PERFORCE change 134985 for review

Thu Feb 7 06:14:06 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=134985

Change 134985 by rwatson at rwatson_freebsd_capabilities on 2008/02/07 14:13:06

	Use a pool mutex for each non-capability file rather than a
	global mutex.
	
	Maintain a count of capabilities associated with each
	non-capability file that can be used to avoid walking the
	list of capabilities on the file.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 (text+ko) ====

@@ -1393,6 +1393,7 @@
 	fp->f_data = NULL;
 	fp->f_vnode = NULL;
 	LIST_INIT(&fp->f_caps);
+	fp->f_capcount = 0;
 	FILEDESC_XLOCK(p->p_fd);
 	if ((error = fdalloc(td, 0, &i))) {
 		FILEDESC_XUNLOCK(p->p_fd);
@@ -2219,6 +2220,8 @@
 	crfree(fp->f_cred);
 	if (!LIST_EMPTY(&fp->f_caps))
 		panic("_fdrop: f_caps not empty");
+	if (fp->f_capcount != 0)
+		panic("_fdrop: f_capcount != 0");
 	uma_zfree(file_zone, fp);
 
 	return (error);

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 (text+ko) ====

@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#14 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>
@@ -62,8 +62,8 @@
  * file f_data field.  cap_file and cap_rightss are static once hooked up, as
  * neither the object it references nor the rights it encapsulates are
  * permitted to change.  cap_filelist may change when other capabilites are
- * added or removed from the same file, and is currently protected by
- * cap_file_mtx.
+ * added or removed from the same file, and is currently protected by the
+ * pool mutex for the object file descriptor.
  */
 struct capability {
 	struct file	*cap_object;	/* Underlying object's file. */
@@ -100,14 +100,6 @@
 
 static uma_zone_t capability_zone;
 
-/*
- * XXXRW: Each file descriptor contains a list of capabilities pointing at it
- * so that we the UNIX domain socket GC routine can calculate whether there
- * are external references.  Ideally we'd use a per-file lock, but right now
- * we don't have one, so use a global mutex for now.
- */
-static struct mtx cap_file_mtx;
-
 static void
 capability_init(void *dummy __unused)
 {
@@ -117,7 +109,6 @@
 	    0);
 	if (capability_zone == NULL)
 		panic("capability_init: capability_zone not initialized");
-	mtx_init(&cap_file_mtx, "cap_file_mtx", NULL, MTX_DEF);
 }
 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_ANY, capability_init, NULL);
 
@@ -261,9 +252,10 @@
 	 * Add this capability to the per-file list of referencing
 	 * capabilities.
 	 */
-	mtx_lock(&cap_file_mtx);
+	mtx_pool_lock(mtxpool_sleep, fp_object);
 	LIST_INSERT_HEAD(&fp_object->f_caps, c, cap_filelist);
-	mtx_unlock(&cap_file_mtx);
+	fp_object->f_capcount++;
+	mtx_pool_unlock(mtxpool_sleep, fp_object);
 	td->td_retval[0] = fd_cap;
 	fdrop(fp, td);
 	fdrop(fp_cap, td);
@@ -313,9 +305,10 @@
 	fp->f_ops = &badfileops;
 	fp->f_data = NULL;
 	fp_object = c->cap_object;
-	mtx_lock(&cap_file_mtx);
+	mtx_pool_lock(mtxpool_sleep, fp_object);
 	LIST_REMOVE(c, cap_filelist);
-	mtx_unlock(&cap_file_mtx);
+	fp_object->f_capcount--;
+	mtx_pool_unlock(mtxpool_sleep, fp_object);
 	uma_zfree(capability_zone, c);
 	return (fdrop(fp_object, td));
 }

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 (text+ko) ====

@@ -130,7 +130,8 @@
 	 * Mandatory Access control information.
 	 */
 	void		*f_label;	/* Place-holder for MAC label. */
-	LIST_HEAD(, capability)	f_caps;	/* List of capabilities for file. */
+	LIST_HEAD(, capability)	f_caps;	/* (f) List of capabilities for file. */
+	u_int		 f_capcount;	/* (f) Number of capabilities. */
 };
 
 #define	FOFFSET_LOCKED       0x1
