PERFORCE change 37084 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=37084

Change 37084 by rwatson at rwatson_tislabs on 2003/08/28 10:50:03

	Define a MAC_STATIC option, which informs the MAC Framework
	that no policies may be dynamically loaded or unloaded after
	boot.  This permits all locking operations for MAC Framework
	meta-data to be eliminated, and should provide for a
	subtantial performance enhancement on with static policies,
	especially on SMP systems.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/conf/options#55 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#406 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/conf/options#55 (text+ko) ====

@@ -115,6 +115,7 @@
 MAC_PARTITION	opt_dontuse.h
 MAC_PORTACL	opt_dontuse.h
 MAC_SEEOTHERUIDS	opt_dontuse.h
+MAC_STATIC	opt_mac.h
 MAC_STUB	opt_dontuse.h
 MAC_TEST	opt_dontuse.h
 MD_ROOT		opt_md.h

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#406 (text+ko) ====

@@ -289,9 +289,11 @@
  * exclusive consumers that they should try to acquire the lock if a
  * first attempt at exclusive access fails.
  */
+#ifndef MAC_STATIC
 static struct mtx mac_policy_mtx;
 static struct cv mac_policy_cv;
 static int mac_policy_count;
+#endif
 static LIST_HEAD(, mac_policy_conf) mac_policy_list;
 static LIST_HEAD(, mac_policy_conf) mac_static_policy_list;
 
@@ -307,42 +309,54 @@
 static __inline void
 mac_policy_grab_exclusive(void)
 {
+
+#ifndef MAC_STATIC
 	WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  	    "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__);
 	mtx_lock(&mac_policy_mtx);
 	while (mac_policy_count != 0)
 		cv_wait(&mac_policy_cv, &mac_policy_mtx);
+#endif
 }
 
 static __inline void
 mac_policy_assert_exclusive(void)
 {
+
+#ifndef MAC_STATIC
 	mtx_assert(&mac_policy_mtx, MA_OWNED);
 	KASSERT(mac_policy_count == 0,
 	    ("mac_policy_assert_exclusive(): not exclusive"));
+#endif
 }
 
 static __inline void
 mac_policy_release_exclusive(void)
 {
 
+#ifndef MAC_STATIC
 	KASSERT(mac_policy_count == 0,
 	    ("mac_policy_release_exclusive(): not exclusive"));
 	mtx_unlock(&mac_policy_mtx);
 	cv_signal(&mac_policy_cv);
+#endif
 }
 
 static __inline void
 mac_policy_list_busy(void)
 {
+
+#ifndef MAC_STATIC
 	mtx_lock(&mac_policy_mtx);
 	mac_policy_count++;
 	mtx_unlock(&mac_policy_mtx);
+#endif
 }
 
 static __inline int
 mac_policy_list_conditional_busy(void)
 {
+#ifndef MAC_STATIC
 	int ret;
 
 	mtx_lock(&mac_policy_mtx);
@@ -353,17 +367,23 @@
 		ret = 0;
 	mtx_unlock(&mac_policy_mtx);
 	return (ret);
+#else
+	return (0);
+#endif
 }
 
 static __inline void
 mac_policy_list_unbusy(void)
 {
+
+#ifndef MAC_STATIC
 	mtx_lock(&mac_policy_mtx);
 	mac_policy_count--;
 	KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK"));
 	if (mac_policy_count == 0)
 		cv_signal(&mac_policy_cv);
 	mtx_unlock(&mac_policy_mtx);
+#endif
 }
 
 /*
@@ -521,8 +541,10 @@
 	LIST_INIT(&mac_static_policy_list);
 	LIST_INIT(&mac_policy_list);
 
+#ifndef MAC_STATIC
 	mtx_init(&mac_policy_mtx, "mac_policy_mtx", NULL, MTX_DEF);
 	cv_init(&mac_policy_cv, "mac_policy_cv");
+#endif
 }
 
 /*
@@ -577,6 +599,13 @@
 	error = 0;
 	mpc = (struct mac_policy_conf *) data;
 
+#ifdef MAC_STATIC
+	if (mac_late) {
+		printf("mac_policy_modevent: MAC_STATIC and late\n");
+		return (EBUSY);
+	}
+#endif
+
 	switch (type) {
 	case MOD_LOAD:
 		if (mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_NOTLATE &&
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message