From owner-p4-projects@FreeBSD.ORG  Sun Nov  9 21:02:52 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 65B5E16A4D0; Sun,  9 Nov 2003 21:02:52 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3EDDE16A4CE
	for <perforce@freebsd.org>; Sun,  9 Nov 2003 21:02:52 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 919A243FF2
	for <perforce@freebsd.org>; Sun,  9 Nov 2003 21:02:51 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hAA52pXJ076276
	for <perforce@freebsd.org>; Sun, 9 Nov 2003 21:02:51 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hAA52pJZ076273
	for perforce@freebsd.org; Sun, 9 Nov 2003 21:02:51 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 9 Nov 2003 21:02:51 -0800 (PST)
Message-Id: <200311100502.hAA52pJZ076273@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 41867 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2003 05:02:52 -0000

http://perforce.freebsd.org/chv.cgi?CH=41867

Change 41867 by rwatson@rwatson_paprika on 2003/11/09 21:02:17

	Change f_label in struct file from a struct label to a struct
	label *: allocate file entry labels using the label UMA
	zone instead of storage in the parent structure.  This
	greatly reduces the memory overhead of a struct file in the
	non-MAC case, and permits us to change the size and shape
	of struct mac without changing the binary storage of struct
	file.  No changes to policies or MAC Framework entry points
	required.  With this size reduction, it should now be
	feasible to merge struct file labeling into the main FreeBSD
	tree.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 (text+ko) ====

@@ -65,22 +65,39 @@
     &nmacfiles, 0, "number of files in use");
 #endif
 
+static struct label *
+mac_file_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_file_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacfiles);
+	return (label);
+}
+
 void
 mac_init_file(struct file *fp)
 {
 
-	mac_init_label(&fp->f_label);
-	MAC_PERFORM(init_file_label, &fp->f_label);
-	MAC_DEBUG_COUNTER_INC(&nmacfiles);
+	fp->f_label = mac_file_label_alloc();
+}
+
+static void
+mac_file_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_file_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacfiles);
 }
 
 void
 mac_destroy_file(struct file *fp)
 {
 
-	MAC_PERFORM(destroy_file_label, &fp->f_label);
-	mac_destroy_label(&fp->f_label);
-	MAC_DEBUG_COUNTER_DEC(&nmacfiles);
+	mac_file_label_free(fp->f_label);
+	fp->f_label = NULL;
 }
 
 int
@@ -101,7 +118,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_dup, cred, fp, &fp->f_label, newfd);
+	MAC_CHECK(check_file_dup, cred, fp, fp->f_label, newfd);
 	return (error);
 }
 
@@ -112,7 +129,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_ioctl, cred, fp, &fp->f_label, com);
+	MAC_CHECK(check_file_ioctl, cred, fp, fp->f_label, com);
 	return (error);
 }
 
@@ -123,7 +140,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_inherit, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_inherit, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -134,7 +151,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_receive, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_receive, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -145,7 +162,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_flags, cred, fp, &fp->f_label, flags);
+	MAC_CHECK(check_file_get_flags, cred, fp, fp->f_label, flags);
 	return (error);
 }
 
@@ -156,7 +173,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_ofileflags, cred, fp, &fp->f_label, flags);
+	MAC_CHECK(check_file_get_ofileflags, cred, fp, fp->f_label, flags);
 	return (error);
 }
 
@@ -168,7 +185,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_flags, cred, fp, &fp->f_label, oldflags,
+	MAC_CHECK(check_file_change_flags, cred, fp, fp->f_label, oldflags,
 	    newflags);
 	return (error);
 }
@@ -181,7 +198,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_ofileflags, cred, fp, &fp->f_label,
+	MAC_CHECK(check_file_change_ofileflags, cred, fp, fp->f_label,
 	    oldflags, newflags);
 	return (error);
 }
@@ -193,7 +210,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_get_offset, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_get_offset, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -204,7 +221,7 @@
 
 	if (!mac_enforce_file)
 		return (0);
-	MAC_CHECK(check_file_change_offset, cred, fp, &fp->f_label);
+	MAC_CHECK(check_file_change_offset, cred, fp, fp->f_label);
 	return (error);
 }
 
@@ -212,5 +229,5 @@
 mac_create_file(struct ucred *cred, struct file *fp)
 {
 
-	MAC_PERFORM(create_file, cred, fp, &fp->f_label);
+	MAC_PERFORM(create_file, cred, fp, fp->f_label);
 }

==== //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 (text+ko) ====

@@ -45,7 +45,6 @@
 #include <sys/queue.h>
 #include <sys/_lock.h>
 #include <sys/_mutex.h>
-#include <sys/_label.h>
 
 struct stat;
 struct thread;
@@ -136,7 +135,7 @@
 	off_t	f_nextoff;	/*
 				 * offset of next expected read or write
 				 */
-	struct label	f_label;	/* MAC label */
+	struct label	*f_label;	/* MAC label */
 };
 
 #endif /* _KERNEL */