PERFORCE change 41867 for review

Robert Watson rwatson at FreeBSD.org
Mon Nov 10 05:02:51 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=41867

Change 41867 by rwatson at rwatson_paprika on 2003/11/09 21:02:17

	Change f_label in struct file from a struct label to a struct
	label *: allocate file entry labels using the label UMA
	zone instead of storage in the parent structure.  This
	greatly reduces the memory overhead of a struct file in the
	non-MAC case, and permits us to change the size and shape
	of struct mac without changing the binary storage of struct
	file.  No changes to policies or MAC Framework entry points
	required.  With this size reduction, it should now be
	feasible to merge struct file labeling into the main FreeBSD
	tree.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 (text+ko) ====

@@ -65,22 +65,39 @@
     &nmacfiles, 0, "number of files in use");
 #endif
 
+static struct label *
+mac_file_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_file_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacfiles);
+	return (label);
+}
+
 void
 mac_init_file(struct file *fp)
 {
 
-	mac_init_label(&fp->f_label);
-	MAC_PERFORM(init_file_label, &fp->f_label);
-	MAC_DEBUG_COUNTER_INC(&nmacfiles);
+	fp->f_label = mac_file_label_alloc();
+}
+
+static void
+mac_file_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_file_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacfiles);
 }
 
 void
 mac_destroy_file(struct file *fp)
 {
 
-	MAC_PERFORM(destroy_file_label, &fp->f_label);
-	mac_destroy_label(&fp->f_label);
-	MAC_DEBUG_COUNTER_DEC(&nmacfiles);
+	mac_file_label_free(fp->f_label);
+	fp->f_label = NULL;
 }
 
 int
@@ -101,7 +118,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_dup, cred, fp, &fp->f_label, newfd);
+	MAC_CHECK(check_file_dup, cred, fp, fp->f_label, newfd);
 	return (error);
 }
 
@@ -112,7 +129,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_ioctl, cred, fp, &fp->f_label, com);
+	MAC_CHECK(check_file_ioctl, cred, fp, fp->f_label, com);
 	return (error);
 }
 
@@ -123,7 +140,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_inherit, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_inherit, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -134,7 +151,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_receive, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_receive, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -145,7 +162,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_flags, cred, fp, &fp->f_label, flags);
+	MAC_CHECK(check_file_get_flags, cred, fp, fp->f_label, flags);
 	return (error);
 }
 
@@ -156,7 +173,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_ofileflags, cred, fp, &fp->f_label, flags);
+	MAC_CHECK(check_file_get_ofileflags, cred, fp, fp->f_label, flags);
 	return (error);
 }
 
@@ -168,7 +185,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_flags, cred, fp, &fp->f_label, oldflags,
+	MAC_CHECK(check_file_change_flags, cred, fp, fp->f_label, oldflags,
 	    newflags);
 	return (error);
 }
@@ -181,7 +198,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_ofileflags, cred, fp, &fp->f_label,
+	MAC_CHECK(check_file_change_ofileflags, cred, fp, fp->f_label,
 	    oldflags, newflags);
 	return (error);
 }
@@ -193,7 +210,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_offset, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_get_offset, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -204,7 +221,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_offset, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_change_offset, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -212,5 +229,5 @@
 mac_create_file(struct ucred *cred, struct file *fp)
 {
 
-	MAC_PERFORM(create_file, cred, fp, &fp->f_label);
+	MAC_PERFORM(create_file, cred, fp, fp->f_label);
 }

==== //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 (text+ko) ====

@@ -45,7 +45,6 @@
 #include <sys/queue.h>
 #include <sys/_lock.h>
 #include <sys/_mutex.h>
-#include <sys/_label.h>
 
 struct stat;
 struct thread;
@@ -136,7 +135,7 @@
 	off_t	f_nextoff;	/*
 				 * offset of next expected read or write
 				 */
-	struct label	f_label;	/* MAC label */
+	struct label	*f_label;	/* MAC label */
 };
 
 #endif /* _KERNEL */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list