From owner-p4-projects@FreeBSD.ORG Wed Nov 5 21:59:38 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 761C916A4D0; Wed, 5 Nov 2003 21:59:38 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32A5C16A4CE for ; Wed, 5 Nov 2003 21:59:38 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83CD943FB1 for ; Wed, 5 Nov 2003 21:59:37 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA65xbXJ093223 for ; Wed, 5 Nov 2003 21:59:37 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA65xbn2093220 for perforce@freebsd.org; Wed, 5 Nov 2003 21:59:37 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 5 Nov 2003 21:59:37 -0800 (PST) Message-Id: <200311060559.hA65xbn2093220@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 41568 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 05:59:38 -0000 http://perforce.freebsd.org/chv.cgi?CH=41568 Change 41568 by rwatson@rwatson_paprika on 2003/11/05 21:59:19 Add mac_label.c, which encapsulates a UMA zone for MAC label allocation. Currently, MAC labels observably increase the size of some important data structures even when MAC is disabled, which is undesirable. Also, this means that the size of a MAC label is a compile-time constant. By moving towards run-time allocation of MAC label storage, we can reduce the non-MAC overhead, make MAC label size a boot-time constant, as well as reap some of the benefits of a slab allocator (over time). This commit does not hook up the zone allocated MAC labels to any object types. Affected files ... .. //depot/projects/trustedbsd/mac/sys/conf/files#96 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#422 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_internal.h#11 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/conf/files#96 (text+ko) ==== @@ -1596,6 +1596,7 @@ posix4/p1003_1b.c standard posix4/posix4_mib.c standard kern/uipc_sem.c optional p1003_1b_semaphores +security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac security/mac/mac_pipe.c optional mac security/mac/mac_posix_sem.c optional mac ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#422 (text+ko) ==== @@ -270,6 +270,7 @@ LIST_INIT(&mac_static_policy_list); LIST_INIT(&mac_policy_list); + mac_labelzone_init(); #ifndef MAC_STATIC mtx_init(&mac_policy_mtx, "mac_policy_mtx", NULL, MTX_DEF); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_internal.h#11 (text+ko) ==== @@ -89,6 +89,10 @@ int mac_policy_list_conditional_busy(void); void mac_policy_list_unbusy(void); +struct label *mac_labelzone_alloc(int flags); +void mac_labelzone_free(struct label *label); +void mac_labelzone_init(void); + void mac_init_label(struct label *label); void mac_destroy_label(struct label *label); int mac_check_structmac_consistent(struct mac *mac);