PERFORCE change 112011 for review
Jung-uk Kim
jkim at FreeBSD.org
Thu Dec 21 03:24:15 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=112011
Change 112011 by jkim at jkim_hammer on 2006/12/20 20:51:05
IFC
Affected files ...
.. //depot/projects/linuxolator/src/sys/amd64/linux32/linux.h#11 integrate
.. //depot/projects/linuxolator/src/sys/amd64/linux32/linux32_machdep.c#16 integrate
.. //depot/projects/linuxolator/src/sys/compat/linux/linux_ipc.c#7 integrate
.. //depot/projects/linuxolator/src/sys/compat/linux/linux_time.c#3 integrate
.. //depot/projects/linuxolator/src/sys/i386/linux/linux.h#9 integrate
.. //depot/projects/linuxolator/src/sys/i386/linux/linux_proto.h#15 integrate
.. //depot/projects/linuxolator/src/sys/i386/linux/linux_syscall.h#14 integrate
.. //depot/projects/linuxolator/src/sys/i386/linux/linux_sysent.c#14 integrate
.. //depot/projects/linuxolator/src/sys/i386/linux/syscalls.master#13 integrate
.. //depot/projects/linuxolator/src/sys/kern/kern_mac.c#4 integrate
.. //depot/projects/linuxolator/src/sys/security/mac/mac_framework.h#6 integrate
.. //depot/projects/linuxolator/src/sys/security/mac/mac_net.c#5 integrate
.. //depot/projects/linuxolator/src/sys/sun4v/include/pcpu.h#6 integrate
Differences ...
==== //depot/projects/linuxolator/src/sys/amd64/linux32/linux.h#11 (text+ko) ====
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/amd64/linux32/linux.h,v 1.9 2006/11/07 18:53:49 jhb Exp $
+ * $FreeBSD: src/sys/amd64/linux32/linux.h,v 1.10 2006/12/20 20:17:34 jkim Exp $
*/
#ifndef _AMD64_LINUX_LINUX_H_
==== //depot/projects/linuxolator/src/sys/amd64/linux32/linux32_machdep.c#16 (text+ko) ====
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.22 2006/10/15 13:39:39 netchild Exp $");
+__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.23 2006/12/20 20:17:34 jkim Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
==== //depot/projects/linuxolator/src/sys/compat/linux/linux_ipc.c#7 (text+ko) ====
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/compat/linux/linux_ipc.c,v 1.52 2006/12/20 19:30:52 jkim Exp $");
+__FBSDID("$FreeBSD: src/sys/compat/linux/linux_ipc.c,v 1.53 2006/12/20 20:08:45 jkim Exp $");
#include <sys/param.h>
#include <sys/systm.h>
==== //depot/projects/linuxolator/src/sys/compat/linux/linux_time.c#3 (text+ko) ====
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/compat/linux/linux_time.c,v 1.1 2006/08/15 12:20:59 netchild Exp $");
+__FBSDID("$FreeBSD: src/sys/compat/linux/linux_time.c,v 1.2 2006/12/20 20:17:34 jkim Exp $");
#if 0
__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.14 2006/05/14 03:40:54 christos Exp $");
#endif
==== //depot/projects/linuxolator/src/sys/i386/linux/linux.h#9 (text+ko) ====
@@ -25,7 +25,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/i386/linux/linux.h,v 1.70 2006/10/15 14:22:13 netchild Exp $
+ * $FreeBSD: src/sys/i386/linux/linux.h,v 1.72 2006/12/20 20:17:35 jkim Exp $
*/
#ifndef _I386_LINUX_LINUX_H_
==== //depot/projects/linuxolator/src/sys/i386/linux/linux_proto.h#15 (text+ko) ====
@@ -2,8 +2,8 @@
* System call prototypes.
*
* DO NOT EDIT-- this file is automatically generated.
- * $FreeBSD$
- * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp
+ * $FreeBSD: src/sys/i386/linux/linux_proto.h,v 1.89 2006/12/20 20:42:58 jkim Exp $
+ * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp
*/
#ifndef _LINUX_SYSPROTO_H_
==== //depot/projects/linuxolator/src/sys/i386/linux/linux_syscall.h#14 (text+ko) ====
@@ -2,8 +2,8 @@
* System call numbers.
*
* DO NOT EDIT-- this file is automatically generated.
- * $FreeBSD$
- * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp
+ * $FreeBSD: src/sys/i386/linux/linux_syscall.h,v 1.82 2006/12/20 20:42:58 jkim Exp $
+ * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp
*/
#define LINUX_SYS_exit 1
==== //depot/projects/linuxolator/src/sys/i386/linux/linux_sysent.c#14 (text+ko) ====
@@ -2,8 +2,8 @@
* System call switch table.
*
* DO NOT EDIT-- this file is automatically generated.
- * $FreeBSD$
- * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp
+ * $FreeBSD: src/sys/i386/linux/linux_sysent.c,v 1.89 2006/12/20 20:42:58 jkim Exp $
+ * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp
*/
#include <bsm/audit_kevents.h>
==== //depot/projects/linuxolator/src/sys/i386/linux/syscalls.master#13 (text+ko) ====
@@ -1,4 +1,4 @@
- $FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp $
+ $FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp $
; @(#)syscalls.master 8.1 (Berkeley) 7/19/93
; System call name/number master file (or rather, slave, from LINUX).
==== //depot/projects/linuxolator/src/sys/kern/kern_mac.c#4 (text+ko) ====
@@ -47,7 +47,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.123 2006/10/22 11:52:13 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.124 2006/12/20 20:38:44 rwatson Exp $");
#include "opt_mac.h"
@@ -106,6 +106,16 @@
SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
"TrustedBSD MAC policy controls");
+/*
+ * Labels consist of a indexed set of "slots", which are allocated policies
+ * as required. The MAC Framework maintains a bitmask of slots allocated so
+ * far to prevent reuse. Slots cannot be reused, as the MAC Framework
+ * guarantees that newly allocated slots in labels will be NULL unless
+ * otherwise initialized, and because we do not have a mechanism to garbage
+ * collect slots on policy unload. As labeled policies tend to be statically
+ * loaded during boot, and not frequently unloaded and reloaded, this is not
+ * generally an issue.
+ */
#if MAC_MAX_SLOTS > 32
#error "MAC_MAX_SLOTS too large"
#endif
@@ -123,15 +133,18 @@
int mac_late = 0;
/*
- * Flag to indicate whether or not we should allocate label storage for
- * new mbufs. Since most dynamic policies we currently work with don't
- * rely on mbuf labeling, try to avoid paying the cost of mtag allocation
- * unless specifically notified of interest. One result of this is
- * that if a dynamically loaded policy requests mbuf labels, it must
- * be able to deal with a NULL label being returned on any mbufs that
- * were already in flight when the policy was loaded. Since the policy
- * already has to deal with uninitialized labels, this probably won't
- * be a problem. Note: currently no locking. Will this be a problem?
+ * Flag to indicate whether or not we should allocate label storage for new
+ * mbufs. Since most dynamic policies we currently work with don't rely on
+ * mbuf labeling, try to avoid paying the cost of mtag allocation unless
+ * specifically notified of interest. One result of this is that if a
+ * dynamically loaded policy requests mbuf labels, it must be able to deal
+ * with a NULL label being returned on any mbufs that were already in flight
+ * when the policy was loaded. Since the policy already has to deal with
+ * uninitialized labels, this probably won't be a problem. Note: currently
+ * no locking. Will this be a problem?
+ *
+ * In the future, we may want to allow objects to request labeling on a per-
+ * object type basis, rather than globally for all objects.
*/
#ifndef MAC_ALWAYS_LABEL_MBUF
int mac_labelmbufs = 0;
@@ -143,22 +156,31 @@
MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC temporary label storage");
/*
- * mac_static_policy_list holds a list of policy modules that are not
- * loaded while the system is "live", and cannot be unloaded. These
- * policies can be invoked without holding the busy count.
+ * mac_static_policy_list holds a list of policy modules that are not loaded
+ * while the system is "live", and cannot be unloaded. These policies can be
+ * invoked without holding the busy count.
*
* mac_policy_list stores the list of dynamic policies. A busy count is
- * maintained for the list, stored in mac_policy_busy. The busy count
- * is protected by mac_policy_mtx; the list may be modified only
- * while the busy count is 0, requiring that the lock be held to
- * prevent new references to the list from being acquired. For almost
- * all operations, incrementing the busy count is sufficient to
- * guarantee consistency, as the list cannot be modified while the
- * busy count is elevated. For a few special operations involving a
- * change to the list of active policies, the mtx itself must be held.
- * A condition variable, mac_policy_cv, is used to signal potential
- * exclusive consumers that they should try to acquire the lock if a
- * first attempt at exclusive access fails.
+ * maintained for the list, stored in mac_policy_busy. The busy count is
+ * protected by mac_policy_mtx; the list may be modified only while the busy
+ * count is 0, requiring that the lock be held to prevent new references to
+ * the list from being acquired. For almost all operations, incrementing the
+ * busy count is sufficient to guarantee consistency, as the list cannot be
+ * modified while the busy count is elevated. For a few special operations
+ * involving a change to the list of active policies, the mtx itself must be
+ * held. A condition variable, mac_policy_cv, is used to signal potential
+ * exclusive consumers that they should try to acquire the lock if a first
+ * attempt at exclusive access fails.
+ *
+ * This design intentionally avoids fairness, and may starve attempts to
+ * acquire an exclusive lock on a busy system. This is required because we
+ * do not ever want acquiring a read reference to perform an unbounded length
+ * sleep. Read references are acquired in ithreads, network isrs, etc, and
+ * any unbounded blocking could lead quickly to deadlock.
+ *
+ * Another reason for never blocking on read references is that the MAC
+ * Framework may recurse: if a policy calls a VOP, for example, this might
+ * lead to vnode life cycle operations (such as init/destroy).
*/
#ifndef MAC_STATIC
static struct mtx mac_policy_mtx;
@@ -169,13 +191,12 @@
struct mac_policy_list_head mac_static_policy_list;
/*
- * We manually invoke WITNESS_WARN() to allow Witness to generate
- * warnings even if we don't end up ever triggering the wait at
- * run-time. The consumer of the exclusive interface must not hold
- * any locks (other than potentially Giant) since we may sleep for
- * long (potentially indefinite) periods of time waiting for the
- * framework to become quiescent so that a policy list change may
- * be made.
+ * We manually invoke WITNESS_WARN() to allow Witness to generate warnings
+ * even if we don't end up ever triggering the wait at run-time. The
+ * consumer of the exclusive interface must not hold any locks (other than
+ * potentially Giant) since we may sleep for long (potentially indefinite)
+ * periods of time waiting for the framework to become quiescent so that a
+ * policy list change may be made.
*/
void
mac_policy_grab_exclusive(void)
@@ -296,9 +317,9 @@
}
/*
- * For the purposes of modules that want to know if they were loaded
- * "early", set the mac_late flag once we've processed modules either
- * linked into the kernel, or loaded before the kernel startup.
+ * For the purposes of modules that want to know if they were loaded "early",
+ * set the mac_late flag once we've processed modules either linked into the
+ * kernel, or loaded before the kernel startup.
*/
static void
mac_late_init(void)
@@ -310,8 +331,8 @@
/*
* After the policy list has changed, walk the list to update any global
* flags. Currently, we support only one flag, and it's conditionally
- * defined; as a result, the entire function is conditional. Eventually,
- * the #else case might also iterate across the policies.
+ * defined; as a result, the entire function is conditional. Eventually, the
+ * #else case might also iterate across the policies.
*/
static void
mac_policy_updateflags(void)
@@ -390,16 +411,16 @@
error = 0;
/*
- * We don't technically need exclusive access while !mac_late,
- * but hold it for assertion consistency.
+ * We don't technically need exclusive access while !mac_late, but
+ * hold it for assertion consistency.
*/
mac_policy_grab_exclusive();
/*
- * If the module can potentially be unloaded, or we're loading
- * late, we have to stick it in the non-static list and pay
- * an extra performance overhead. Otherwise, we can pay a
- * light locking cost and stick it in the static list.
+ * If the module can potentially be unloaded, or we're loading late,
+ * we have to stick it in the non-static list and pay an extra
+ * performance overhead. Otherwise, we can pay a light locking cost
+ * and stick it in the static list.
*/
static_entry = (!mac_late &&
!(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK));
@@ -432,18 +453,23 @@
mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
/*
- * If we're loading a MAC module after the framework has
- * initialized, it has to go into the dynamic list. If
- * we're loading it before we've finished initializing,
- * it can go into the static list with weaker locker
- * requirements.
+ * If we're loading a MAC module after the framework has initialized,
+ * it has to go into the dynamic list. If we're loading it before
+ * we've finished initializing, it can go into the static list with
+ * weaker locker requirements.
*/
if (static_entry)
LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list);
else
LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
- /* Per-policy initialization. */
+ /*
+ * Per-policy initialization. Currently, this takes place under the
+ * exclusive lock, so policies must not sleep in their init method.
+ * In the future, we may want to separate "init" from "start", with
+ * "init" occuring without the lock held. Likewise, on tear-down,
+ * breaking out "stop" from "destroy".
+ */
if (mpc->mpc_ops->mpo_init != NULL)
(*(mpc->mpc_ops->mpo_init))(mpc);
mac_policy_updateflags();
@@ -461,9 +487,8 @@
{
/*
- * If we fail the load, we may get a request to unload. Check
- * to see if we did the run-time registration, and if not,
- * silently succeed.
+ * If we fail the load, we may get a request to unload. Check to see
+ * if we did the run-time registration, and if not, silently succeed.
*/
mac_policy_grab_exclusive();
if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
@@ -480,8 +505,8 @@
}
#endif
/*
- * Only allow the unload to proceed if the module is unloadable
- * by its own definition.
+ * Only allow the unload to proceed if the module is unloadable by
+ * its own definition.
*/
if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
mac_policy_release_exclusive();
@@ -710,8 +735,8 @@
p->p_ucred = newcred;
/*
- * Grab additional reference for use while revoking mmaps, prior
- * to releasing the proc lock and sharing the cred.
+ * Grab additional reference for use while revoking mmaps, prior to
+ * releasing the proc lock and sharing the cred.
*/
crhold(newcred);
PROC_UNLOCK(p);
==== //depot/projects/linuxolator/src/sys/security/mac/mac_framework.h#6 (text+ko) ====
@@ -35,7 +35,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.76 2006/12/13 06:00:56 csjp Exp $
+ * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.77 2006/12/20 20:43:19 rwatson Exp $
*/
/*
@@ -89,7 +89,6 @@
/*
* Kernel functions to manage and evaluate labels.
*/
-
void mac_init_bpfdesc(struct bpf_d *);
void mac_init_cred(struct ucred *);
void mac_init_devfsdirent(struct devfs_dirent *);
@@ -135,8 +134,8 @@
void mac_vnode_label_free(struct label *label);
/*
- * Labeling event operations: file system objects, and things that
- * look a lot like file system objects.
+ * Labeling event operations: file system objects, and things that look a lot
+ * like file system objects.
*/
void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp);
@@ -186,7 +185,6 @@
*/
void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr);
-
/*
* Labeling event operations: network objects.
*/
@@ -208,12 +206,12 @@
void mac_reflect_mbuf_tcp(struct mbuf *m);
void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
-
void mac_create_mbuf_from_firewall(struct mbuf *m);
void mac_destroy_syncache(struct label **label);
int mac_init_syncache(struct label **label);
void mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp);
void mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m);
+
/*
* Labeling event operations: processes.
*/
@@ -230,20 +228,24 @@
void mac_thread_userret(struct thread *td);
/*
- * Label cleanup operation: This is the inverse complement for the
- * mac_create and associate type of hooks. This hook lets the policy
- * module(s) perform a cleanup/flushing operation on the label
- * associated with the objects, without freeing up the space allocated.
- * This hook is useful in cases where it is desirable to remove any
- * labeling reference when recycling any object to a pool. This hook
- * does not replace the mac_destroy hooks.
+ * Label cleanup operation: This is the inverse complement for the mac_create
+ * and associate type of hooks. This hook lets the policy module(s) perform a
+ * cleanup/flushing operation on the label associated with the objects,
+ * without freeing up the space allocated. This hook is useful in cases
+ * where it is desirable to remove any labeling reference when recycling any
+ * object to a pool. This hook does not replace the mac_destroy hooks.
+ *
+ * XXXRW: These object methods are inconsistent with the life cycles of other
+ * objects, and likely should be revised to be more consistent.
*/
void mac_cleanup_sysv_msgmsg(struct msg *msgptr);
void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr);
void mac_cleanup_sysv_sem(struct semid_kernel *semakptr);
void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr);
-/* Access control checks. */
+/*
+ * Access control checks.
+ */
int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
int mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
@@ -415,8 +417,8 @@
int mac_priv_grant(struct ucred *cred, int priv);
/*
- * Calls to help various file systems implement labeling functionality
- * using their existing EA implementation.
+ * Calls to help various file systems implement labeling functionality using
+ * their existing EA implementation.
*/
int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
==== //depot/projects/linuxolator/src/sys/security/mac/mac_net.c#5 (text+ko) ====
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/security/mac/mac_net.c,v 1.120 2006/11/06 13:42:07 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/security/mac/mac_net.c,v 1.121 2006/12/20 20:40:29 rwatson Exp $");
#include "opt_mac.h"
@@ -426,8 +426,8 @@
MAC_IFNET_LOCK(ifnet);
mac_copy_ifnet_label(ifnet->if_label, intlabel);
MAC_IFNET_UNLOCK(ifnet);
- error = mac_externalize_ifnet_label(ifnet->if_label, elements,
- buffer, mac.m_buflen);
+ error = mac_externalize_ifnet_label(intlabel, elements, buffer,
+ mac.m_buflen);
mac_ifnet_label_free(intlabel);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
==== //depot/projects/linuxolator/src/sys/sun4v/include/pcpu.h#6 (text+ko) ====
@@ -24,7 +24,7 @@
* SUCH DAMAGE.
*
* from: FreeBSD: src/sys/i386/include/globaldata.h,v 1.27 2001/04/27
- * $FreeBSD: src/sys/sun4v/include/pcpu.h,v 1.5 2006/12/17 02:04:18 kmacy Exp $
+ * $FreeBSD: src/sys/sun4v/include/pcpu.h,v 1.6 2006/12/20 20:18:07 kmacy Exp $
*/
#ifndef _MACHINE_PCPU_H_
@@ -74,7 +74,7 @@
u_int pc_kwbuf_full; \
struct rwindow pc_tsbwbuf[2]; \
uint16_t pc_cpulist[MAXCPU]; \
- uint64_t pad[11];
+ uint64_t pad[10];
/* XXX SUN4V_FIXME - as we access the *_ra and *_size fields in quick
* succession we _really_ want them to be L1 cache line size aligned
More information about the p4-projects
mailing list