Date: Wed, 27 May 2009 09:41:59 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r192881 - head/sys/security/mac Message-ID: <200905270941.n4R9fxso090068@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Wed May 27 09:41:58 2009 New Revision: 192881 URL: http://svn.freebsd.org/changeset/base/192881 Log: Convert the MAC Framework from using rwlocks to rmlocks to stabilize framework registration for non-sleepable entry points. Obtained from: TrustedBSD Project Modified: head/sys/security/mac/mac_framework.c head/sys/security/mac/mac_internal.h Modified: head/sys/security/mac/mac_framework.c ============================================================================== --- head/sys/security/mac/mac_framework.c Wed May 27 09:31:50 2009 (r192880) +++ head/sys/security/mac/mac_framework.c Wed May 27 09:41:58 2009 (r192881) @@ -78,7 +78,7 @@ __FBSDID("$FreeBSD$"); #include <sys/lock.h> #include <sys/mac.h> #include <sys/module.h> -#include <sys/rwlock.h> +#include <sys/rmlock.h> #include <sys/sdt.h> #include <sys/sx.h> #include <sys/systm.h> @@ -165,7 +165,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC * * The dynamic policy list is protected by two locks: modifying the list * requires both locks to be held exclusively. One of the locks, - * mac_policy_rw, is acquired over policy entry points that will never sleep; + * mac_policy_rm, is acquired over policy entry points that will never sleep; * the other, mac_policy_sx, is acquire over policy entry points that may * sleep. The former category will be used when kernel locks may be held * over calls to the MAC Framework, during network processing in ithreads, @@ -173,7 +173,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC * allocations, extended attribute I/O, etc. */ #ifndef MAC_STATIC -static struct rwlock mac_policy_rw; /* Non-sleeping entry points. */ +static struct rmlock mac_policy_rm; /* Non-sleeping entry points. */ static struct sx mac_policy_sx; /* Sleeping entry points. */ #endif @@ -185,14 +185,14 @@ static void mac_policy_xlock_assert(void static void mac_policy_xunlock(void); void -mac_policy_slock_nosleep(void) +mac_policy_slock_nosleep(struct rm_priotracker *tracker) { #ifndef MAC_STATIC if (!mac_late) return; - rw_rlock(&mac_policy_rw); + rm_rlock(&mac_policy_rm, tracker); #endif } @@ -212,14 +212,14 @@ mac_policy_slock_sleep(void) } void -mac_policy_sunlock_nosleep(void) +mac_policy_sunlock_nosleep(struct rm_priotracker *tracker) { #ifndef MAC_STATIC if (!mac_late) return; - rw_runlock(&mac_policy_rw); + rm_runlock(&mac_policy_rm, tracker); #endif } @@ -247,7 +247,7 @@ mac_policy_xlock(void) return; sx_xlock(&mac_policy_sx); - rw_wlock(&mac_policy_rw); + rm_wlock(&mac_policy_rm); #endif } @@ -259,7 +259,7 @@ mac_policy_xunlock(void) if (!mac_late) return; - rw_wunlock(&mac_policy_rw); + rm_wunlock(&mac_policy_rm); sx_xunlock(&mac_policy_sx); #endif } @@ -272,7 +272,7 @@ mac_policy_xlock_assert(void) if (!mac_late) return; - rw_assert(&mac_policy_rw, RA_WLOCKED); + /* XXXRW: rm_assert(&mac_policy_rm, RA_WLOCKED); */ sx_assert(&mac_policy_sx, SA_XLOCKED); #endif } @@ -289,7 +289,7 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rw_init(&mac_policy_rw, "mac_policy_rw"); + rm_init(&mac_policy_rm, "mac_policy_rm", 0); sx_init(&mac_policy_sx, "mac_policy_sx"); #endif } Modified: head/sys/security/mac/mac_internal.h ============================================================================== --- head/sys/security/mac/mac_internal.h Wed May 27 09:31:50 2009 (r192880) +++ head/sys/security/mac/mac_internal.h Wed May 27 09:41:58 2009 (r192881) @@ -55,6 +55,9 @@ #error "no user-serviceable parts inside" #endif +#include <sys/lock.h> +#include <sys/rmlock.h> + /* * MAC Framework sysctl namespace. */ @@ -194,9 +197,9 @@ extern struct mtx mac_ifnet_mtx; */ int mac_error_select(int error1, int error2); -void mac_policy_slock_nosleep(void); +void mac_policy_slock_nosleep(struct rm_priotracker *tracker); void mac_policy_slock_sleep(void); -void mac_policy_sunlock_nosleep(void); +void mac_policy_sunlock_nosleep(struct rm_priotracker *tracker); void mac_policy_sunlock_sleep(void); struct label *mac_labelzone_alloc(int flags); @@ -294,14 +297,16 @@ int vn_setlabel(struct vnode *vp, struct error); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) \ error = mac_error_select( \ mpc->mpc_ops->mpo_ ## check (args), \ error); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -323,7 +328,9 @@ int vn_setlabel(struct vnode *vp, struct } \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) { \ if (mpc->mpc_ops->mpo_ ## check (args) \ @@ -331,7 +338,7 @@ int vn_setlabel(struct vnode *vp, struct error = 0; \ } \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -371,14 +378,16 @@ int vn_setlabel(struct vnode *vp, struct mpc->mpc_ops->mpo_ ## operation (args); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## operation != NULL) \ result = result composition \ mpc->mpc_ops->mpo_ ## operation \ (args); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -492,12 +501,14 @@ int vn_setlabel(struct vnode *vp, struct mpc->mpc_ops->mpo_ ## operation (args); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## operation != NULL) \ mpc->mpc_ops->mpo_ ## operation (args); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905270941.n4R9fxso090068>