From owner-p4-projects Wed Aug 14 13:50: 8 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CB0DC37B401; Wed, 14 Aug 2002 13:49:42 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B5C637B400 for ; Wed, 14 Aug 2002 13:49:42 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id F039243E4A for ; Wed, 14 Aug 2002 13:49:41 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7EKnfJU038512 for ; Wed, 14 Aug 2002 13:49:41 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7EKnf7N038508 for perforce@freebsd.org; Wed, 14 Aug 2002 13:49:41 -0700 (PDT) Date: Wed, 14 Aug 2002 13:49:41 -0700 (PDT) Message-Id: <200208142049.g7EKnf7N038508@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15977 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15977 Change 15977 by rwatson@rwatson_tislabs on 2002/08/14 13:48:59 Wrap the maintenance of nmac* object counters in options MAC_DEBUG, so that for performance purposes you can avoid the cost of two atomic operations per object instance (init, destroy). Default to MAC_DEBUG on in the shipped MAC kernel configuration. Affected files ... .. //depot/projects/trustedbsd/mac/sys/conf/NOTES#13 edit .. //depot/projects/trustedbsd/mac/sys/conf/options#23 edit .. //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#35 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#238 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/conf/NOTES#13 (text+ko) ==== @@ -729,6 +729,7 @@ # Support for Mandatory Access Control (MAC) options MAC +options MAC_DEBUG #options MAC_NONE # Statically link mac_none policy ==== //depot/projects/trustedbsd/mac/sys/conf/options#23 (text+ko) ==== @@ -125,6 +125,7 @@ # Support for Mandatory Access Control (MAC) MAC opt_mac.h +MAC_DEBUG opt_mac.h MAC_NONE opt_dontuse.h # Do we want the config file compiled into the kernel? ==== //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#35 (text+ko) ==== @@ -31,6 +31,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols options MAC +options MAC_DEBUG options UFS_ACL options UFS_EXTATTR options UFS_EXTATTR_AUTOSTART ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#238 (text+ko) ==== @@ -166,6 +166,7 @@ &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); +#ifdef MAC_DEBUG static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -191,6 +192,7 @@ &nmacvnodes, 0, "number of vnodes in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, devfsdirents, CTLFLAG_RD, &nmacdevfsdirents, 0, "number of devfs dirents inuse"); +#endif static int error_select(int error1, int error2); static int mac_externalize(struct label *label, struct mac *mac); @@ -1263,7 +1265,9 @@ /* "how" is one of M_(TRY|DONT)WAIT */ mac_init_label(&m->m_pkthdr.label); MAC_PERFORM(init_mbuf, m, how, &m->m_pkthdr.label); +#ifdef MAC_DEBUG atomic_add_int(&nmacmbufs, 1); +#endif return (0); } @@ -1273,7 +1277,9 @@ MAC_PERFORM(destroy_mbuf, m, &m->m_pkthdr.label); mac_destroy_label(&m->m_pkthdr.label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacmbufs, 1); +#endif } void @@ -1282,7 +1288,9 @@ mac_init_label(&cr->cr_label); MAC_PERFORM(init_cred, cr, &cr->cr_label); +#ifdef MAC_DEBUG atomic_add_int(&nmaccreds, 1); +#endif } void @@ -1291,7 +1299,9 @@ MAC_PERFORM(destroy_cred, cr, &cr->cr_label); mac_destroy_label(&cr->cr_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmaccreds, 1); +#endif } void @@ -1300,7 +1310,9 @@ mac_init_label(&ifp->if_label); MAC_PERFORM(init_ifnet, ifp, &ifp->if_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacifnets, 1); +#endif } void @@ -1309,7 +1321,9 @@ MAC_PERFORM(destroy_ifnet, ifp, &ifp->if_label); mac_destroy_label(&ifp->if_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacifnets, 1); +#endif } void @@ -1318,7 +1332,9 @@ mac_init_label(&ipq->ipq_label); MAC_PERFORM(init_ipq, ipq, &ipq->ipq_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacipqs, 1); +#endif } void @@ -1327,7 +1343,9 @@ MAC_PERFORM(destroy_ipq, ipq, &ipq->ipq_label); mac_destroy_label(&ipq->ipq_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacipqs, 1); +#endif } void @@ -1338,7 +1356,9 @@ mac_init_label(&socket->so_peerlabel); MAC_PERFORM(init_socket, socket, &socket->so_label, &socket->so_peerlabel); +#ifdef MAC_DEBUG atomic_add_int(&nmacsockets, 1); +#endif } void @@ -1349,7 +1369,9 @@ &socket->so_peerlabel); mac_destroy_label(&socket->so_label); mac_destroy_label(&socket->so_peerlabel); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacsockets, 1); +#endif } void @@ -1362,7 +1384,9 @@ pipe->pipe_label = label; pipe->pipe_peer->pipe_label = label; MAC_PERFORM(init_pipe, pipe, pipe->pipe_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacpipes, 1); +#endif } void @@ -1372,7 +1396,9 @@ MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label); mac_destroy_label(pipe->pipe_label); free(pipe->pipe_label, M_MACPIPELABEL); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacpipes, 1); +#endif } void @@ -1381,7 +1407,9 @@ mac_init_label(&bpf_d->bd_label); MAC_PERFORM(init_bpfdesc, bpf_d, &bpf_d->bd_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacbpfdescs, 1); +#endif } void @@ -1390,7 +1418,9 @@ MAC_PERFORM(destroy_bpfdesc, bpf_d, &bpf_d->bd_label); mac_destroy_label(&bpf_d->bd_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacbpfdescs, 1); +#endif } void @@ -1400,7 +1430,9 @@ mac_init_label(&mp->mnt_mntlabel); mac_init_label(&mp->mnt_fslabel); MAC_PERFORM(init_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); +#ifdef MAC_DEBUG atomic_add_int(&nmacmounts, 1); +#endif } void @@ -1410,7 +1442,9 @@ MAC_PERFORM(destroy_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); mac_destroy_label(&mp->mnt_fslabel); mac_destroy_label(&mp->mnt_mntlabel); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacmounts, 1); +#endif } static void @@ -1419,7 +1453,9 @@ mac_init_label(label); MAC_PERFORM(init_temp, label); +#ifdef MAC_DEBUG atomic_add_int(&nmactemp, 1); +#endif } static void @@ -1428,7 +1464,9 @@ MAC_PERFORM(destroy_temp, label); mac_destroy_label(label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmactemp, 1); +#endif } void @@ -1437,7 +1475,9 @@ mac_init_label(&vp->v_label); MAC_PERFORM(init_vnode, vp, &vp->v_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacvnodes, 1); +#endif } void @@ -1446,7 +1486,9 @@ MAC_PERFORM(destroy_vnode, vp, &vp->v_label); mac_destroy_label(&vp->v_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacvnodes, 1); +#endif } void @@ -1455,7 +1497,9 @@ mac_init_label(&de->de_label); MAC_PERFORM(init_devfsdirent, de, &de->de_label); +#ifdef MAC_DEBUG atomic_add_int(&nmacdevfsdirents, 1); +#endif } void @@ -1464,7 +1508,9 @@ MAC_PERFORM(destroy_devfsdirent, de, &de->de_label); mac_destroy_label(&de->de_label); +#ifdef MAC_DEBUG atomic_subtract_int(&nmacdevfsdirents, 1); +#endif } static int To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message