Date: Fri, 18 Oct 2002 10:22:40 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19555 for review Message-ID: <200210181722.g9IHMehw064740@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19555 Change 19555 by cvance@cvance_laptop on 2002/10/18 10:21:46 Add basic locking support for the security server. Note that it's not quite right yet, but it's a whole lot better than no locking. Thanks go to Hiten Pandya for a patch he sent a while back. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services_private.h#4 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#7 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.h#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services.c#6 (text+ko) ==== @@ -57,6 +57,10 @@ */ static __u32 latest_granting = 0; +#if defined(__FreeBSD__) && defined(_KERNEL) +POLICY_INIT; +LOAD_INIT; +#endif /* * Return the boolean value of a constraint expression @@ -302,7 +306,7 @@ /* Allocate space for the context; caller must free this space. */ scontextp = (char *) sebsd_malloc(*scontext_len+1, M_SEBSD_SS, - M_WAITOK); + M_NOWAIT); if (!scontextp) { return -ENOMEM; } @@ -348,7 +352,7 @@ *scontext_len = strlen(initial_sid_to_string[sid]) + 1; scontextp = sebsd_malloc(*scontext_len, M_SEBSD_SS, - M_WAITOK); + M_NOWAIT); strcpy(scontextp, initial_sid_to_string[sid]); *scontext = (security_context_t) scontextp; return 0; ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services_private.h#4 (text+ko) ==== @@ -54,6 +54,40 @@ /* #define convert_context_handle_invalid_context(context) -EINVAL */ /* #endif */ +#ifdef __FreeBSD__ + +#ifdef _KERNEL +struct sx; +struct sx policy_lock; +#define POLICY_INIT \ + SX_SYSINIT(policy_lock, &policy_lock, "SEBSD Policy Lock") +#define POLICY_RDLOCK sx_slock(&policy_lock) +#define POLICY_WRLOCK sx_xlock(&policy_lock) +#define POLICY_RDUNLOCK sx_sunlock(&policy_lock) +#define POLICY_WRUNLOCK sx_xunlock(&policy_lock) +#else +#define POLICY_RDLOCK +#define POLICY_WRLOCK +#define POLICY_RDUNLOCK +#define POLICY_WRUNLOCK +#endif + +#ifdef _KERNEL +struct mtx; +struct mtx load_lock; +#define LOAD_INIT \ + MTX_SYSINIT(load_lock, &load_lock, "SEBSD Load Lock", MTX_DEF) +#define LOAD_LOCK mtx_lock(&load_lock) +#define LOAD_UNLOCK mtx_unlock(&load_lock) +#else +#define LOAD_LOCK +#define LOAD_UNLOCK +#define INTERRUPTS_OFF +#define INTERRUPTS_ON +#endif + +#else /* __FreeBSD__ */ + #ifdef __KERNEL__ static DECLARE_MUTEX(policy_sem); #define POLICY_RDLOCK safe_down(&policy_sem) @@ -79,3 +113,4 @@ #define INTERRUPTS_OFF #define INTERRUPTS_ON #endif +#endif /* __FreeBSD__ */ ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#7 (text+ko) ==== @@ -12,6 +12,8 @@ #include <sys/conf.h> #include <sys/kernel.h> #include <sys/systm.h> +#include <sys/lock.h> +#include <sys/mutex.h> #endif /* FreeBSD _KERNEL */ #include <machine/limits.h> @@ -24,19 +26,32 @@ #define SIDTAB_HASH(sid) (sid & SIDTAB_HASH_MASK) -#ifdef __KERNEL__ /* TBD/CDV this does nothing... */ +#ifdef __FreeBSD__ +#ifdef _KERNEL +#define INIT_SIDTAB_LOCK(s) \ + mtx_init(&(s)->sidtab_mtx, "SID Table lock", NULL, MTX_DEF) +#define SIDTAB_TRYLOCK(s) mtx_trylock(&(s)->sidtab_mtx) +#define SIDTAB_LOCK(s) mtx_lock(&(s)->sidtab_mtx) +#define SIDTAB_UNLOCK(s) mtx_unlock(&(s)->sidtab_mtx) +#else +#define INIT_SIDTAB_LOCK(s) +#define SIDTAB_TRYLOCK(s) 0 +#define SIDTAB_LOCK(s) 0 +#define SIDTAB_UNLOCK(s) +#endif +#else /* __FreeBSD__ */ +#ifdef __KERNEL__ #define INIT_SIDTAB_LOCK(s) init_MUTEX(&s->sem) #define SIDTAB_LOCK(s) safe_down(&s->sem) #define SIDTAB_UNLOCK(s) safe_up(&s->sem) -#else +#else /* __KERNEL__ */ #define INIT_SIDTAB_LOCK(s) #define SIDTAB_LOCK(s) 0 #define SIDTAB_UNLOCK(s) #endif +#endif /* __FreeBSD__ */ -#ifndef __TBD_CDV__ #define wmb() -#endif /* __TBD_CDV__ */ int sidtab_init(sidtab_t *s) { @@ -75,7 +90,7 @@ return -EEXIST; newnode = (sidtab_node_t *) sebsd_malloc(sizeof(sidtab_node_t), - M_SEBSD_SS, M_WAITOK); + M_SEBSD_SS, M_NOWAIT); if (newnode == NULL) return -ENOMEM; newnode->sid = sid; @@ -258,7 +273,8 @@ sid = sidtab_search_context(s, context); if (!sid) { - if (SIDTAB_LOCK(s)) + ret = SIDTAB_TRYLOCK(s); + if (ret == 0) return -EAGAIN; /* Rescan now that we hold the semaphore. */ sid = sidtab_search_context(s, context); @@ -358,8 +374,8 @@ SIDTAB_LOCK(s); mynel = s->nel; mysids = (security_id_t *)sebsd_malloc(mynel*sizeof(security_id_t), - M_SEBSD_SS, M_WAITOK); - if (!mysids) { + M_SEBSD_SS, M_NOWAIT); + if (mysids == NULL) { rc = -ENOMEM; goto out; } ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.h#3 (text+ko) ==== @@ -27,13 +27,18 @@ #define SIDTAB_SIZE SIDTAB_HASH_BUCKETS +struct mtx; typedef struct { sidtab_ptr_t *htable; unsigned int nel; /* number of elements */ unsigned int next_sid; /* next SID to allocate */ -#ifdef __KERNEL__ +#if defined(__KERNEL__) || defined(_KERNEL) +#ifdef __FreeBSD__ + struct mtx sidtab_mtx; +#else struct semaphore sem; #endif +#endif /* KERNEL */ } sidtab_t; int sidtab_init(sidtab_t *s); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210181722.g9IHMehw064740>