 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 
 #define NIPQUAD(addr) \
@@ -104,13 +84,13 @@
 #define __init
 
 /* kmalloc */
-#define kcalloc(nmemb, size, flags) sebsd_malloc(nmemb * size, M_SEBSD, flags | M_ZERO)
-#define kmalloc(size,flags) malloc(size, M_SEBSD, flags)
-#define kzalloc(size,flags) malloc(size, M_SEBSD, flags | M_ZERO)
-#define kfree(v) free(v, M_SEBSD)
-#define __get_free_page(flags) malloc(4096, M_SEBSD, flags) /* XXX need page size */
 #define GFP_ATOMIC  M_NOWAIT
 #define GFP_KERNEL  M_NOWAIT
+#define kcalloc(nmemb, size, flags) malloc(nmemb * size, M_SEBSD, flags | M_ZERO)
+#define kmalloc(size,flags)	malloc(size, M_SEBSD, flags)
+#define kzalloc(size,flags)	malloc(size, M_SEBSD, flags | M_ZERO)
+#define kfree(v)		free(v, M_SEBSD)
+#define __get_free_page(flags)	malloc(4096, M_SEBSD, flags) /* XXX need page size */
 
 /* also defined in sebsd.h */
 #ifndef sebsd_malloc
@@ -124,22 +104,46 @@
 #define _M_SEBSD_DEF
 #endif
 
-/* spinlock */
+static inline char *
+kstrdup(const char *str, int mflag)
+{
+	char *newstr;
+	size_t len = strlen(str) + 1;
+
+	newstr = malloc(len, M_SEBSD, mflag);
+	if (newstr != NULL)
+		memcpy(newstr, str, len);
+	return (newstr);
+}
+
+/* FreeBSD has no spinlock, use mutex instead */
 #define spinlock_t struct mtx
 #define spin_lock_irqsave(m,flags) mtx_lock(m)
 #define spin_unlock_irqrestore(m,flags) mtx_unlock(m)
 
 /* emulate linux audit support */
+extern struct mtx avc_log_lock;
 struct audit_buffer;
-struct audit_buffer *audit_log_start(void);
-void audit_log(const char *, ...);
+struct audit_buffer *_audit_log_start(int);
 void audit_log_end(struct audit_buffer *);
 void audit_log_format(struct audit_buffer *, const char *, ...);
 void audit_log_untrustedstring(struct audit_buffer *, const char *);
+#define audit_log_start(ac, mf, af) _audit_log_start(mf)
+#define audit_log(ac, mf, af, ...) do {					\
+	mtx_lock(&avc_log_lock);					\
+	printf(__VA_ARGS__);						\
+	printf("\n");							\
+	mtx_unlock(&avc_log_lock);					\
+} while (0)
+#define sebsd_log(fmt, ...)	printf(fmt "\n", __VA_ARGS__)
+
+/* we don't enable the selinux netlbl support */
+#define selinux_netlbl_cache_invalidate()
 
 /*
  * Atomic integer operations, Linux style
  */
+typedef unsigned int		atomic_t;
 #define	atomic_inc(p)		atomic_add_acq_32(p, 1)
 #define	atomic_inc_return(p)	atomic_fetchadd_32(p, 1) 
 #define	atomic_dec(p)		atomic_subtract_acq_32(p, 1)
@@ -150,8 +154,6 @@
 /* FreeBSD has index() not strchr() in the kernel. */
 #define	strchr(s, c)			index(s, c)
 
-#endif /* _KERNEL */
-
 #define BUG() printf("BUG: %s:%d", __FILE__, __LINE__)
 #define BUG_ON(x) do { if (x) BUG(); } while(0)

More information about the p4-projects mailing list