PERFORCE change 134985 for review
Robert Watson
rwatson at FreeBSD.org
Thu Feb 7 06:14:06 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134985
Change 134985 by rwatson at rwatson_freebsd_capabilities on 2008/02/07 14:13:06
Use a pool mutex for each non-capability file rather than a
global mutex.
Maintain a count of capabilities associated with each
non-capability file that can be used to avoid walking the
list of capabilities on the file.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 (text+ko) ====
@@ -1393,6 +1393,7 @@
fp->f_data = NULL;
fp->f_vnode = NULL;
LIST_INIT(&fp->f_caps);
+ fp->f_capcount = 0;
FILEDESC_XLOCK(p->p_fd);
if ((error = fdalloc(td, 0, &i))) {
FILEDESC_XUNLOCK(p->p_fd);
@@ -2219,6 +2220,8 @@
crfree(fp->f_cred);
if (!LIST_EMPTY(&fp->f_caps))
panic("_fdrop: f_caps not empty");
+ if (fp->f_capcount != 0)
+ panic("_fdrop: f_capcount != 0");
uma_zfree(file_zone, fp);
return (error);
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 (text+ko) ====
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#14 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 $");
#include <sys/param.h>
#include <sys/capability.h>
@@ -62,8 +62,8 @@
* file f_data field. cap_file and cap_rightss are static once hooked up, as
* neither the object it references nor the rights it encapsulates are
* permitted to change. cap_filelist may change when other capabilites are
- * added or removed from the same file, and is currently protected by
- * cap_file_mtx.
+ * added or removed from the same file, and is currently protected by the
+ * pool mutex for the object file descriptor.
*/
struct capability {
struct file *cap_object; /* Underlying object's file. */
@@ -100,14 +100,6 @@
static uma_zone_t capability_zone;
-/*
- * XXXRW: Each file descriptor contains a list of capabilities pointing at it
- * so that we the UNIX domain socket GC routine can calculate whether there
- * are external references. Ideally we'd use a per-file lock, but right now
- * we don't have one, so use a global mutex for now.
- */
-static struct mtx cap_file_mtx;
-
static void
capability_init(void *dummy __unused)
{
@@ -117,7 +109,6 @@
0);
if (capability_zone == NULL)
panic("capability_init: capability_zone not initialized");
- mtx_init(&cap_file_mtx, "cap_file_mtx", NULL, MTX_DEF);
}
SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_ANY, capability_init, NULL);
@@ -261,9 +252,10 @@
* Add this capability to the per-file list of referencing
* capabilities.
*/
- mtx_lock(&cap_file_mtx);
+ mtx_pool_lock(mtxpool_sleep, fp_object);
LIST_INSERT_HEAD(&fp_object->f_caps, c, cap_filelist);
- mtx_unlock(&cap_file_mtx);
+ fp_object->f_capcount++;
+ mtx_pool_unlock(mtxpool_sleep, fp_object);
td->td_retval[0] = fd_cap;
fdrop(fp, td);
fdrop(fp_cap, td);
@@ -313,9 +305,10 @@
fp->f_ops = &badfileops;
fp->f_data = NULL;
fp_object = c->cap_object;
- mtx_lock(&cap_file_mtx);
+ mtx_pool_lock(mtxpool_sleep, fp_object);
LIST_REMOVE(c, cap_filelist);
- mtx_unlock(&cap_file_mtx);
+ fp_object->f_capcount--;
+ mtx_pool_unlock(mtxpool_sleep, fp_object);
uma_zfree(capability_zone, c);
return (fdrop(fp_object, td));
}
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 (text+ko) ====
@@ -130,7 +130,8 @@
* Mandatory Access control information.
*/
void *f_label; /* Place-holder for MAC label. */
- LIST_HEAD(, capability) f_caps; /* List of capabilities for file. */
+ LIST_HEAD(, capability) f_caps; /* (f) List of capabilities for file. */
+ u_int f_capcount; /* (f) Number of capabilities. */
};
#define FOFFSET_LOCKED 0x1
More information about the p4-projects
mailing list