From owner-cvs-src-old@FreeBSD.ORG Tue Jun 2 18:26:38 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C66F21065785 for ; Tue, 2 Jun 2009 18:26:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 954EC8FC08 for ; Tue, 2 Jun 2009 18:26:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n52IQch8085892 for ; Tue, 2 Jun 2009 18:26:38 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n52IQc6D085891 for cvs-src-old@freebsd.org; Tue, 2 Jun 2009 18:26:38 GMT (envelope-from rwatson@repoman.freebsd.org) Message-Id: <200906021826.n52IQc6D085891@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to rwatson@repoman.freebsd.org using -f From: Robert Watson Date: Tue, 2 Jun 2009 18:26:17 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/kern kern_prot.c sys_socket.c uipc_socket.c uipc_syscalls.c uipc_usrreq.c src/sys/netatalk ddp_input.c src/sys/netinet ip_divert.c tcp_input.c tcp_syncache.c src/sys/rpc svc_vc.c src/sys/security/mac mac_framework.c mac_internal.h ... X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2009 18:26:39 -0000 rwatson 2009-06-02 18:26:17 UTC FreeBSD src repository Modified files: sys/kern kern_prot.c sys_socket.c uipc_socket.c uipc_syscalls.c uipc_usrreq.c sys/netatalk ddp_input.c sys/netinet ip_divert.c tcp_input.c tcp_syncache.c sys/rpc svc_vc.c sys/security/mac mac_framework.c mac_internal.h mac_socket.c Log: SVN rev 193332 on 2009-06-02 18:26:17Z by rwatson Add internal 'mac_policy_count' counter to the MAC Framework, which is a count of the number of registered policies. Rather than unconditionally locking sockets before passing them into MAC, lock them in the MAC entry points only if mac_policy_count is non-zero. This avoids locking overhead for a number of socket system calls when no policies are registered, eliminating measurable overhead for the MAC Framework for the socket subsystem when there are no active policies. Possibly socket locks should be acquired by policies if they are required for socket labels, which would further avoid locking overhead when there are policies but they don't require labeling of sockets, or possibly don't even implement socket controls. Obtained from: TrustedBSD Project Revision Changes Path 1.220 +0 -2 src/sys/kern/kern_prot.c 1.79 +0 -8 src/sys/kern/sys_socket.c 1.332 +0 -2 src/sys/kern/uipc_socket.c 1.279 +12 -36 src/sys/kern/uipc_syscalls.c 1.229 +0 -2 src/sys/kern/uipc_usrreq.c 1.34 +1 -5 src/sys/netatalk/ddp_input.c 1.149 +0 -2 src/sys/netinet/ip_divert.c 1.402 +0 -2 src/sys/netinet/tcp_input.c 1.169 +0 -2 src/sys/netinet/tcp_syncache.c 1.6 +0 -2 src/sys/rpc/svc_vc.c 1.146 +11 -5 src/sys/security/mac/mac_framework.c 1.131 +1 -0 src/sys/security/mac/mac_internal.h 1.17 +58 -17 src/sys/security/mac/mac_socket.c