Date: Tue, 2 Jun 2009 18:26:17 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern kern_prot.c sys_socket.c uipc_socket.c uipc_syscalls.c uipc_usrreq.c src/sys/netatalk ddp_input.c src/sys/netinet ip_divert.c tcp_input.c tcp_syncache.c src/sys/rpc svc_vc.c src/sys/security/mac mac_framework.c mac_internal.h ... Message-ID: <200906021826.n52IQc6D085891@repoman.freebsd.org>
index | next in thread | raw e-mail
rwatson 2009-06-02 18:26:17 UTC
FreeBSD src repository
Modified files:
sys/kern kern_prot.c sys_socket.c uipc_socket.c
uipc_syscalls.c uipc_usrreq.c
sys/netatalk ddp_input.c
sys/netinet ip_divert.c tcp_input.c tcp_syncache.c
sys/rpc svc_vc.c
sys/security/mac mac_framework.c mac_internal.h
mac_socket.c
Log:
SVN rev 193332 on 2009-06-02 18:26:17Z by rwatson
Add internal 'mac_policy_count' counter to the MAC Framework, which is a
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Obtained from: TrustedBSD Project
Revision Changes Path
1.220 +0 -2 src/sys/kern/kern_prot.c
1.79 +0 -8 src/sys/kern/sys_socket.c
1.332 +0 -2 src/sys/kern/uipc_socket.c
1.279 +12 -36 src/sys/kern/uipc_syscalls.c
1.229 +0 -2 src/sys/kern/uipc_usrreq.c
1.34 +1 -5 src/sys/netatalk/ddp_input.c
1.149 +0 -2 src/sys/netinet/ip_divert.c
1.402 +0 -2 src/sys/netinet/tcp_input.c
1.169 +0 -2 src/sys/netinet/tcp_syncache.c
1.6 +0 -2 src/sys/rpc/svc_vc.c
1.146 +11 -5 src/sys/security/mac/mac_framework.c
1.131 +1 -0 src/sys/security/mac/mac_internal.h
1.17 +58 -17 src/sys/security/mac/mac_socket.c
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906021826.n52IQc6D085891>