Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Apr 2006 14:25:52 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 95674 for review
Message-ID:  <200604201425.k3KEPqvF051623@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=95674

Change 95674 by millert@millert_g5tower on 2006/04/20 14:24:53

	Move sebsd_{malloc,free} into sebsd_alloc.c and convert all
	calls from malloc/free to sebsd_{malloc,free}.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_alloc.c#1 add
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 (text+ko) ====

@@ -4,7 +4,7 @@
 POLICY_DESC=	"SEDarwin (SELinux compatible TE)"
 POLICY_NOMAN=	yes
 
-POLICY_SRCS=	sebsd.c sebsd_syscall.c sebsd_sysctl.c
+POLICY_SRCS=	sebsd.c sebsd_alloc.c sebsd_syscall.c sebsd_sysctl.c
 POLICY_SRCS+=	ss/avtab.c ss/ebitmap.c ss/hashtab.c ss/init.c ss/policydb.c \
 		ss/queue.c ss/services.c ss/sidtab.c ss/symtab.c ss/mach_av.c \
 		ss/conditional.c

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 (text+ko) ====

@@ -90,19 +90,19 @@
 
 #define __init
 
-extern void *sebsd_malloc(size_t size, int flags);
-extern void sebsd_free(void *);
+extern void *sebsd_malloc(size_t size, int type, int flags);
+extern void sebsd_free(void *, int);
 
 /* BSD-style malloc/free emulation */
+#ifndef M_SEBSD
 #include <sys/malloc.h>
-#define malloc(size, type, flags)	sebsd_malloc(size, flags)
-#define free(addr, type)		sebsd_free(addr)
 #define M_SEBSD				M_MACTEMP
+#endif
 
 /* Linux-style kmalloc/kfree (note kfree namespace collision) */
-#define kmalloc(size, flags)		sebsd_malloc(size, flags)
-#define kfree(addr)			sebsd_free(addr)
-#define __get_free_page(flags)		sebsd_malloc(PAGE_SIZE, flags) 
+#define kmalloc(size, flags)		sebsd_malloc(size, M_SEBSD, flags)
+#define kfree(addr)			sebsd_free(addr, M_SEBSD)
+#define __get_free_page(flags)		sebsd_malloc(PAGE_SIZE, M_SEBSD, flags) 
 #define GFP_ATOMIC  M_WAITOK		/* XXX - want M_NOWAIT but too early */
 #define GFP_KERNEL  M_WAITOK
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 (text+ko) ====

@@ -59,8 +59,16 @@
 #include <sys/vnode.h>
 #include <sys/dirent.h>
 #include <sys/fcntl.h>
+#include <sys/ucred.h>
+#include <sys/mac_policy.h>
+
+#include <miscfs/devfs/devfsdefs.h>
 
-#ifdef __APPLE__
+#include <sedarwin/linux-compat.h>
+#include <sedarwin/sebsd.h>
+#include <sedarwin/sebsd_labels.h>
+#include <sedarwin/ss/policydb.h>
+
 /*
  * The code is conditional upon the following list of defines.
  * At the moment, Darwin does not provide support for all of them:
@@ -73,51 +81,8 @@
  * HAS_STRINGS
  * HAS_ACLS
  */
-
 #define HAS_STRINGS
 
-#include <sys/ucred.h>
-#include <vm/vm_kern.h>
-#include <kern/kalloc.h>
-
-/* XXX - move sebsd_malloc/free */
-void *
-sebsd_malloc(size_t size, int flags)
-{
-	size_t *vs, nsize;
-
-	nsize = size + sizeof(size_t);
-	vs = (flags & M_NOWAIT) ?
-	    (size_t *)kalloc_noblock(nsize) : (size_t *)kalloc(nsize);
-	if (vs != NULL) {
-		*vs++ = nsize;
-		if (flags & M_ZERO)
-			bzero(vs, size);
-	}
-	return (vs);
-}
-
-void
-sebsd_free(void *v)
-{
-	size_t *vs = v;
-
-	if (vs != NULL) {
-		vs--;
-		kfree((vm_offset_t)vs, *vs);
-	}
-}
-
-#include <miscfs/devfs/devfsdefs.h>
-#endif
-
-#include <sys/mac_policy.h>
-
-#include <sedarwin/linux-compat.h>
-#include <sedarwin/sebsd.h>
-#include <sedarwin/sebsd_labels.h>
-#include <sedarwin/ss/policydb.h>
-
 int	sebsd_verbose = 0;
 
 static int slot = 1; /* TBD, dynamic */
@@ -395,7 +360,7 @@
 {
 	struct task_security_struct *new_tsec;
 
-	new_tsec = sebsd_malloc(sizeof(*new_tsec), M_ZERO | M_WAITOK);
+	new_tsec = sebsd_malloc(sizeof(*new_tsec), M_SEBSD, M_ZERO | M_WAITOK);
 	new_tsec->osid = new_tsec->sid = SECINITSID_UNLABELED;
 	SLOT(label) = new_tsec;
 }
@@ -405,7 +370,7 @@
 {
 	struct file_security_struct *new_fsec;
 
-	new_fsec = sebsd_malloc(sizeof(*new_fsec), M_ZERO | M_WAITOK);
+	new_fsec = sebsd_malloc(sizeof(*new_fsec), M_SEBSD, M_ZERO | M_WAITOK);
 	new_fsec->sid = new_fsec->sid = SECINITSID_UNLABELED;
 	SLOT(label) = new_fsec;
 }
@@ -415,7 +380,7 @@
 {
 	struct mount_security_struct *sbsec;
 
-	sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK);
+	sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK);
 	sbsec->sid = SECINITSID_UNLABELED;
 	SLOT(label) = sbsec;
 }
@@ -425,7 +390,7 @@
 {
 	struct mount_fs_security_struct *sbsec;
 
-	sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK);
+	sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK);
 	sbsec->sid = SECINITSID_UNLABELED;
 	SLOT(label) = sbsec;
 }
@@ -435,7 +400,7 @@
 {
 	struct network_security_struct *new;
 
-	new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK);
+	new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK);
 	new->sid = new->task_sid = SECINITSID_UNLABELED;
 	SLOT(label) = new;
 }
@@ -445,7 +410,7 @@
 {
 	struct network_security_struct *new;
 
-	new = sebsd_malloc(sizeof(*new), M_ZERO | flag);
+	new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | flag);
 	if (new == NULL) {
 		SLOT(label) = NULL;
 		return (ENOMEM);
@@ -462,7 +427,7 @@
 {
 	struct vnode_security_struct *vsec;
 
-	vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK);
+	vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK);
 	vsec->sid = SECINITSID_UNLABELED;
 	vsec->task_sid = SECINITSID_UNLABELED;
 	SLOT(label) = vsec;
@@ -473,7 +438,7 @@
 {
 	struct ipc_security_struct *new;
 
-	new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK);
+	new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK);
 	new->sid = SECINITSID_UNLABELED;
 	SLOT(label) = new;
 }
@@ -483,7 +448,7 @@
 {
 	struct vnode_security_struct *vsec;
 
-	vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK);
+	vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK);
 	vsec->sid = SECINITSID_UNLABELED;
 	vsec->task_sid = SECINITSID_UNLABELED;
 	SLOT(label) = vsec;
@@ -493,7 +458,7 @@
 sebsd_destroy_label(struct label *label)
 {
 
-	sebsd_free(SLOT(label));
+	sebsd_free(SLOT(label), M_SEBSD);
 	SLOT(label) = NULL;
 }
 
@@ -793,7 +758,7 @@
 	dirent->sclass = devfs_type_to_security_class(devfs_dirent->dn_type);
 
 	/* Obtain a SID based on the fstype, path, and class. */
-	path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+	path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
 	path[0] = '/';
 	strcpy(&path[1], fullpath);
 	rc = security_genfs_sid("devfs", path, dirent->sclass, &newsid);
@@ -822,7 +787,7 @@
 		    "dirent=%d\n", path,
 		    rc, dirent->sclass, newsid, dirent->sid);
 	}
-	sebsd_free(path);
+	sebsd_free(path, M_SEBSD);
 }
 
 #if 0
@@ -846,7 +811,7 @@
 	dirent->sclass = SECCLASS_DIR;
 
 	/* Obtain a SID based on the fstype, path, and class. */
-	path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+	path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
 	path[0] = '/';
 	strcpy(&path[1], fullpath);
 	rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
@@ -861,7 +826,7 @@
 		    __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc,
 		    dirent->sclass, newsid, dirent->sid);
 	}
-	sebsd_free(path);
+	sebsd_free(path, M_SEBSD);
 }
 
 static void
@@ -888,7 +853,7 @@
 	lnksec->sclass = SECCLASS_LNK_FILE;
 
 	/* Obtain a SID based on the fstype, path, and class. */
-	path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+	path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
 	path[0] = '/';
 	strcpy(&path[1], fullpath);
 	rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass,
@@ -902,7 +867,7 @@
 		    sbsec->sid, mp->mnt_stat.f_mntonname, rc,
 		    lnksec->sclass, newsid, lnksec->sid);
 	}
-	sebsd_free(path);
+	sebsd_free(path, M_SEBSD);
 }
 #endif /* HAS_DEVFS_DIRENT */
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 (text+ko) ====

@@ -54,5 +54,11 @@
 extern int sebsd_syscall(struct proc *p, int call, void *args, int *retv);
 extern int proc_has_system(struct proc *p, u32 perm);
 extern int proc_has_security(struct proc *p, u32 perm);
+extern void *sebsd_malloc(size_t size, int type, int flags);
+extern void sebsd_free(void *, int);
+
+#ifndef M_SEBSD
+#define M_SEBSD	M_MACTEMP
+#endif
 
 #endif /* _SYS_SECURITY_SEBSD_H */

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 (text+ko) ====

@@ -67,13 +67,13 @@
 	if (rc)
 		return (rc);
 
-	kdata = malloc(len, M_SEBSD, M_WAITOK);
+	kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK);
 	rc = copyin(data, kdata, len);
 	if (rc)
 		return (rc);
 
 	rc = security_load_policy(kdata, len);
-	free(kdata, M_SEBSD);
+	sebsd_free(kdata, M_SEBSD);
 
 	return (rc);
 }
@@ -88,13 +88,13 @@
 	if (rc)
 		return (rc);
 
-	kdata = malloc(len, M_SEBSD, M_WAITOK);
+	kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK);
 	rc = copyin(data, kdata, len);
 	if (rc)
 		return (rc);
 
 	rc = sebsd_load_migscs(kdata, len);
-	free(kdata, M_SEBSD);
+	sebsd_free(kdata, M_SEBSD);
 
 	return (rc);
 }
@@ -159,7 +159,7 @@
 	}
 	error = copyout(&olen, outlen, sizeof(int));
 out2:
-	sebsd_free(sids);
+	sebsd_free(sids, M_SEBSD);
 out:
 	return (error);
 }
@@ -236,12 +236,12 @@
 	int error;
 
 	if (gb->out)
-		out = malloc(gb->len, M_SEBSD, M_WAITOK);
+		out = sebsd_malloc(gb->len, M_SEBSD, M_WAITOK);
 	error = security_get_bool_string(&gb->len, out);
 	if (out && error == 0)
 		error = copyout(out, gb->out, gb->len);
 	if (out)
-		free(out, M_SEBSD);
+		sebsd_free(out, M_SEBSD);
 	return (error);
 }
 
@@ -274,24 +274,24 @@
 		error = copyin(args, &uap, sizeof(struct getsid_args));
 		if (error)
 			return (error);
-		ctx = sebsd_malloc(MAX_UC, M_WAITOK);
+		ctx = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
 		error = copyinstr(uap.ctx, ctx, MAX_UC, &dummy);
 		if (error) {
-			sebsd_free(ctx);
+			sebsd_free(ctx, M_SEBSD);
 			return (error);
 		}
-		usr = sebsd_malloc(MAX_UC, M_WAITOK);
+		usr = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
 		error = copyinstr(uap.usr, usr, MAX_UC, &dummy);
 		if (error) {
-			sebsd_free(ctx);
-			sebsd_free(usr);
+			sebsd_free(ctx, M_SEBSD);
+			sebsd_free(usr, M_SEBSD);
 			return (error);
 		}
 		ctx[MAX_UC-1] = 0;
 		usr[MAX_UC-1] = 0;
 		error = sys_get_sids(call, ctx, usr, uap.out, uap.outlen);
-		sebsd_free(ctx);
-		sebsd_free(usr);
+		sebsd_free(ctx, M_SEBSD);
+		sebsd_free(usr, M_SEBSD);
 		break;
 	}
 
@@ -304,31 +304,31 @@
 		error = copyin(args, &uap, sizeof(struct changesid_args));
 		if (error)
 			return (error);
-		doms = sebsd_malloc(MAX_UC, M_WAITOK);
+		doms = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
 		error = copyinstr(uap.domain, doms, MAX_UC, &dummy);
 		if (error) {
-			sebsd_free(doms);
+			sebsd_free(doms, M_SEBSD);
 			return (error);
 		}
-		srcs = sebsd_malloc(MAX_UC, M_WAITOK);
+		srcs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
 		error = copyinstr(uap.source, srcs, MAX_UC, &dummy);
 		if (error) {
-			sebsd_free(doms);
-			sebsd_free(srcs);
+			sebsd_free(doms, M_SEBSD);
+			sebsd_free(srcs, M_SEBSD);
 			return (error);
 		}
-		scs = sebsd_malloc(MAX_UC, M_WAITOK);
+		scs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
 		error = copyinstr(uap.sclass, scs, MAX_UC, &dummy);
 		if (error) {
-			sebsd_free(doms);
-			sebsd_free(srcs);
-			sebsd_free(scs);
+			sebsd_free(doms, M_SEBSD);
+			sebsd_free(srcs, M_SEBSD);
+			sebsd_free(scs, M_SEBSD);
 			return (error);
 		}
 		error = sys_change_sid(doms, srcs, scs, uap.out, uap.outlen);
-		sebsd_free(doms);
-		sebsd_free(srcs);
-		sebsd_free(scs);
+		sebsd_free(doms, M_SEBSD);
+		sebsd_free(srcs, M_SEBSD);
+		sebsd_free(scs, M_SEBSD);
 		return (error);
 	}
 
@@ -368,17 +368,17 @@
 
 		if (copyin(args, &p, sizeof(struct lp_args)))
 			return (EFAULT);
-		str = malloc(p.len, M_SEBSD, M_WAITOK);
+		str = sebsd_malloc(p.len, M_SEBSD, M_WAITOK);
 		if (!str)
 			return (ENOMEM);
 		if (copyin(p.data, str, p.len)) {
-			free(str, M_SEBSD);
+			sebsd_free(str, M_SEBSD);
 			return (EFAULT);
 		}
 
 		str[p.len-1] = 0;
 		error = security_set_bool(str+1, str[0]-'0');
-		free(str, M_SEBSD);
+		sebsd_free(str, M_SEBSD);
 		break;
 	}
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 (text+ko) ====

@@ -82,13 +82,14 @@
 		int i;
 		struct msgid_classinfo *c;
 
-		c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_WAITOK);
+		c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_SEBSD,
+		    M_WAITOK);
 		c->baseid = msgid;
 		c->nclasses = nclasses;
 		for (i = 0; i < nclasses; i++)
 			c->classes[i] = *p++;
 		for (i = msgid; i < msgid + size; i++) {
-			int *ip = sebsd_malloc(sizeof(int), M_WAITOK);
+			int *ip = sebsd_malloc(sizeof(int), M_SEBSD, M_WAITOK);
 			*ip = i;
 			error = hashtab_insert(ht, ip, c);
 			if (error) {

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 (text+ko) ====

@@ -20,7 +20,8 @@
 {
 	queue_t q;
 
-	q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_WAITOK);
+	q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_SEBSD,
+	    M_WAITOK);
 	if (q == NULL)
 		return NULL;
 
@@ -38,7 +39,7 @@
 		return -1;
 
 	newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node),
-	    M_WAITOK);
+	    M_SEBSD, M_WAITOK);
 	if (newnode == NULL)
 		return -1;
 
@@ -64,7 +65,7 @@
 		return -1;
 
 	newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node),
-	    M_WAITOK);
+	    M_SEBSD, M_WAITOK);
 	if (newnode == NULL)
 		return -1;
 
@@ -100,7 +101,7 @@
 		q->tail = NULL;
 
 	e = node->element;
-	sebsd_free(node);
+	sebsd_free(node, M_SEBSD);
 
 	return e;
 }
@@ -129,10 +130,10 @@
 	while (p != NULL) {
 		temp = p;
 		p = p->next;
-		sebsd_free(temp);
+		sebsd_free(temp, M_SEBSD);
 	}
 
-	sebsd_free(q);
+	sebsd_free(q, M_SEBSD);
 }
 
 int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
@@ -185,7 +186,7 @@
 			temp = p;
 			p = p->next;
 			g(temp->element, vp);
-			sebsd_free(temp);
+			sebsd_free(temp, M_SEBSD);
 		} else {
 			last = p;
 			p = p->next;

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 (text+ko) ====

@@ -90,7 +90,7 @@
 int security_genfs_sid(const char *fstype, char *name, u16 sclass,
 	u32 *sid);
 
-#define security_free_context(ctx) ({ if (ctx) free(ctx, M_SEBSD); })
+#define security_free_context(ctx) ({ if (ctx) sebsd_free(ctx, M_SEBSD); })
 
 int security_get_bool_string(int *len, char *out);
 int security_commit_pending_bools(void);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604201425.k3KEPqvF051623>