Date: Sun, 9 Nov 2003 21:02:51 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 41867 for review Message-ID: <200311100502.hAA52pJZ076273@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=41867 Change 41867 by rwatson@rwatson_paprika on 2003/11/09 21:02:17 Change f_label in struct file from a struct label to a struct label *: allocate file entry labels using the label UMA zone instead of storage in the parent structure. This greatly reduces the memory overhead of a struct file in the non-MAC case, and permits us to change the size and shape of struct mac without changing the binary storage of struct file. No changes to policies or MAC Framework entry points required. With this size reduction, it should now be feasible to merge struct file labeling into the main FreeBSD tree. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_descrip.c#9 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/mac/mac_file.c#3 (text+ko) ==== @@ -65,22 +65,39 @@ &nmacfiles, 0, "number of files in use"); #endif +static struct label * +mac_file_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_file_label, label); + MAC_DEBUG_COUNTER_INC(&nmacfiles); + return (label); +} + void mac_init_file(struct file *fp) { - mac_init_label(&fp->f_label); - MAC_PERFORM(init_file_label, &fp->f_label); - MAC_DEBUG_COUNTER_INC(&nmacfiles); + fp->f_label = mac_file_label_alloc(); +} + +static void +mac_file_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_file_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacfiles); } void mac_destroy_file(struct file *fp) { - MAC_PERFORM(destroy_file_label, &fp->f_label); - mac_destroy_label(&fp->f_label); - MAC_DEBUG_COUNTER_DEC(&nmacfiles); + mac_file_label_free(fp->f_label); + fp->f_label = NULL; } int @@ -101,7 +118,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_dup, cred, fp, &fp->f_label, newfd); + MAC_CHECK(check_file_dup, cred, fp, fp->f_label, newfd); return (error); } @@ -112,7 +129,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_ioctl, cred, fp, &fp->f_label, com); + MAC_CHECK(check_file_ioctl, cred, fp, fp->f_label, com); return (error); } @@ -123,7 +140,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_inherit, cred, fp, &fp->f_label); + MAC_CHECK(check_file_inherit, cred, fp, fp->f_label); return (error); } @@ -134,7 +151,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_receive, cred, fp, &fp->f_label); + MAC_CHECK(check_file_receive, cred, fp, fp->f_label); return (error); } @@ -145,7 +162,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_get_flags, cred, fp, &fp->f_label, flags); + MAC_CHECK(check_file_get_flags, cred, fp, fp->f_label, flags); return (error); } @@ -156,7 +173,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_get_ofileflags, cred, fp, &fp->f_label, flags); + MAC_CHECK(check_file_get_ofileflags, cred, fp, fp->f_label, flags); return (error); } @@ -168,7 +185,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_change_flags, cred, fp, &fp->f_label, oldflags, + MAC_CHECK(check_file_change_flags, cred, fp, fp->f_label, oldflags, newflags); return (error); } @@ -181,7 +198,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_change_ofileflags, cred, fp, &fp->f_label, + MAC_CHECK(check_file_change_ofileflags, cred, fp, fp->f_label, oldflags, newflags); return (error); } @@ -193,7 +210,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_get_offset, cred, fp, &fp->f_label); + MAC_CHECK(check_file_get_offset, cred, fp, fp->f_label); return (error); } @@ -204,7 +221,7 @@ if (!mac_enforce_file) return (0); - MAC_CHECK(check_file_change_offset, cred, fp, &fp->f_label); + MAC_CHECK(check_file_change_offset, cred, fp, fp->f_label); return (error); } @@ -212,5 +229,5 @@ mac_create_file(struct ucred *cred, struct file *fp) { - MAC_PERFORM(create_file, cred, fp, &fp->f_label); + MAC_PERFORM(create_file, cred, fp, fp->f_label); } ==== //depot/projects/trustedbsd/sebsd/sys/sys/file.h#6 (text+ko) ==== @@ -45,7 +45,6 @@ #include <sys/queue.h> #include <sys/_lock.h> #include <sys/_mutex.h> -#include <sys/_label.h> struct stat; struct thread; @@ -136,7 +135,7 @@ off_t f_nextoff; /* * offset of next expected read or write */ - struct label f_label; /* MAC label */ + struct label *f_label; /* MAC label */ }; #endif /* _KERNEL */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311100502.hAA52pJZ076273>