From owner-p4-projects@FreeBSD.ORG Sun Nov 9 17:30:21 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8B74C16A4D1; Sun, 9 Nov 2003 17:30:21 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F10116A4CF for ; Sun, 9 Nov 2003 17:30:21 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47CB74400B for ; Sun, 9 Nov 2003 17:30:14 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hAA1UEXJ057807 for ; Sun, 9 Nov 2003 17:30:14 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hAA1UDpV057800 for perforce@freebsd.org; Sun, 9 Nov 2003 17:30:13 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 9 Nov 2003 17:30:13 -0800 (PST) Message-Id: <200311100130.hAA1UDpV057800@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 41851 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Nov 2003 01:30:22 -0000 http://perforce.freebsd.org/chv.cgi?CH=41851 Change 41851 by rwatson@rwatson_paprika on 2003/11/09 17:29:33 Use the UMA zone allocator to allocate temporary labels for the socket and ifnet code, rather than using the stack. This permits us to GC some of the older init/destroy functions for sockets and ifnets, reducing code duplication. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_net.c#7 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_net.c#7 (text+ko) ==== @@ -124,15 +124,6 @@ bpf_d->bd_label = mac_bpfdesc_label_alloc(); } -static void -mac_init_ifnet_label(struct label *label) -{ - - mac_init_label(label); - MAC_PERFORM(init_ifnet_label, label); - MAC_DEBUG_COUNTER_INC(&nmacifnets); -} - static struct label * mac_ifnet_label_alloc(void) { @@ -229,24 +220,6 @@ return (0); } -static int -mac_init_socket_label(struct label *label, int flag) -{ - int error; - - mac_init_label(label); - - MAC_CHECK(init_socket_label, label, flag); - if (error) { - MAC_PERFORM(destroy_socket_label, label); - mac_destroy_label(label); - } else { - MAC_DEBUG_COUNTER_INC(&nmacsockets); - } - - return (error); -} - static struct label * mac_socket_label_alloc(int flag) { @@ -320,15 +293,6 @@ } static void -mac_destroy_ifnet_label(struct label *label) -{ - - MAC_PERFORM(destroy_ifnet_label, label); - mac_destroy_label(label); - MAC_DEBUG_COUNTER_DEC(&nmacifnets); -} - -static void mac_ifnet_label_free(struct label *label) { @@ -372,15 +336,6 @@ } static void -mac_destroy_socket_label(struct label *label) -{ - - MAC_PERFORM(destroy_socket_label, label); - mac_destroy_label(label); - MAC_DEBUG_COUNTER_DEC(&nmacsockets); -} - -static void mac_socket_label_free(struct label *label) { @@ -891,7 +846,7 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifnet) { - struct label intlabel; + struct label *intlabel; struct mac mac; char *buffer; int error; @@ -911,11 +866,11 @@ return (error); } - mac_init_ifnet_label(&intlabel); - error = mac_internalize_ifnet_label(&intlabel, buffer); + intlabel = mac_ifnet_label_alloc(); + error = mac_internalize_ifnet_label(intlabel, buffer); free(buffer, M_MACTEMP); if (error) { - mac_destroy_ifnet_label(&intlabel); + mac_ifnet_label_free(intlabel); return (error); } @@ -926,20 +881,20 @@ */ error = suser_cred(cred, 0); if (error) { - mac_destroy_ifnet_label(&intlabel); + mac_ifnet_label_free(intlabel); return (error); } MAC_CHECK(check_ifnet_relabel, cred, ifnet, ifnet->if_label, - &intlabel); + intlabel); if (error) { - mac_destroy_ifnet_label(&intlabel); + mac_ifnet_label_free(intlabel); return (error); } - MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, &intlabel); + MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, intlabel); - mac_destroy_ifnet_label(&intlabel); + mac_ifnet_label_free(intlabel); return (0); } @@ -947,7 +902,7 @@ mac_setsockopt_label_set(struct ucred *cred, struct socket *so, struct mac *mac) { - struct label intlabel; + struct label *intlabel; char *buffer; int error; @@ -962,23 +917,23 @@ return (error); } - mac_init_socket_label(&intlabel, M_WAITOK); - error = mac_internalize_socket_label(&intlabel, buffer); + intlabel = mac_socket_label_alloc(M_WAITOK); + error = mac_internalize_socket_label(intlabel, buffer); free(buffer, M_MACTEMP); if (error) { - mac_destroy_socket_label(&intlabel); + mac_socket_label_free(intlabel); return (error); } - mac_check_socket_relabel(cred, so, &intlabel); + mac_check_socket_relabel(cred, so, intlabel); if (error) { - mac_destroy_socket_label(&intlabel); + mac_socket_label_free(intlabel); return (error); } - mac_relabel_socket(cred, so, &intlabel); + mac_relabel_socket(cred, so, intlabel); - mac_destroy_socket_label(&intlabel); + mac_socket_label_free(intlabel); return (0); }