From owner-p4-projects@FreeBSD.ORG Thu Feb 7 14:14:06 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 77C5016A419; Thu, 7 Feb 2008 14:14:06 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D04116A475 for ; Thu, 7 Feb 2008 14:14:06 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 2144E13C4EE for ; Thu, 7 Feb 2008 14:14:06 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m17EE6u8075341 for ; Thu, 7 Feb 2008 14:14:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m17EE5St075336 for perforce@freebsd.org; Thu, 7 Feb 2008 14:14:05 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 7 Feb 2008 14:14:05 GMT Message-Id: <200802071414.m17EE5St075336@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 134985 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2008 14:14:06 -0000 http://perforce.freebsd.org/chv.cgi?CH=134985 Change 134985 by rwatson@rwatson_freebsd_capabilities on 2008/02/07 14:13:06 Use a pool mutex for each non-capability file rather than a global mutex. Maintain a count of capabilities associated with each non-capability file that can be used to avoid walking the list of capabilities on the file. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#7 (text+ko) ==== @@ -1393,6 +1393,7 @@ fp->f_data = NULL; fp->f_vnode = NULL; LIST_INIT(&fp->f_caps); + fp->f_capcount = 0; FILEDESC_XLOCK(p->p_fd); if ((error = fdalloc(td, 0, &i))) { FILEDESC_XUNLOCK(p->p_fd); @@ -2219,6 +2220,8 @@ crfree(fp->f_cred); if (!LIST_EMPTY(&fp->f_caps)) panic("_fdrop: f_caps not empty"); + if (fp->f_capcount != 0) + panic("_fdrop: f_capcount != 0"); uma_zfree(file_zone, fp); return (error); ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 (text+ko) ==== @@ -41,7 +41,7 @@ */ #include -__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#14 $"); +__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#15 $"); #include #include @@ -62,8 +62,8 @@ * file f_data field. cap_file and cap_rightss are static once hooked up, as * neither the object it references nor the rights it encapsulates are * permitted to change. cap_filelist may change when other capabilites are - * added or removed from the same file, and is currently protected by - * cap_file_mtx. + * added or removed from the same file, and is currently protected by the + * pool mutex for the object file descriptor. */ struct capability { struct file *cap_object; /* Underlying object's file. */ @@ -100,14 +100,6 @@ static uma_zone_t capability_zone; -/* - * XXXRW: Each file descriptor contains a list of capabilities pointing at it - * so that we the UNIX domain socket GC routine can calculate whether there - * are external references. Ideally we'd use a per-file lock, but right now - * we don't have one, so use a global mutex for now. - */ -static struct mtx cap_file_mtx; - static void capability_init(void *dummy __unused) { @@ -117,7 +109,6 @@ 0); if (capability_zone == NULL) panic("capability_init: capability_zone not initialized"); - mtx_init(&cap_file_mtx, "cap_file_mtx", NULL, MTX_DEF); } SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_ANY, capability_init, NULL); @@ -261,9 +252,10 @@ * Add this capability to the per-file list of referencing * capabilities. */ - mtx_lock(&cap_file_mtx); + mtx_pool_lock(mtxpool_sleep, fp_object); LIST_INSERT_HEAD(&fp_object->f_caps, c, cap_filelist); - mtx_unlock(&cap_file_mtx); + fp_object->f_capcount++; + mtx_pool_unlock(mtxpool_sleep, fp_object); td->td_retval[0] = fd_cap; fdrop(fp, td); fdrop(fp_cap, td); @@ -313,9 +305,10 @@ fp->f_ops = &badfileops; fp->f_data = NULL; fp_object = c->cap_object; - mtx_lock(&cap_file_mtx); + mtx_pool_lock(mtxpool_sleep, fp_object); LIST_REMOVE(c, cap_filelist); - mtx_unlock(&cap_file_mtx); + fp_object->f_capcount--; + mtx_pool_unlock(mtxpool_sleep, fp_object); uma_zfree(capability_zone, c); return (fdrop(fp_object, td)); } ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#6 (text+ko) ==== @@ -130,7 +130,8 @@ * Mandatory Access control information. */ void *f_label; /* Place-holder for MAC label. */ - LIST_HEAD(, capability) f_caps; /* List of capabilities for file. */ + LIST_HEAD(, capability) f_caps; /* (f) List of capabilities for file. */ + u_int f_capcount; /* (f) Number of capabilities. */ }; #define FOFFSET_LOCKED 0x1