PERFORCE change 15977 for review

Robert Watson rwatson at freebsd.org
Wed Aug 14 20:49:41 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15977

Change 15977 by rwatson at rwatson_tislabs on 2002/08/14 13:48:59

	Wrap the maintenance of nmac* object counters in options
	MAC_DEBUG, so that for performance purposes you can avoid the cost
	of two atomic operations per object instance (init, destroy).
	Default to MAC_DEBUG on in the shipped MAC kernel configuration.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/conf/NOTES#13 edit
.. //depot/projects/trustedbsd/mac/sys/conf/options#23 edit
.. //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#35 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#238 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/conf/NOTES#13 (text+ko) ====

@@ -729,6 +729,7 @@
 
 # Support for Mandatory Access Control (MAC)
 options 	MAC
+options 	MAC_DEBUG
 #options 	MAC_NONE		# Statically link mac_none policy
 
 

==== //depot/projects/trustedbsd/mac/sys/conf/options#23 (text+ko) ====

@@ -125,6 +125,7 @@
 
 # Support for Mandatory Access Control (MAC)
 MAC		opt_mac.h
+MAC_DEBUG	opt_mac.h
 MAC_NONE	opt_dontuse.h
 
 # Do we want the config file compiled into the kernel?

==== //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#35 (text+ko) ====

@@ -31,6 +31,7 @@
 makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
 
 options 	MAC
+options 	MAC_DEBUG
 options 	UFS_ACL
 options 	UFS_EXTATTR
 options 	UFS_EXTATTR_AUTOSTART

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#238 (text+ko) ====

@@ -166,6 +166,7 @@
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
 
+#ifdef MAC_DEBUG
 static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
     nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
     nmacipqs, nmacpipes;
@@ -191,6 +192,7 @@
     &nmacvnodes, 0, "number of vnodes in use");
 SYSCTL_UINT(_security_mac_debug, OID_AUTO, devfsdirents, CTLFLAG_RD,
     &nmacdevfsdirents, 0, "number of devfs dirents inuse");
+#endif
 
 static int	error_select(int error1, int error2);
 static int	mac_externalize(struct label *label, struct mac *mac);
@@ -1263,7 +1265,9 @@
 	/* "how" is one of M_(TRY|DONT)WAIT */
 	mac_init_label(&m->m_pkthdr.label);
 	MAC_PERFORM(init_mbuf, m, how, &m->m_pkthdr.label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacmbufs, 1);
+#endif
 	return (0);
 }
 
@@ -1273,7 +1277,9 @@
 
 	MAC_PERFORM(destroy_mbuf, m, &m->m_pkthdr.label);
 	mac_destroy_label(&m->m_pkthdr.label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacmbufs, 1);
+#endif
 }
 
 void
@@ -1282,7 +1288,9 @@
 
 	mac_init_label(&cr->cr_label);
 	MAC_PERFORM(init_cred, cr, &cr->cr_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmaccreds, 1);
+#endif
 }
 
 void
@@ -1291,7 +1299,9 @@
 
 	MAC_PERFORM(destroy_cred, cr, &cr->cr_label);
 	mac_destroy_label(&cr->cr_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmaccreds, 1);
+#endif
 }
 
 void
@@ -1300,7 +1310,9 @@
 
 	mac_init_label(&ifp->if_label);
 	MAC_PERFORM(init_ifnet, ifp, &ifp->if_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacifnets, 1);
+#endif
 }
 
 void
@@ -1309,7 +1321,9 @@
 
 	MAC_PERFORM(destroy_ifnet, ifp, &ifp->if_label);
 	mac_destroy_label(&ifp->if_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacifnets, 1);
+#endif
 }
 
 void
@@ -1318,7 +1332,9 @@
 
 	mac_init_label(&ipq->ipq_label);
 	MAC_PERFORM(init_ipq, ipq, &ipq->ipq_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacipqs, 1);
+#endif
 }
 
 void
@@ -1327,7 +1343,9 @@
 
 	MAC_PERFORM(destroy_ipq, ipq, &ipq->ipq_label);
 	mac_destroy_label(&ipq->ipq_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacipqs, 1);
+#endif
 }
 
 void
@@ -1338,7 +1356,9 @@
 	mac_init_label(&socket->so_peerlabel);
 	MAC_PERFORM(init_socket, socket, &socket->so_label,
 	    &socket->so_peerlabel);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacsockets, 1);
+#endif
 }
 
 void
@@ -1349,7 +1369,9 @@
 	    &socket->so_peerlabel);
 	mac_destroy_label(&socket->so_label);
 	mac_destroy_label(&socket->so_peerlabel);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacsockets, 1);
+#endif
 }
 
 void
@@ -1362,7 +1384,9 @@
 	pipe->pipe_label = label;
 	pipe->pipe_peer->pipe_label = label;
 	MAC_PERFORM(init_pipe, pipe, pipe->pipe_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacpipes, 1);
+#endif
 }
 
 void
@@ -1372,7 +1396,9 @@
 	MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label);
 	mac_destroy_label(pipe->pipe_label);
 	free(pipe->pipe_label, M_MACPIPELABEL);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacpipes, 1);
+#endif
 }
 
 void
@@ -1381,7 +1407,9 @@
 
 	mac_init_label(&bpf_d->bd_label);
 	MAC_PERFORM(init_bpfdesc, bpf_d, &bpf_d->bd_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacbpfdescs, 1);
+#endif
 }
 
 void
@@ -1390,7 +1418,9 @@
 
 	MAC_PERFORM(destroy_bpfdesc, bpf_d, &bpf_d->bd_label);
 	mac_destroy_label(&bpf_d->bd_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacbpfdescs, 1);
+#endif
 }
 
 void
@@ -1400,7 +1430,9 @@
 	mac_init_label(&mp->mnt_mntlabel);
 	mac_init_label(&mp->mnt_fslabel);
 	MAC_PERFORM(init_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacmounts, 1);
+#endif
 }
 
 void
@@ -1410,7 +1442,9 @@
 	MAC_PERFORM(destroy_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel);
 	mac_destroy_label(&mp->mnt_fslabel);
 	mac_destroy_label(&mp->mnt_mntlabel);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacmounts, 1);
+#endif
 }
 
 static void
@@ -1419,7 +1453,9 @@
 
 	mac_init_label(label);
 	MAC_PERFORM(init_temp, label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmactemp, 1);
+#endif
 }
 
 static void
@@ -1428,7 +1464,9 @@
 
 	MAC_PERFORM(destroy_temp, label);
 	mac_destroy_label(label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmactemp, 1);
+#endif
 }
 
 void
@@ -1437,7 +1475,9 @@
 
 	mac_init_label(&vp->v_label);
 	MAC_PERFORM(init_vnode, vp, &vp->v_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacvnodes, 1);
+#endif
 }
 
 void
@@ -1446,7 +1486,9 @@
 
 	MAC_PERFORM(destroy_vnode, vp, &vp->v_label);
 	mac_destroy_label(&vp->v_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacvnodes, 1);
+#endif
 }
 
 void
@@ -1455,7 +1497,9 @@
 
 	mac_init_label(&de->de_label);
 	MAC_PERFORM(init_devfsdirent, de, &de->de_label);
+#ifdef MAC_DEBUG
 	atomic_add_int(&nmacdevfsdirents, 1);
+#endif
 }
 
 void
@@ -1464,7 +1508,9 @@
 
 	MAC_PERFORM(destroy_devfsdirent, de, &de->de_label);
 	mac_destroy_label(&de->de_label);
+#ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacdevfsdirents, 1);
+#endif
 }
 
 static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list