From owner-p4-projects@FreeBSD.ORG Thu Dec 21 11:24:15 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1AE0516AF7B; Thu, 21 Dec 2006 11:23:57 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D01F916A73D for ; Thu, 21 Dec 2006 11:23:56 +0000 (UTC) (envelope-from jkim@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 72F0B13C4E2 for ; Thu, 21 Dec 2006 11:23:32 +0000 (UTC) (envelope-from jkim@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kBKKpnYK000353 for ; Wed, 20 Dec 2006 20:51:49 GMT (envelope-from jkim@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kBKKpmhR000340 for perforce@freebsd.org; Wed, 20 Dec 2006 20:51:48 GMT (envelope-from jkim@freebsd.org) Date: Wed, 20 Dec 2006 20:51:48 GMT Message-Id: <200612202051.kBKKpmhR000340@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to jkim@freebsd.org using -f From: Jung-uk Kim To: Perforce Change Reviews Cc: Subject: PERFORCE change 112011 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 11:24:15 -0000 http://perforce.freebsd.org/chv.cgi?CH=112011 Change 112011 by jkim@jkim_hammer on 2006/12/20 20:51:05 IFC Affected files ... .. //depot/projects/linuxolator/src/sys/amd64/linux32/linux.h#11 integrate .. //depot/projects/linuxolator/src/sys/amd64/linux32/linux32_machdep.c#16 integrate .. //depot/projects/linuxolator/src/sys/compat/linux/linux_ipc.c#7 integrate .. //depot/projects/linuxolator/src/sys/compat/linux/linux_time.c#3 integrate .. //depot/projects/linuxolator/src/sys/i386/linux/linux.h#9 integrate .. //depot/projects/linuxolator/src/sys/i386/linux/linux_proto.h#15 integrate .. //depot/projects/linuxolator/src/sys/i386/linux/linux_syscall.h#14 integrate .. //depot/projects/linuxolator/src/sys/i386/linux/linux_sysent.c#14 integrate .. //depot/projects/linuxolator/src/sys/i386/linux/syscalls.master#13 integrate .. //depot/projects/linuxolator/src/sys/kern/kern_mac.c#4 integrate .. //depot/projects/linuxolator/src/sys/security/mac/mac_framework.h#6 integrate .. //depot/projects/linuxolator/src/sys/security/mac/mac_net.c#5 integrate .. //depot/projects/linuxolator/src/sys/sun4v/include/pcpu.h#6 integrate Differences ... ==== //depot/projects/linuxolator/src/sys/amd64/linux32/linux.h#11 (text+ko) ==== @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/amd64/linux32/linux.h,v 1.9 2006/11/07 18:53:49 jhb Exp $ + * $FreeBSD: src/sys/amd64/linux32/linux.h,v 1.10 2006/12/20 20:17:34 jkim Exp $ */ #ifndef _AMD64_LINUX_LINUX_H_ ==== //depot/projects/linuxolator/src/sys/amd64/linux32/linux32_machdep.c#16 (text+ko) ==== @@ -29,7 +29,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.22 2006/10/15 13:39:39 netchild Exp $"); +__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.23 2006/12/20 20:17:34 jkim Exp $"); #include #include ==== //depot/projects/linuxolator/src/sys/compat/linux/linux_ipc.c#7 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/compat/linux/linux_ipc.c,v 1.52 2006/12/20 19:30:52 jkim Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/linux/linux_ipc.c,v 1.53 2006/12/20 20:08:45 jkim Exp $"); #include #include ==== //depot/projects/linuxolator/src/sys/compat/linux/linux_time.c#3 (text+ko) ==== @@ -37,7 +37,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/compat/linux/linux_time.c,v 1.1 2006/08/15 12:20:59 netchild Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/linux/linux_time.c,v 1.2 2006/12/20 20:17:34 jkim Exp $"); #if 0 __KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.14 2006/05/14 03:40:54 christos Exp $"); #endif ==== //depot/projects/linuxolator/src/sys/i386/linux/linux.h#9 (text+ko) ==== @@ -25,7 +25,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/i386/linux/linux.h,v 1.70 2006/10/15 14:22:13 netchild Exp $ + * $FreeBSD: src/sys/i386/linux/linux.h,v 1.72 2006/12/20 20:17:35 jkim Exp $ */ #ifndef _I386_LINUX_LINUX_H_ ==== //depot/projects/linuxolator/src/sys/i386/linux/linux_proto.h#15 (text+ko) ==== @@ -2,8 +2,8 @@ * System call prototypes. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD$ - * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp + * $FreeBSD: src/sys/i386/linux/linux_proto.h,v 1.89 2006/12/20 20:42:58 jkim Exp $ + * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp */ #ifndef _LINUX_SYSPROTO_H_ ==== //depot/projects/linuxolator/src/sys/i386/linux/linux_syscall.h#14 (text+ko) ==== @@ -2,8 +2,8 @@ * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD$ - * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp + * $FreeBSD: src/sys/i386/linux/linux_syscall.h,v 1.82 2006/12/20 20:42:58 jkim Exp $ + * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp */ #define LINUX_SYS_exit 1 ==== //depot/projects/linuxolator/src/sys/i386/linux/linux_sysent.c#14 (text+ko) ==== @@ -2,8 +2,8 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD$ - * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp + * $FreeBSD: src/sys/i386/linux/linux_sysent.c,v 1.89 2006/12/20 20:42:58 jkim Exp $ + * created from FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp */ #include ==== //depot/projects/linuxolator/src/sys/i386/linux/syscalls.master#13 (text+ko) ==== @@ -1,4 +1,4 @@ - $FreeBSD: src/sys/i386/linux/syscalls.master,v 1.82 2006/10/28 10:59:59 netchild Exp $ + $FreeBSD: src/sys/i386/linux/syscalls.master,v 1.84 2006/12/20 20:21:48 jkim Exp $ ; @(#)syscalls.master 8.1 (Berkeley) 7/19/93 ; System call name/number master file (or rather, slave, from LINUX). ==== //depot/projects/linuxolator/src/sys/kern/kern_mac.c#4 (text+ko) ==== @@ -47,7 +47,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.123 2006/10/22 11:52:13 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.124 2006/12/20 20:38:44 rwatson Exp $"); #include "opt_mac.h" @@ -106,6 +106,16 @@ SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); +/* + * Labels consist of a indexed set of "slots", which are allocated policies + * as required. The MAC Framework maintains a bitmask of slots allocated so + * far to prevent reuse. Slots cannot be reused, as the MAC Framework + * guarantees that newly allocated slots in labels will be NULL unless + * otherwise initialized, and because we do not have a mechanism to garbage + * collect slots on policy unload. As labeled policies tend to be statically + * loaded during boot, and not frequently unloaded and reloaded, this is not + * generally an issue. + */ #if MAC_MAX_SLOTS > 32 #error "MAC_MAX_SLOTS too large" #endif @@ -123,15 +133,18 @@ int mac_late = 0; /* - * Flag to indicate whether or not we should allocate label storage for - * new mbufs. Since most dynamic policies we currently work with don't - * rely on mbuf labeling, try to avoid paying the cost of mtag allocation - * unless specifically notified of interest. One result of this is - * that if a dynamically loaded policy requests mbuf labels, it must - * be able to deal with a NULL label being returned on any mbufs that - * were already in flight when the policy was loaded. Since the policy - * already has to deal with uninitialized labels, this probably won't - * be a problem. Note: currently no locking. Will this be a problem? + * Flag to indicate whether or not we should allocate label storage for new + * mbufs. Since most dynamic policies we currently work with don't rely on + * mbuf labeling, try to avoid paying the cost of mtag allocation unless + * specifically notified of interest. One result of this is that if a + * dynamically loaded policy requests mbuf labels, it must be able to deal + * with a NULL label being returned on any mbufs that were already in flight + * when the policy was loaded. Since the policy already has to deal with + * uninitialized labels, this probably won't be a problem. Note: currently + * no locking. Will this be a problem? + * + * In the future, we may want to allow objects to request labeling on a per- + * object type basis, rather than globally for all objects. */ #ifndef MAC_ALWAYS_LABEL_MBUF int mac_labelmbufs = 0; @@ -143,22 +156,31 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC temporary label storage"); /* - * mac_static_policy_list holds a list of policy modules that are not - * loaded while the system is "live", and cannot be unloaded. These - * policies can be invoked without holding the busy count. + * mac_static_policy_list holds a list of policy modules that are not loaded + * while the system is "live", and cannot be unloaded. These policies can be + * invoked without holding the busy count. * * mac_policy_list stores the list of dynamic policies. A busy count is - * maintained for the list, stored in mac_policy_busy. The busy count - * is protected by mac_policy_mtx; the list may be modified only - * while the busy count is 0, requiring that the lock be held to - * prevent new references to the list from being acquired. For almost - * all operations, incrementing the busy count is sufficient to - * guarantee consistency, as the list cannot be modified while the - * busy count is elevated. For a few special operations involving a - * change to the list of active policies, the mtx itself must be held. - * A condition variable, mac_policy_cv, is used to signal potential - * exclusive consumers that they should try to acquire the lock if a - * first attempt at exclusive access fails. + * maintained for the list, stored in mac_policy_busy. The busy count is + * protected by mac_policy_mtx; the list may be modified only while the busy + * count is 0, requiring that the lock be held to prevent new references to + * the list from being acquired. For almost all operations, incrementing the + * busy count is sufficient to guarantee consistency, as the list cannot be + * modified while the busy count is elevated. For a few special operations + * involving a change to the list of active policies, the mtx itself must be + * held. A condition variable, mac_policy_cv, is used to signal potential + * exclusive consumers that they should try to acquire the lock if a first + * attempt at exclusive access fails. + * + * This design intentionally avoids fairness, and may starve attempts to + * acquire an exclusive lock on a busy system. This is required because we + * do not ever want acquiring a read reference to perform an unbounded length + * sleep. Read references are acquired in ithreads, network isrs, etc, and + * any unbounded blocking could lead quickly to deadlock. + * + * Another reason for never blocking on read references is that the MAC + * Framework may recurse: if a policy calls a VOP, for example, this might + * lead to vnode life cycle operations (such as init/destroy). */ #ifndef MAC_STATIC static struct mtx mac_policy_mtx; @@ -169,13 +191,12 @@ struct mac_policy_list_head mac_static_policy_list; /* - * We manually invoke WITNESS_WARN() to allow Witness to generate - * warnings even if we don't end up ever triggering the wait at - * run-time. The consumer of the exclusive interface must not hold - * any locks (other than potentially Giant) since we may sleep for - * long (potentially indefinite) periods of time waiting for the - * framework to become quiescent so that a policy list change may - * be made. + * We manually invoke WITNESS_WARN() to allow Witness to generate warnings + * even if we don't end up ever triggering the wait at run-time. The + * consumer of the exclusive interface must not hold any locks (other than + * potentially Giant) since we may sleep for long (potentially indefinite) + * periods of time waiting for the framework to become quiescent so that a + * policy list change may be made. */ void mac_policy_grab_exclusive(void) @@ -296,9 +317,9 @@ } /* - * For the purposes of modules that want to know if they were loaded - * "early", set the mac_late flag once we've processed modules either - * linked into the kernel, or loaded before the kernel startup. + * For the purposes of modules that want to know if they were loaded "early", + * set the mac_late flag once we've processed modules either linked into the + * kernel, or loaded before the kernel startup. */ static void mac_late_init(void) @@ -310,8 +331,8 @@ /* * After the policy list has changed, walk the list to update any global * flags. Currently, we support only one flag, and it's conditionally - * defined; as a result, the entire function is conditional. Eventually, - * the #else case might also iterate across the policies. + * defined; as a result, the entire function is conditional. Eventually, the + * #else case might also iterate across the policies. */ static void mac_policy_updateflags(void) @@ -390,16 +411,16 @@ error = 0; /* - * We don't technically need exclusive access while !mac_late, - * but hold it for assertion consistency. + * We don't technically need exclusive access while !mac_late, but + * hold it for assertion consistency. */ mac_policy_grab_exclusive(); /* - * If the module can potentially be unloaded, or we're loading - * late, we have to stick it in the non-static list and pay - * an extra performance overhead. Otherwise, we can pay a - * light locking cost and stick it in the static list. + * If the module can potentially be unloaded, or we're loading late, + * we have to stick it in the non-static list and pay an extra + * performance overhead. Otherwise, we can pay a light locking cost + * and stick it in the static list. */ static_entry = (!mac_late && !(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK)); @@ -432,18 +453,23 @@ mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED; /* - * If we're loading a MAC module after the framework has - * initialized, it has to go into the dynamic list. If - * we're loading it before we've finished initializing, - * it can go into the static list with weaker locker - * requirements. + * If we're loading a MAC module after the framework has initialized, + * it has to go into the dynamic list. If we're loading it before + * we've finished initializing, it can go into the static list with + * weaker locker requirements. */ if (static_entry) LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list); else LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list); - /* Per-policy initialization. */ + /* + * Per-policy initialization. Currently, this takes place under the + * exclusive lock, so policies must not sleep in their init method. + * In the future, we may want to separate "init" from "start", with + * "init" occuring without the lock held. Likewise, on tear-down, + * breaking out "stop" from "destroy". + */ if (mpc->mpc_ops->mpo_init != NULL) (*(mpc->mpc_ops->mpo_init))(mpc); mac_policy_updateflags(); @@ -461,9 +487,8 @@ { /* - * If we fail the load, we may get a request to unload. Check - * to see if we did the run-time registration, and if not, - * silently succeed. + * If we fail the load, we may get a request to unload. Check to see + * if we did the run-time registration, and if not, silently succeed. */ mac_policy_grab_exclusive(); if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) { @@ -480,8 +505,8 @@ } #endif /* - * Only allow the unload to proceed if the module is unloadable - * by its own definition. + * Only allow the unload to proceed if the module is unloadable by + * its own definition. */ if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) { mac_policy_release_exclusive(); @@ -710,8 +735,8 @@ p->p_ucred = newcred; /* - * Grab additional reference for use while revoking mmaps, prior - * to releasing the proc lock and sharing the cred. + * Grab additional reference for use while revoking mmaps, prior to + * releasing the proc lock and sharing the cred. */ crhold(newcred); PROC_UNLOCK(p); ==== //depot/projects/linuxolator/src/sys/security/mac/mac_framework.h#6 (text+ko) ==== @@ -35,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.76 2006/12/13 06:00:56 csjp Exp $ + * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.77 2006/12/20 20:43:19 rwatson Exp $ */ /* @@ -89,7 +89,6 @@ /* * Kernel functions to manage and evaluate labels. */ - void mac_init_bpfdesc(struct bpf_d *); void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); @@ -135,8 +134,8 @@ void mac_vnode_label_free(struct label *label); /* - * Labeling event operations: file system objects, and things that - * look a lot like file system objects. + * Labeling event operations: file system objects, and things that look a lot + * like file system objects. */ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp); @@ -186,7 +185,6 @@ */ void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); - /* * Labeling event operations: network objects. */ @@ -208,12 +206,12 @@ void mac_reflect_mbuf_tcp(struct mbuf *m); void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); - void mac_create_mbuf_from_firewall(struct mbuf *m); void mac_destroy_syncache(struct label **label); int mac_init_syncache(struct label **label); void mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp); void mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m); + /* * Labeling event operations: processes. */ @@ -230,20 +228,24 @@ void mac_thread_userret(struct thread *td); /* - * Label cleanup operation: This is the inverse complement for the - * mac_create and associate type of hooks. This hook lets the policy - * module(s) perform a cleanup/flushing operation on the label - * associated with the objects, without freeing up the space allocated. - * This hook is useful in cases where it is desirable to remove any - * labeling reference when recycling any object to a pool. This hook - * does not replace the mac_destroy hooks. + * Label cleanup operation: This is the inverse complement for the mac_create + * and associate type of hooks. This hook lets the policy module(s) perform a + * cleanup/flushing operation on the label associated with the objects, + * without freeing up the space allocated. This hook is useful in cases + * where it is desirable to remove any labeling reference when recycling any + * object to a pool. This hook does not replace the mac_destroy hooks. + * + * XXXRW: These object methods are inconsistent with the life cycles of other + * objects, and likely should be revised to be more consistent. */ void mac_cleanup_sysv_msgmsg(struct msg *msgptr); void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); void mac_cleanup_sysv_sem(struct semid_kernel *semakptr); void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); -/* Access control checks. */ +/* + * Access control checks. + */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); @@ -415,8 +417,8 @@ int mac_priv_grant(struct ucred *cred, int priv); /* - * Calls to help various file systems implement labeling functionality - * using their existing EA implementation. + * Calls to help various file systems implement labeling functionality using + * their existing EA implementation. */ int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); ==== //depot/projects/linuxolator/src/sys/security/mac/mac_net.c#5 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/security/mac/mac_net.c,v 1.120 2006/11/06 13:42:07 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/security/mac/mac_net.c,v 1.121 2006/12/20 20:40:29 rwatson Exp $"); #include "opt_mac.h" @@ -426,8 +426,8 @@ MAC_IFNET_LOCK(ifnet); mac_copy_ifnet_label(ifnet->if_label, intlabel); MAC_IFNET_UNLOCK(ifnet); - error = mac_externalize_ifnet_label(ifnet->if_label, elements, - buffer, mac.m_buflen); + error = mac_externalize_ifnet_label(intlabel, elements, buffer, + mac.m_buflen); mac_ifnet_label_free(intlabel); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); ==== //depot/projects/linuxolator/src/sys/sun4v/include/pcpu.h#6 (text+ko) ==== @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * from: FreeBSD: src/sys/i386/include/globaldata.h,v 1.27 2001/04/27 - * $FreeBSD: src/sys/sun4v/include/pcpu.h,v 1.5 2006/12/17 02:04:18 kmacy Exp $ + * $FreeBSD: src/sys/sun4v/include/pcpu.h,v 1.6 2006/12/20 20:18:07 kmacy Exp $ */ #ifndef _MACHINE_PCPU_H_ @@ -74,7 +74,7 @@ u_int pc_kwbuf_full; \ struct rwindow pc_tsbwbuf[2]; \ uint16_t pc_cpulist[MAXCPU]; \ - uint64_t pad[11]; + uint64_t pad[10]; /* XXX SUN4V_FIXME - as we access the *_ra and *_size fields in quick * succession we _really_ want them to be L1 cache line size aligned