PERFORCE change 231416 for review

[Robert Watson]

http://p4web.freebsd.org/@@231416?ac=10

Change 231416 by rwatson at rwatson_cinnamon on 2013/07/24 14:43:40

	Allow FFS read and write VOPs if a previous call to vn_rdwr()
	on the same vnode passed the IO_NOMACCHECK flag.  Unfortunately
	we can't specify the UIO_READ or UIO_WRITE flag arguments as
	enum constants aren't yet allowed in TESLA expressions.  Using
	vn_rdwr() is preferable to white-listing specific code paths,
	as the programmer has already let us know that the path is
	exmempt from MAC checking, so quite a bit more compact.

Affected files ...

.. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#16 edit

Differences ...

==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#16 (text+ko) ====

@@ -441,10 +441,14 @@
 	vp = ap->a_vp;
 #ifdef MAC
 #ifdef TESLA_MAC
-	TESLA_SYSCALL(incallstack(ufs_readdir) ||
+	TESLA_SYSCALL(
+	    incallstack(ufs_readdir) ||
+	    previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int),
+	    ANY(int), ANY(int), flags(IO_NOMACCHECK), ANY(ptr), ANY(ptr),
+	    ANY(ptr), ANY(ptr)))) ||
 	    previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0));
-	TESLA_PAGE_FAULT(incallstack(ufs_readdir) ||
-	    previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0));
+	TESLA_PAGE_FAULT(previously(mac_vnode_check_read(ANY(ptr), ANY(ptr),
+	    vp) == 0));
 #endif
 #endif
 
@@ -671,8 +675,11 @@
 	vp = ap->a_vp;
 #ifdef MAC
 #ifdef TESLA_MAC
-	TESLA_SYSCALL(previously(mac_vnode_check_write(ANY(ptr), ANY(ptr), vp)
-	    == 0));
+	TESLA_SYSCALL(
+	    previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int),
+	    ANY(int), ANY(int), flags(IO_NOMACCHECK), ANY(ptr), ANY(ptr),
+	    ANY(ptr), ANY(ptr)))) ||
+	    previously(mac_vnode_check_write(ANY(ptr), ANY(ptr), vp) == 0));
 	TESLA_PAGE_FAULT(previously(mac_vnode_check_write(ANY(ptr), ANY(ptr),
 	    vp) == 0));
 #endif