PERFORCE change 114584 for review
Todd Miller
millert at FreeBSD.org
Thu Feb 15 20:28:12 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=114584
Change 114584 by millert at millert_p4 on 2007/02/15 20:27:17
Make avc audit rouines use uma_zalloc() and keep a spare
buffer around for efficiency. Also add some more types to
linux-compat.h and remove the non-kernel pieces.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_audit.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#5 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_audit.c#2 (text+ko) ====
@@ -33,11 +33,13 @@
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/systm.h>
+#include <vm/uma.h>
#include <machine/stdarg.h>
#include <security/sebsd/linux-compat.h>
#include <security/sebsd/sebsd.h>
+#include <security/sebsd/avc/avc.h>
/*
* Emulate Linux audit API.
@@ -45,7 +47,7 @@
* TBD: use a freelist so we don't have to mallc/free so much.
*/
-static struct mtx avc_log_lock;
+struct mtx avc_log_lock;
MTX_SYSINIT(avc_log_lock, &avc_log_lock, "SEBSD message lock", MTX_DEF);
struct audit_buffer {
@@ -53,15 +55,34 @@
char buf[1024];
};
+static uma_zone_t avc_audit_zone; /* audit buffer zone */
+static struct audit_buffer *spare_buf; /* spare buffer */
+
+void
+avc_audit_init(void)
+{
+
+ avc_audit_zone = uma_zcreate("avc_audit", sizeof(struct audit_buffer),
+ NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
+ spare_buf = uma_zalloc(avc_audit_zone, M_WAITOK);
+}
+
struct audit_buffer *
-audit_log_start(void)
+_audit_log_start(int flag)
{
- struct audit_buffer *ab;
+ struct audit_buffer *ab = spare_buf;
- ab = sebsd_malloc(sizeof(*ab), M_SEBSD, M_NOWAIT);
+ /* Use a free buffer if available, else alloc a new one. */
+ if (ab != NULL &&
+ atomic_cmpset_ptr((intptr_t *)&spare_buf, (intptr_t)ab, 0) == 0)
+ ab = NULL;
if (ab == NULL) {
- printf("%s: unable to allocate audit buffer\n", __func__);
- return (NULL);
+ ab = uma_zalloc(avc_audit_zone, flag);
+ if (ab == NULL) {
+ printf("%s: unable to allocate audit buffer\n",
+ __func__);
+ return (NULL);
+ }
}
sbuf_new(&ab->sbuf, ab->buf, sizeof(ab->buf), SBUF_FIXEDLEN);
return (ab);
@@ -75,24 +96,13 @@
mtx_lock(&avc_log_lock);
printf("\n%s\n", sbuf_data(&ab->sbuf));
mtx_unlock(&avc_log_lock);
- sbuf_delete(&ab->sbuf);
- sebsd_free(ab, M_SEBSD);
+ /* Always keep a free buffer around. */
+ if (spare_buf != NULL ||
+ atomic_cmpset_ptr((intptr_t *)&spare_buf, 0, (intptr_t)ab) == 0)
+ uma_zfree(avc_audit_zone, ab);
}
void
-audit_log(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- mtx_lock(&avc_log_lock);
- vprintf(fmt, ap);
- printf("\n");
- mtx_unlock(&avc_log_lock);
- va_end(ap);
-}
-
-void
audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{
va_list ap;
@@ -106,5 +116,5 @@
audit_log_untrustedstring(struct audit_buffer *ab, const char *s)
{
- sbuf_cat(&ab->sbuf, s);
+ sbuf_cat(&ab->sbuf, s); /* XXX - wants vis(3) support */
}
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#5 (text+ko) ====
@@ -48,51 +48,31 @@
#include <sys/types.h>
#include <sys/endian.h>
+#include <sys/libkern.h>
typedef u_int64_t u64;
typedef u_int64_t __le64;
typedef u_int32_t u32;
typedef u_int32_t __le32;
+typedef u_int32_t __be32;
typedef u_int16_t u16;
typedef u_int16_t __le16;
typedef u_int16_t __be16;
typedef u_int8_t u8;
+typedef int gfp_t;
-#ifndef _KERNEL
-
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define cpu_to_le16(x) ((__uint16_t)(x))
-#define cpu_to_le32(x) ((__uint32_t)(x))
-#define cpu_to_le64(x) ((__uint64_t)(x))
-#define le16_to_cpu(x) ((__uint16_t)(x))
-#define le32_to_cpu(x) ((__uint32_t)(x))
-#define le64_to_cpu(x) ((__uint64_t)(x))
-#else /* BYTE_ORDER != LITTLE_ENDIAN */
-#define cpu_to_le16(x) bswap16((x))
-#define cpu_to_le32(x) bswap32((x))
-#define cpu_to_le64(x) bswap64((x))
-#define le16_to_cpu(x) bswap16((x))
-#define le32_to_cpu(x) bswap32((x))
-#define le64_to_cpu(x) bswap64((x))
-#endif /* BYTE_ORDER */
-
-/* sebsd uses same ss source files for userspace */
-
-#define kcalloc(nmemb, size, flags) calloc(nmemb, size)
-#define kmalloc(size,flags) malloc(size)
-#define kzalloc(size,flags) calloc(1, size)
-#define kfree(v) free(v)
-#define __get_free_page(flags) malloc (4096) /* XXX need page size */
-#define GFP_ATOMIC 1
-#define GFP_KERNEL 2
-
-#else /* _KERNEL */
-
+#define cpu_to_le16(a) htole16(a)
+#define cpu_to_le32(a) htole32(a)
+#define cpu_to_le64(a) htole64(a)
#define le16_to_cpu(a) le16toh(a)
#define le32_to_cpu(a) le32toh(a)
#define le64_to_cpu(a) le64toh(a)
+/* branch prediction macros, uses a GCC extension. */
+#define likely(exp) __builtin_expect(!!(exp), 1)
+#define unlikely(exp) __builtin_expect(!!(exp), 0)
+
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define NIPQUAD(addr) \
@@ -104,13 +84,13 @@
#define __init
/* kmalloc */
-#define kcalloc(nmemb, size, flags) sebsd_malloc(nmemb * size, M_SEBSD, flags | M_ZERO)
-#define kmalloc(size,flags) malloc(size, M_SEBSD, flags)
-#define kzalloc(size,flags) malloc(size, M_SEBSD, flags | M_ZERO)
-#define kfree(v) free(v, M_SEBSD)
-#define __get_free_page(flags) malloc(4096, M_SEBSD, flags) /* XXX need page size */
#define GFP_ATOMIC M_NOWAIT
#define GFP_KERNEL M_NOWAIT
+#define kcalloc(nmemb, size, flags) malloc(nmemb * size, M_SEBSD, flags | M_ZERO)
+#define kmalloc(size,flags) malloc(size, M_SEBSD, flags)
+#define kzalloc(size,flags) malloc(size, M_SEBSD, flags | M_ZERO)
+#define kfree(v) free(v, M_SEBSD)
+#define __get_free_page(flags) malloc(4096, M_SEBSD, flags) /* XXX need page size */
/* also defined in sebsd.h */
#ifndef sebsd_malloc
@@ -124,22 +104,46 @@
#define _M_SEBSD_DEF
#endif
-/* spinlock */
+static inline char *
+kstrdup(const char *str, int mflag)
+{
+ char *newstr;
+ size_t len = strlen(str) + 1;
+
+ newstr = malloc(len, M_SEBSD, mflag);
+ if (newstr != NULL)
+ memcpy(newstr, str, len);
+ return (newstr);
+}
+
+/* FreeBSD has no spinlock, use mutex instead */
#define spinlock_t struct mtx
#define spin_lock_irqsave(m,flags) mtx_lock(m)
#define spin_unlock_irqrestore(m,flags) mtx_unlock(m)
/* emulate linux audit support */
+extern struct mtx avc_log_lock;
struct audit_buffer;
-struct audit_buffer *audit_log_start(void);
-void audit_log(const char *, ...);
+struct audit_buffer *_audit_log_start(int);
void audit_log_end(struct audit_buffer *);
void audit_log_format(struct audit_buffer *, const char *, ...);
void audit_log_untrustedstring(struct audit_buffer *, const char *);
+#define audit_log_start(ac, mf, af) _audit_log_start(mf)
+#define audit_log(ac, mf, af, ...) do { \
+ mtx_lock(&avc_log_lock); \
+ printf(__VA_ARGS__); \
+ printf("\n"); \
+ mtx_unlock(&avc_log_lock); \
+} while (0)
+#define sebsd_log(fmt, ...) printf(fmt "\n", __VA_ARGS__)
+
+/* we don't enable the selinux netlbl support */
+#define selinux_netlbl_cache_invalidate()
/*
* Atomic integer operations, Linux style
*/
+typedef unsigned int atomic_t;
#define atomic_inc(p) atomic_add_acq_32(p, 1)
#define atomic_inc_return(p) atomic_fetchadd_32(p, 1)
#define atomic_dec(p) atomic_subtract_acq_32(p, 1)
@@ -150,8 +154,6 @@
/* FreeBSD has index() not strchr() in the kernel. */
#define strchr(s, c) index(s, c)
-#endif /* _KERNEL */
-
#define BUG() printf("BUG: %s:%d", __FILE__, __LINE__)
#define BUG_ON(x) do { if (x) BUG(); } while(0)
More information about the p4-projects
mailing list