Date: Sat, 13 Jul 2002 15:51:52 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14200 for review Message-ID: <200207132251.g6DMpqgd070364@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14200 Change 14200 by rwatson@rwatson_paprika on 2002/07/13 15:51:43 Cache EA labels in the vnode so we don't keep hitting the EA and polluting the buffer cache. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#166 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#166 (text+ko) ==== @@ -128,6 +128,15 @@ SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, &mac_label_size, 0, "Pre-compiled MAC label size"); +static unsigned int mac_ea_cache_hits = 0; +SYSCTL_UINT(_security_mac, OID_AUTO, ea_cache_hits, CTLFLAG_RD, + &mac_ea_cache_hits, 0, + "How often cached label can be used for EA backing"); +static unsigned int mac_ea_cache_misses = 0; +SYSCTL_UINT(_security_mac, OID_AUTO, ea_cache_misses, CTLFLAG_RD, + &mac_ea_cache_misses, 0, + "How often cached label cannot be used for EA backing"); + static int error_select(int error1, int error2); static int mac_externalize(struct label *label, struct mac *mac); static int mac_policy_register(struct mac_policy_conf *mpc); @@ -902,6 +911,14 @@ struct mac extmac; int buflen, error; + ASSERT_VOP_LOCKED(vp, "vop_stdrefreshlabel_ea"); + + if (vp->v_flag & VCACHEDLABEL) { + mac_ea_cache_hits++; + return (0); + } else + mac_ea_cache_misses++; + buflen = sizeof(extmac); error = vn_extattr_get(vp, IO_NODELOCKED, FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, &buflen, @@ -913,7 +930,9 @@ case ENOATTR: /* - * Use the label from the mount point. + * Use the label from the mount point. Since we may want + * to let this label be updated, don't set the caching + * flag. */ mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; @@ -928,7 +947,9 @@ error = EPERM; /* Fail very closed. */ if (error == 0) error = mac_update_vnode_from_externalized(vp, &extmac); - if (error) { + if (error == 0) + vp->v_flag |= VCACHEDLABEL; + else { struct vattr va; printf("Corrupted label on %s", @@ -952,7 +973,10 @@ * Make sure the vnode label is up-to-date. If EOPNOTSUPP, then we handle * the labeling activity outselves. Filesystems should be careful not * to change their minds regarding whether they support vop_refreshlabel() - * for a vnode or not. + * for a vnode or not. Don't cache the vnode here, allow the file + * system code to determine if it's safe to cache. If we update from + * the mount, don't cache since a change to the mount label should affect + * all vnodes. */ static int vn_refreshlabel(struct vnode *vp, struct ucred *cred) @@ -1002,7 +1026,8 @@ * Helper function for file systems using the vop_std*_ea() calls. This * function must be called after EA service is available for the vnode, * but before it's hooked up to the namespace so that the node persists - * if there's a crash, or before it can be accessed. + * if there's a crash, or before it can be accessed. On successful + * commit of the label to disk (etc), do cache the label. */ int mac_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, struct ucred *cred) @@ -1032,7 +1057,9 @@ error = vn_extattr_set(tvp, IO_NODELOCKED, FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, sizeof(extmac), (char *)&extmac, curthread); - if (error) { + if (error == 0) + tvp->v_flag |= VCACHEDLABEL; + else { #if 0 /* * In theory, we could have fall-back behavior here. @@ -2284,6 +2311,8 @@ struct mac extmac; int error; + ASSERT_VOP_LOCKED(vp, "vop_stdsetlabel_ea"); + if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) return (EOPNOTSUPP); @@ -2299,6 +2328,8 @@ mac_relabel_vnode(ap->a_cred, vp, intlabel); + vp->v_flag |= VCACHEDLABEL; + return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207132251.g6DMpqgd070364>