Date: Sun, 9 Nov 2003 09:44:15 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 41812 for review Message-ID: <200311091744.hA9HiFcN015758@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=41812 Change 41812 by rwatson@rwatson_paprika on 2003/11/09 09:43:58 For System V IPC objects, store a (struct label *) instead of a (struct label) to make changes in the size/shape of struct label ABI-clean. Use the label UMA zone to allocate label storage. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#17 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#18 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#17 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#5 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#5 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#5 edit .. //depot/projects/trustedbsd/mac/sys/sys/msg.h#7 edit .. //depot/projects/trustedbsd/mac/sys/sys/msg_msg.h#2 edit .. //depot/projects/trustedbsd/mac/sys/sys/sem.h#6 edit .. //depot/projects/trustedbsd/mac/sys/sys/shm.h#6 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#17 (text+ko) ==== @@ -38,7 +38,6 @@ #include <sys/jail.h> #ifdef MAC #include <sys/msg_msg.h> -#include <sys/_label.h> #include <sys/mac.h> #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#18 (text+ko) ==== @@ -27,7 +27,6 @@ #include <sys/malloc.h> #include <sys/jail.h> #ifdef MAC -#include <sys/_label.h> #include <sys/mac.h> #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#17 (text+ko) ==== @@ -53,7 +53,6 @@ #include <sys/sysproto.h> #include <sys/jail.h> #ifdef MAC -#include <sys/_label.h> #include <sys/mac.h> #endif ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#5 (text+ko) ==== @@ -67,40 +67,75 @@ &nmacipcmsqs, 0, "number of sysv ipc message queue identifiers inuse"); #endif +static struct label * +mac_ipc_msgmsg_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_ipc_msgmsg_label, label); + MAC_DEBUG_COUNTER_INC(&nmacipcmsgs); + return (label); +} + void mac_init_ipc_msgmsg(struct msg *msgptr) { - mac_init_label(&msgptr->label); - MAC_PERFORM(init_ipc_msgmsg_label, &msgptr->label); - MAC_DEBUG_COUNTER_INC(&nmacipcmsgs); + msgptr->label = mac_ipc_msgmsg_label_alloc(); +} + +static struct label * +mac_ipc_msgqueue_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_ipc_msgqueue_label, label); + MAC_DEBUG_COUNTER_INC(&nmacipcmsqs); + return (label); } void mac_init_ipc_msgqueue(struct msqid_kernel *msqkptr) { - mac_init_label(&msqkptr->label); - MAC_PERFORM(init_ipc_msgqueue_label, &msqkptr->label); - MAC_DEBUG_COUNTER_INC(&nmacipcmsqs); + msqkptr->label = mac_ipc_msgqueue_label_alloc(); + msqkptr->label = NULL; +} + +static void +mac_ipc_msgmsg_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_ipc_msgmsg_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs); } void mac_destroy_ipc_msgmsg(struct msg *msgptr) { - MAC_PERFORM(destroy_ipc_msgmsg_label, &msgptr->label); - mac_destroy_label(&msgptr->label); - MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs); + mac_ipc_msgmsg_label_free(msgptr->label); + msgptr->label = NULL; +} + +static void +mac_ipc_msgqueue_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_ipc_msgqueue_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs); } void mac_destroy_ipc_msgqueue(struct msqid_kernel *msqkptr) { - MAC_PERFORM(destroy_ipc_msgqueue_label, &msqkptr->label); - mac_destroy_label(&msqkptr->label); - MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs); + mac_ipc_msgqueue_label_free(msqkptr->label); + msqkptr->label = NULL; } void @@ -108,29 +143,29 @@ struct msg *msgptr) { - MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, &msqkptr->label, - msgptr, &msgptr->label); + MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, msqkptr->label, + msgptr, msgptr->label); } void mac_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr) { - MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, &msqkptr->label); + MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, msqkptr->label); } void mac_cleanup_ipc_msgmsg(struct msg *msgptr) { - MAC_PERFORM(cleanup_ipc_msgmsg, &msgptr->label); + MAC_PERFORM(cleanup_ipc_msgmsg, msgptr->label); } void mac_cleanup_ipc_msgqueue(struct msqid_kernel *msqkptr) { - MAC_PERFORM(cleanup_ipc_msgqueue, &msqkptr->label); + MAC_PERFORM(cleanup_ipc_msgqueue, msqkptr->label); } int @@ -142,8 +177,8 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msgmsq, cred, msgptr, &msgptr->label, msqkptr, - &msqkptr->label); + MAC_CHECK(check_ipc_msgmsq, cred, msgptr, msgptr->label, msqkptr, + msqkptr->label); return(error); } @@ -156,7 +191,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msgrcv, cred, msgptr, &msgptr->label); + MAC_CHECK(check_ipc_msgrcv, cred, msgptr, msgptr->label); return(error); } @@ -169,7 +204,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msgrmid, cred, msgptr, &msgptr->label); + MAC_CHECK(check_ipc_msgrmid, cred, msgptr, msgptr->label); return(error); } @@ -182,7 +217,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msqget, cred, msqkptr, &msqkptr->label); + MAC_CHECK(check_ipc_msqget, cred, msqkptr, msqkptr->label); return(error); } @@ -195,7 +230,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, &msqkptr->label); + MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, msqkptr->label); return(error); } @@ -208,7 +243,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, &msqkptr->label); + MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, msqkptr->label); return(error); } @@ -222,7 +257,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_msqctl, cred, msqkptr, &msqkptr->label, cmd); + MAC_CHECK(check_ipc_msqctl, cred, msqkptr, msqkptr->label, cmd); return(error); } ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#5 (text+ko) ==== @@ -59,36 +59,53 @@ &nmacipcsemass, 0, "number of sysv ipc semaphore identifiers inuse"); #endif +static struct label * +mac_ipc_sema_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_ipc_sema_label, label); + MAC_DEBUG_COUNTER_INC(&nmacipcsemas); + return (label); +} + void mac_init_ipc_sema(struct semid_kernel *semakptr) { - mac_init_label(&semakptr->label); - MAC_PERFORM(init_ipc_sema_label, &semakptr->label); - MAC_DEBUG_COUNTER_INC(&nmacipcsemas); + semakptr->label = mac_ipc_sema_label_alloc(); +} + +static void +mac_ipc_sema_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_ipc_sema_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacipcsemas); } void mac_destroy_ipc_sema(struct semid_kernel *semakptr) { - MAC_PERFORM(destroy_ipc_sema_label, &semakptr->label); - mac_destroy_label(&semakptr->label); - MAC_DEBUG_COUNTER_DEC(&nmacipcsemas); + mac_ipc_sema_label_free(semakptr->label); + semakptr->label = NULL; } void mac_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr) { - MAC_PERFORM(create_ipc_sema, cred, semakptr, &semakptr->label); + MAC_PERFORM(create_ipc_sema, cred, semakptr, semakptr->label); } void mac_cleanup_ipc_sema(struct semid_kernel *semakptr) { - MAC_PERFORM(cleanup_ipc_sema, &semakptr->label); + MAC_PERFORM(cleanup_ipc_sema, semakptr->label); } int @@ -100,7 +117,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_semctl, cred, semakptr, &semakptr->label, cmd); + MAC_CHECK(check_ipc_semctl, cred, semakptr, semakptr->label, cmd); return(error); } @@ -113,7 +130,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_semget, cred, semakptr, &semakptr->label); + MAC_CHECK(check_ipc_semget, cred, semakptr, semakptr->label); return(error); } @@ -127,7 +144,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_semop, cred, semakptr, &semakptr->label, + MAC_CHECK(check_ipc_semop, cred, semakptr, semakptr->label, accesstype); return(error); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#5 (text+ko) ==== @@ -59,36 +59,53 @@ &nmacipcshms, 0, "number of sysv ipc shm identifiers inuse"); #endif +static struct label * +mac_ipc_shm_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_ipc_shm_label, label); + MAC_DEBUG_COUNTER_INC(&nmacipcshms); + return (label); +} + void mac_init_ipc_shm(struct shmid_kernel *shmsegptr) { - mac_init_label(&shmsegptr->label); - MAC_PERFORM(init_ipc_shm_label, &shmsegptr->label); - MAC_DEBUG_COUNTER_INC(&nmacipcshms); + shmsegptr->label = mac_ipc_shm_label_alloc(); +} + +static void +mac_ipc_shm_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_ipc_shm_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacipcshms); } void mac_destroy_ipc_shm(struct shmid_kernel *shmsegptr) { - MAC_PERFORM(destroy_ipc_shm_label, &shmsegptr->label); - mac_destroy_label(&shmsegptr->label); - MAC_DEBUG_COUNTER_DEC(&nmacipcshms); + mac_ipc_shm_label_free(shmsegptr->label); + shmsegptr->label = NULL; } void mac_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr) { - MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label); + MAC_PERFORM(create_ipc_shm, cred, shmsegptr, shmsegptr->label); } void mac_cleanup_ipc_shm(struct shmid_kernel *shmsegptr) { - MAC_PERFORM(cleanup_ipc_shm, &shmsegptr->label); + MAC_PERFORM(cleanup_ipc_shm, shmsegptr->label); } int @@ -100,7 +117,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_shmat, cred, shmsegptr, &shmsegptr->label, + MAC_CHECK(check_ipc_shmat, cred, shmsegptr, shmsegptr->label, shmflg); return(error); @@ -115,7 +132,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, &shmsegptr->label, + MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, shmsegptr->label, cmd); return(error); @@ -129,7 +146,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, &shmsegptr->label); + MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, shmsegptr->label); return(error); } @@ -143,7 +160,7 @@ if (!mac_enforce_sysv) return (0); - MAC_CHECK(check_ipc_shmget, cred, shmsegptr, &shmsegptr->label, + MAC_CHECK(check_ipc_shmget, cred, shmsegptr, shmsegptr->label, shmflg); return(error); ==== //depot/projects/trustedbsd/mac/sys/sys/msg.h#7 (text+ko) ==== @@ -26,7 +26,6 @@ #include <sys/cdefs.h> #include <sys/_types.h> #include <sys/ipc.h> -#include <sys/_label.h> /* * The MSG_NOERROR identifier value, the msqid_ds struct and the msg struct @@ -126,7 +125,7 @@ { struct msqid_ds u; /* the following are private */ - struct label label; /* MAC label */ + struct label *label; /* MAC label */ }; #else /* !_KERNEL */ ==== //depot/projects/trustedbsd/mac/sys/sys/msg_msg.h#2 (text+ko) ==== @@ -22,7 +22,6 @@ #include <sys/cdefs.h> #include <sys/_types.h> -#include <sys/_label.h> #ifdef _KERNEL @@ -41,7 +40,7 @@ /* 0 -> free header */ unsigned short msg_ts; /* size of this message */ short msg_spot; /* location of start of msg in buffer */ - struct label label; /* MAC Framework label */ + struct label *label; /* MAC Framework label */ }; #endif /* _KERNEL */ ==== //depot/projects/trustedbsd/mac/sys/sys/sem.h#6 (text+ko) ==== @@ -11,7 +11,6 @@ #define _SYS_SEM_H_ #include <sys/ipc.h> -#include <sys/_label.h> struct sem; @@ -89,7 +88,7 @@ struct semid_kernel { struct semid_ds u; /* the following are private */ - struct label label; /* MAC framework label */ + struct label *label; /* MAC framework label */ }; /* internal "mode" bits */ ==== //depot/projects/trustedbsd/mac/sys/sys/shm.h#6 (text+ko) ==== @@ -40,7 +40,6 @@ #define _SYS_SHM_H_ #include <sys/ipc.h> -#include <sys/_label.h> #define SHM_RDONLY 010000 /* Attach read-only (else read-write) */ #define SHM_RND 020000 /* Round attach address to SHMLBA */ @@ -93,7 +92,7 @@ struct shmid_kernel { struct shmid_ds u; /* the following are private */ - struct label label; /* MAC label */ + struct label *label; /* MAC label */ }; extern struct shminfo shminfo;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311091744.hA9HiFcN015758>