From owner-p4-projects Thu Mar 28 9:11:54 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6E40C37B417; Thu, 28 Mar 2002 09:10:12 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 35A6D37B400 for ; Thu, 28 Mar 2002 09:09:43 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2SH9g038754 for perforce@freebsd.org; Thu, 28 Mar 2002 09:09:42 -0800 (PST) (envelope-from green@freebsd.org) Date: Thu, 28 Mar 2002 09:09:42 -0800 (PST) Message-Id: <200203281709.g2SH9g038754@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 8574 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8574 Change 8574 by green@green_laptop_2 on 2002/03/28 09:09:26 Turn struct vnode {}'s v_op field from a vop_t ** to a vop_t ***. Previously, it pointed to the actual vfs_init.c-generated operation vector being used. However, this vector could be redone at runtime via introduction of new vnode operations and removal of old ones; this would result in the old vnode operation vector being freed from underneath. This didn't show up before since the old kernel malloc(9) coincidentally kept the old vop_t ** in the vnodes valid. Jeff Roberson's UMA commit made this bug apparent due to differently-sized chunks of memory actually being likely to be allocated in different spots than previously allocated at even if the size was grown just by a few bytes. The new vop_t *** actually points to the operation vector pointer the kernel uses and modifies on-the-fly so that old vnodes, and new ones created with getnewvnode(), both call the correct operations. Getnewvnode()'s vop_t **vops argument changes to a vop_t *** to reflect this. Affected files ... ... //depot/projects/trustedbsd/mac/sys/coda/coda_vnops.c#5 edit ... //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#12 edit ... //depot/projects/trustedbsd/mac/sys/fs/fdescfs/fdesc_vnops.c#4 edit ... //depot/projects/trustedbsd/mac/sys/fs/hpfs/hpfs_vfsops.c#6 edit ... //depot/projects/trustedbsd/mac/sys/fs/msdosfs/msdosfs_denode.c#4 edit ... //depot/projects/trustedbsd/mac/sys/fs/ntfs/ntfs_vfsops.c#6 edit ... //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_subr.c#2 edit ... //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_vfsops.c#4 edit ... //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_vnops.c#3 edit ... //depot/projects/trustedbsd/mac/sys/fs/nwfs/nwfs_node.c#4 edit ... //depot/projects/trustedbsd/mac/sys/fs/portalfs/portal_vfsops.c#5 edit ... //depot/projects/trustedbsd/mac/sys/fs/portalfs/portal_vnops.c#6 edit ... //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vncache.c#5 edit ... //depot/projects/trustedbsd/mac/sys/fs/smbfs/smbfs_node.c#5 edit ... //depot/projects/trustedbsd/mac/sys/fs/umapfs/umap_subr.c#3 edit ... //depot/projects/trustedbsd/mac/sys/fs/umapfs/umap_vnops.c#3 edit ... //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_subr.c#6 edit ... //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_vfsops.c#5 edit ... //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_vnops.c#4 edit ... //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vfsops.c#5 edit ... //depot/projects/trustedbsd/mac/sys/isofs/cd9660/cd9660_vfsops.c#5 edit ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#122 edit ... //depot/projects/trustedbsd/mac/sys/kern/vfs_subr.c#20 edit ... //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_node.c#4 edit ... //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_subs.c#5 edit ... //depot/projects/trustedbsd/mac/sys/security/lomac/lomacfs.h#3 edit ... //depot/projects/trustedbsd/mac/sys/security/lomac/lomacfs_subr.c#3 edit ... //depot/projects/trustedbsd/mac/sys/sys/vnode.h#19 edit ... //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_vfsops.c#9 edit ... //depot/projects/trustedbsd/mac/sys/ufs/ifs/ifs_vfsops.c#4 edit ... //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#30 edit ... //depot/projects/trustedbsd/mac/sys/vm/vm_swap.c#5 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/coda/coda_vnops.c#5 (text+ko) ==== @@ -578,7 +578,7 @@ * Make sure this is a coda style cnode, but it may be a * different vfsp */ - if (tvp->v_op != coda_vnodeop_p) { + if (tvp->v_op != &coda_vnodeop_p) { vrele(tvp); NDFREE(&ndp, NDF_ONLY_PNBUF); MARK_INT_FAIL(CODA_IOCTL_STATS); @@ -1959,7 +1959,7 @@ lockinit(&cp->c_lock, PINOD, "cnode", 0, 0); cp->c_fid = *fid; - err = getnewvnode(VT_CODA, vfsp, coda_vnodeop_p, &vp); + err = getnewvnode(VT_CODA, vfsp, &coda_vnodeop_p, &vp); if (err) { panic("coda: getnewvnode returned error %d\n", err); } ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#12 (text+ko) ==== @@ -143,7 +143,7 @@ } else { dev = NODEV; } - error = getnewvnode(VT_DEVFS, mp, devfs_vnodeop_p, &vp); + error = getnewvnode(VT_DEVFS, mp, &devfs_vnodeop_p, &vp); if (error != 0) { printf("devfs_allocv: failed to allocate new vnode\n"); return (error); @@ -152,7 +152,7 @@ if (de->de_dirent->d_type == DT_CHR) { vp->v_type = VCHR; vp = addaliasu(vp, dev->si_udev); - vp->v_op = devfs_specop_p; + vp->v_op = &devfs_specop_p; } else if (de->de_dirent->d_type == DT_DIR) { vp->v_type = VDIR; } else if (de->de_dirent->d_type == DT_LNK) { ==== //depot/projects/trustedbsd/mac/sys/fs/fdescfs/fdesc_vnops.c#4 (text+ko) ==== @@ -135,7 +135,7 @@ */ MALLOC(fd, struct fdescnode *, sizeof(struct fdescnode), M_TEMP, M_WAITOK); - error = getnewvnode(VT_FDESC, mp, fdesc_vnodeop_p, vpp); + error = getnewvnode(VT_FDESC, mp, &fdesc_vnodeop_p, vpp); if (error) { FREE(fd, M_TEMP); goto out; ==== //depot/projects/trustedbsd/mac/sys/fs/hpfs/hpfs_vfsops.c#6 (text+ko) ==== @@ -496,7 +496,7 @@ MALLOC(hp, struct hpfsnode *, sizeof(struct hpfsnode), M_HPFSNO, M_WAITOK); - error = getnewvnode(VT_HPFS, hpmp->hpm_mp, hpfs_vnodeop_p, &vp); + error = getnewvnode(VT_HPFS, hpmp->hpm_mp, &hpfs_vnodeop_p, &vp); if (error) { printf("hpfs_vget: can't get new vnode\n"); FREE(hp, M_HPFSNO); ==== //depot/projects/trustedbsd/mac/sys/fs/msdosfs/msdosfs_denode.c#4 (text+ko) ==== @@ -253,7 +253,7 @@ * copy it from the passed disk buffer. */ /* getnewvnode() does a VREF() on the vnode */ - error = getnewvnode(VT_MSDOSFS, mntp, msdosfs_vnodeop_p, &nvp); + error = getnewvnode(VT_MSDOSFS, mntp, &msdosfs_vnodeop_p, &nvp); if (error) { *depp = NULL; FREE(ldep, M_MSDOSFSNODE); ==== //depot/projects/trustedbsd/mac/sys/fs/ntfs/ntfs_vfsops.c#6 (text+ko) ==== @@ -732,7 +732,7 @@ return (0); } - error = getnewvnode(VT_NTFS, ntmp->ntm_mountp, ntfs_vnodeop_p, &vp); + error = getnewvnode(VT_NTFS, ntmp->ntm_mountp, &ntfs_vnodeop_p, &vp); if(error) { ntfs_frele(fp); ntfs_ntput(ip); ==== //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_subr.c#2 (text+ko) ==== @@ -176,7 +176,7 @@ MALLOC(xp, struct null_node *, sizeof(struct null_node), M_NULLFSNODE, M_WAITOK); - error = getnewvnode(VT_NULL, mp, null_vnodeop_p, vpp); + error = getnewvnode(VT_NULL, mp, &null_vnodeop_p, vpp); if (error) { FREE(xp, M_NULLFSNODE); return (error); @@ -307,7 +307,7 @@ * Can't do this check because vop_reclaim runs * with a funny vop vector. */ - if (vp->v_op != null_vnodeop_p) { + if (vp->v_op != &null_vnodeop_p) { printf ("null_checkvp: on non-null-node\n"); while (null_checkvp_barrier) /*WAIT*/ ; panic("null_checkvp"); ==== //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_vfsops.c#4 (text+ko) ==== @@ -121,7 +121,7 @@ * Unlock lower node to avoid deadlock. * (XXX) VOP_ISLOCKED is needed? */ - if ((mp->mnt_vnodecovered->v_op == null_vnodeop_p) && + if ((mp->mnt_vnodecovered->v_op == &null_vnodeop_p) && VOP_ISLOCKED(mp->mnt_vnodecovered, NULL)) { VOP_UNLOCK(mp->mnt_vnodecovered, 0, td); isvnunlocked = 1; ==== //depot/projects/trustedbsd/mac/sys/fs/nullfs/null_vnops.c#3 (text+ko) ==== @@ -280,7 +280,7 @@ * that aren't. (We must always map first vp or vclean fails.) */ if (i && (*this_vp_p == NULLVP || - (*this_vp_p)->v_op != null_vnodeop_p)) { + (*this_vp_p)->v_op != &null_vnodeop_p)) { old_vps[i] = NULLVP; } else { old_vps[i] = *this_vp_p; ==== //depot/projects/trustedbsd/mac/sys/fs/nwfs/nwfs_node.c#4 (text+ko) ==== @@ -170,7 +170,7 @@ * elsewhere if MALLOC should block. */ MALLOC(np, struct nwnode *, sizeof *np, M_NWNODE, M_WAITOK | M_ZERO); - error = getnewvnode(VT_NWFS, mp, nwfs_vnodeop_p, &vp); + error = getnewvnode(VT_NWFS, mp, &nwfs_vnodeop_p, &vp); if (error) { *vpp = NULL; FREE(np, M_NWNODE); ==== //depot/projects/trustedbsd/mac/sys/fs/portalfs/portal_vfsops.c#5 (text+ko) ==== @@ -118,7 +118,7 @@ MALLOC(fmp, struct portalmount *, sizeof(struct portalmount), M_PORTALFSMNT, M_WAITOK); /* XXX */ - error = getnewvnode(VT_PORTAL, mp, portal_vnodeop_p, &rvp); /* XXX */ + error = getnewvnode(VT_PORTAL, mp, &portal_vnodeop_p, &rvp); /* XXX */ if (error) { FREE(fmp, M_PORTALFSMNT); FREE(pn, M_TEMP); ==== //depot/projects/trustedbsd/mac/sys/fs/portalfs/portal_vnops.c#6 (text+ko) ==== @@ -135,7 +135,7 @@ MALLOC(pt, struct portalnode *, sizeof(struct portalnode), M_TEMP, M_WAITOK); - error = getnewvnode(VT_PORTAL, dvp->v_mount, portal_vnodeop_p, &fvp); + error = getnewvnode(VT_PORTAL, dvp->v_mount, &portal_vnodeop_p, &fvp); if (error) { FREE(pt, M_TEMP); goto bad; ==== //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vncache.c#5 (text+ko) ==== @@ -132,7 +132,7 @@ MALLOC(pvd, struct pfs_vdata *, sizeof *pvd, M_PFSVNCACHE, M_WAITOK); if (++pfs_vncache_entries > pfs_vncache_maxentries) pfs_vncache_maxentries = pfs_vncache_entries; - error = getnewvnode(VT_PSEUDOFS, mp, pfs_vnodeop_p, vpp); + error = getnewvnode(VT_PSEUDOFS, mp, &pfs_vnodeop_p, vpp); if (error) return (error); pvd->pvd_pn = pn; ==== //depot/projects/trustedbsd/mac/sys/fs/smbfs/smbfs_node.c#5 (text+ko) ==== @@ -220,7 +220,7 @@ return ENOENT; MALLOC(np, struct smbnode *, sizeof *np, M_SMBNODE, M_WAITOK); - error = getnewvnode(VT_SMBFS, mp, smbfs_vnodeop_p, &vp); + error = getnewvnode(VT_SMBFS, mp, &smbfs_vnodeop_p, &vp); if (error) { FREE(np, M_SMBNODE); return error; ==== //depot/projects/trustedbsd/mac/sys/fs/umapfs/umap_subr.c#3 (text+ko) ==== @@ -212,7 +212,7 @@ MALLOC(xp, struct umap_node *, sizeof(struct umap_node), M_TEMP, M_WAITOK); - error = getnewvnode(VT_UMAP, mp, umap_vnodeop_p, vpp); + error = getnewvnode(VT_UMAP, mp, &umap_vnodeop_p, vpp); if (error) { FREE(xp, M_TEMP); return (error); @@ -311,7 +311,7 @@ * Can't do this check because vop_reclaim runs * with funny vop vector. */ - if (vp->v_op != umap_vnodeop_p) { + if (vp->v_op != &umap_vnodeop_p) { printf ("umap_checkvp: on non-umap-node\n"); while (umap_checkvp_barrier) /*WAIT*/ ; panic("umap_checkvp"); ==== //depot/projects/trustedbsd/mac/sys/fs/umapfs/umap_vnops.c#3 (text+ko) ==== @@ -125,7 +125,7 @@ * that aren't. (Must map first vp or vclean fails.) */ - if (i && (*this_vp_p)->v_op != umap_vnodeop_p) { + if (i && (*this_vp_p)->v_op != &umap_vnodeop_p) { old_vps[i] = NULL; } else { old_vps[i] = *this_vp_p; ==== //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_subr.c#6 (text+ko) ==== @@ -545,7 +545,7 @@ * Create new node rather then replace old node */ - error = getnewvnode(VT_UNION, mp, union_vnodeop_p, vpp); + error = getnewvnode(VT_UNION, mp, &union_vnodeop_p, vpp); if (error) { /* * If an error occurs clear out vnodes. @@ -1216,7 +1216,7 @@ { struct union_node *un; - if (vp->v_op != union_vnodeop_p) { + if (vp->v_op != &union_vnodeop_p) { if (vppp) { VREF(vp); *(*vppp)++ = vp; @@ -1299,7 +1299,7 @@ { int error = 0; - if ((*vp)->v_op == union_vnodeop_p) { + if ((*vp)->v_op == &union_vnodeop_p) { struct vnode *lvp; lvp = union_dircache(*vp, td); ==== //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_vfsops.c#5 (text+ko) ==== @@ -126,7 +126,7 @@ /* * Unlock lower node to avoid deadlock. */ - if (lowerrootvp->v_op == union_vnodeop_p) + if (lowerrootvp->v_op == &union_vnodeop_p) VOP_UNLOCK(lowerrootvp, 0, td); #endif @@ -140,7 +140,7 @@ error = namei(ndp); #if 0 - if (lowerrootvp->v_op == union_vnodeop_p) + if (lowerrootvp->v_op == &union_vnodeop_p) vn_lock(lowerrootvp, LK_EXCLUSIVE | LK_RETRY, td); #endif if (error) ==== //depot/projects/trustedbsd/mac/sys/fs/unionfs/union_vnops.c#4 (text+ko) ==== @@ -1319,7 +1319,7 @@ * replace the fdvp, release the original one and ref the new one. */ - if (fdvp->v_op == union_vnodeop_p) { /* always true */ + if (fdvp->v_op == &union_vnodeop_p) { /* always true */ struct union_node *un = VTOUNION(fdvp); if (un->un_uppervp == NULLVP) { /* @@ -1341,7 +1341,7 @@ * replace the fvp, release the original one and ref the new one. */ - if (fvp->v_op == union_vnodeop_p) { /* always true */ + if (fvp->v_op == &union_vnodeop_p) { /* always true */ struct union_node *un = VTOUNION(fvp); #if 0 struct union_mount *um = MOUNTTOUNIONMOUNT(fvp->v_mount); @@ -1399,7 +1399,7 @@ * reference. */ - if (tdvp->v_op == union_vnodeop_p) { + if (tdvp->v_op == &union_vnodeop_p) { struct union_node *un = VTOUNION(tdvp); if (un->un_uppervp == NULLVP) { @@ -1429,7 +1429,7 @@ * file and change tvp to NULL. */ - if (tvp != NULLVP && tvp->v_op == union_vnodeop_p) { + if (tvp != NULLVP && tvp->v_op == &union_vnodeop_p) { struct union_node *un = VTOUNION(tvp); tvp = union_lock_upper(un, ap->a_tcnp->cn_thread); ==== //depot/projects/trustedbsd/mac/sys/gnu/ext2fs/ext2_vfsops.c#5 (text+ko) ==== @@ -1029,7 +1029,7 @@ MALLOC(ip, struct inode *, sizeof(struct inode), M_EXT2NODE, M_WAITOK); /* Allocate a new vnode/inode. */ - if ((error = getnewvnode(VT_UFS, mp, ext2_vnodeop_p, &vp)) != 0) { + if ((error = getnewvnode(VT_UFS, mp, &ext2_vnodeop_p, &vp)) != 0) { if (ext2fs_inode_hash_lock < 0) wakeup(&ext2fs_inode_hash_lock); ext2fs_inode_hash_lock = 0; ==== //depot/projects/trustedbsd/mac/sys/isofs/cd9660/cd9660_vfsops.c#5 (text+ko) ==== @@ -705,7 +705,7 @@ return (0); /* Allocate a new vnode/iso_node. */ - if ((error = getnewvnode(VT_ISOFS, mp, cd9660_vnodeop_p, &vp)) != 0) { + if ((error = getnewvnode(VT_ISOFS, mp, &cd9660_vnodeop_p, &vp)) != 0) { *vpp = NULLVP; return (error); } @@ -852,11 +852,11 @@ */ switch (vp->v_type = IFTOVT(ip->inode.iso_mode)) { case VFIFO: - vp->v_op = cd9660_fifoop_p; + vp->v_op = &cd9660_fifoop_p; break; case VCHR: case VBLK: - vp->v_op = cd9660_specop_p; + vp->v_op = &cd9660_specop_p; vp = addaliasu(vp, ip->inode.iso_rdev); ip->i_vnode = vp; break; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#122 (text+ko) ==== @@ -90,9 +90,9 @@ #if MAC_MAX_POLICIES > 32 #error "MAC_MAX_POLICIES too large" #endif -static const unsigned int mac_max_policies = MAC_MAX_POLICIES; -static unsigned int mac_policies_free = (1 << MAC_MAX_POLICIES) - 1; -SYSCTL_INT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD, +static unsigned int mac_max_policies = MAC_MAX_POLICIES; +static unsigned int mac_policies_free = (1 << MAC_MAX_POLICIES) - 1; +SYSCTL_UINT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD, &mac_max_policies, 0, ""); struct maclabels { void *labels[MAC_MAX_POLICIES]; @@ -149,9 +149,9 @@ error = 0; \ sx_slock(&mac_policy_list_lock); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops->mpo_ ## check != NULL) \ + if (mpc->mpc_ops.mpo_ ## check != NULL) \ error = error_select( \ - mpc->mpc_ops->mpo_ ## check (## args), \ + mpc->mpc_ops.mpo_ ## check (## args), \ error); \ } \ sx_sunlock(&mac_policy_list_lock); \ @@ -170,9 +170,9 @@ \ sx_slock(&mac_policy_list_lock); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops->mpo_ ## operation != NULL) \ + if (mpc->mpc_ops.mpo_ ## operation != NULL) \ result = result composition \ - mpc->mpc_ops->mpo_ ## operation ( ## args); \ + mpc->mpc_ops.mpo_ ## operation ( ## args); \ } \ sx_sunlock(&mac_policy_list_lock); \ } while (0) @@ -186,8 +186,8 @@ \ sx_slock(&mac_policy_list_lock); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops->mpo_ ## operation != NULL) \ - mpc->mpc_ops->mpo_ ## operation (## args); \ + if (mpc->mpc_ops.mpo_ ## operation != NULL) \ + mpc->mpc_ops.mpo_ ## operation (## args); \ } \ sx_sunlock(&mac_policy_list_lock); \ } while (0) @@ -236,8 +236,250 @@ mac_policy_register(struct mac_policy_conf *mpc) { struct mac_policy_conf *tmpc; + struct mac_policy_op_entry *mpe; int slot; + for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) { + switch (mpe->mpe_constant) { + case MAC_DESTROY: + mpc->mpc_ops.mpo_destroy = mpe->mpe_function; + break; + case MAC_INIT: + mpc->mpc_ops.mpo_init = mpe->mpe_function; + break; + case MAC_COPY_LABEL: + mpc->mpc_ops.mpo_copy_label = mpe->mpe_function; + break; + case MAC_DOMINATE: + mpc->mpc_ops.mpo_dominate = mpe->mpe_function; + break; + case MAC_EQUAL: + mpc->mpc_ops.mpo_equal = mpe->mpe_function; + break; + case MAC_PRINT_LABEL: + mpc->mpc_ops.mpo_print_label = mpe->mpe_function; + break; + case MAC_VALIDATE_LABEL: + mpc->mpc_ops.mpo_validate_label = mpe->mpe_function; + break; + case MAC_CREATE_DEVFS_DEVICE: + mpc->mpc_ops.mpo_create_devfs_device = + mpe->mpe_function; + break; + case MAC_CREATE_DEVFS_DIRECTORY: + mpc->mpc_ops.mpo_create_devfs_directory = + mpe->mpe_function; + break; + case MAC_CREATE_VNODE_FROM_VNODE: + mpc->mpc_ops.mpo_create_vnode_from_vnode = + mpe->mpe_function; + break; + case MAC_CREATE_MOUNT: + mpc->mpc_ops.mpo_create_mount = mpe->mpe_function; + break; + case MAC_CREATE_ROOT_MOUNT: + mpc->mpc_ops.mpo_create_root_mount = mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FROM_SOCKET: + mpc->mpc_ops.mpo_create_mbuf_from_socket = + mpe->mpe_function; + break; + case MAC_CREATE_SOCKET: + mpc->mpc_ops.mpo_create_socket = mpe->mpe_function; + break; + case MAC_RELABEL_SOCKET: + mpc->mpc_ops.mpo_relabel_socket = mpe->mpe_function; + break; + case MAC_CREATE_BPFDESC: + mpc->mpc_ops.mpo_create_bpfdesc = mpe->mpe_function; + break; + case MAC_CREATE_IFNET: + mpc->mpc_ops.mpo_create_ifnet = mpe->mpe_function; + break; + case MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE: + mpc->mpc_ops.mpo_create_mbuf_datagram_from_mbuf_fragmentqueue = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FRAGMENT_FROM_MBUF: + mpc->mpc_ops.mpo_create_mbuf_fragment_from_mbuf = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT: + mpc->mpc_ops.mpo_create_mbuf_fragmentqueue_from_mbuf_fragment = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FROM_MBUF: + mpc->mpc_ops.mpo_create_mbuf_from_mbuf = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_LINKLAYER_FOR_IFNET: + mpc->mpc_ops.mpo_create_mbuf_linklayer_for_ifnet = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FROM_BPFDESC: + mpc->mpc_ops.mpo_create_mbuf_from_bpfdesc = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_FROM_IFNET: + mpc->mpc_ops.mpo_create_mbuf_from_ifnet = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_MULTICAST_ENCAP_FROM_MBUF: + mpc->mpc_ops.mpo_create_mbuf_multicast_encap_from_mbuf = + mpe->mpe_function; + break; + case MAC_CREATE_MBUF_NETLAYER_FROM_MBUF: + mpc->mpc_ops.mpo_create_mbuf_netlayer_from_mbuf = + mpe->mpe_function; + break; + case MAC_MBUF_FRAGMENT_MATCHES_MBUF_FRAGMENTQUEUE: + mpc->mpc_ops.mpo_mbuf_fragment_matches_mbuf_fragmentqueue = + mpe->mpe_function; + break; + case MAC_RELABEL_IFNET: + mpc->mpc_ops.mpo_relabel_ifnet = mpe->mpe_function; + break; + case MAC_UPDATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT: + mpc->mpc_ops.mpo_update_mbuf_fragmentqueue_from_mbuf_fragment = + mpe->mpe_function; + break; + case MAC_CREATE_SUBJECT: + mpc->mpc_ops.mpo_create_subject = mpe->mpe_function; + break; + case MAC_EXECVE_TRANSITION: + mpc->mpc_ops.mpo_execve_transition = mpe->mpe_function; + break; + case MAC_EXECVE_WILL_TRANSITION: + mpc->mpc_ops.mpo_execve_will_transition = + mpe->mpe_function; + break; + case MAC_CREATE_PROC0: + mpc->mpc_ops.mpo_create_proc0 = mpe->mpe_function; + break; + case MAC_CREATE_PROC1: + mpc->mpc_ops.mpo_create_proc1 = mpe->mpe_function; + break; + case MAC_RELABEL_SUBJECT: + mpc->mpc_ops.mpo_relabel_subject = + mpe->mpe_function; + break; + case MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET: + mpc->mpc_ops.mpo_bpfdesc_check_receive_from_ifnet = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SEE_CRED: + mpc->mpc_ops.mpo_cred_check_see_cred = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SEE_SOCKET: + mpc->mpc_ops.mpo_cred_check_see_socket = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RELABEL_IFNET: + mpc->mpc_ops.mpo_cred_check_relabel_ifnet = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RELABEL_SOCKET: + mpc->mpc_ops.mpo_cred_check_relabel_socket = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RELABEL_SUBJECT: + mpc->mpc_ops.mpo_cred_check_relabel_subject = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RELABEL_VNODE: + mpc->mpc_ops.mpo_cred_check_relabel_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_STATFS: + mpc->mpc_ops.mpo_cred_check_statfs = mpe->mpe_function; + break; + case MAC_CRED_CHECK_DEBUG_PROC: + mpc->mpc_ops.mpo_cred_check_debug_proc = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_EXEC_FILE: + mpc->mpc_ops.mpo_cred_check_exec_file = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_CHDIR_VNODE: + mpc->mpc_ops.mpo_cred_check_chdir_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_CREATE_VNODE: + mpc->mpc_ops.mpo_cred_check_create_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_DELETE_VNODE: + mpc->mpc_ops.mpo_cred_check_delete_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_EXEC_VNODE: + mpc->mpc_ops.mpo_cred_check_exec_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_OPEN_VNODE: + mpc->mpc_ops.mpo_cred_check_open_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RENAME_FROM_VNODE: + mpc->mpc_ops.mpo_cred_check_rename_from_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_RENAME_TO_VNODE: + mpc->mpc_ops.mpo_cred_check_rename_to_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_REVOKE_VNODE: + mpc->mpc_ops.mpo_cred_check_revoke_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SEARCH_VNODE: + mpc->mpc_ops.mpo_cred_check_search_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SETFLAGS_VNODE: + mpc->mpc_ops.mpo_cred_check_setflags_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SETMODE_VNODE: + mpc->mpc_ops.mpo_cred_check_setmode_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SETOWNER_VNODE: + mpc->mpc_ops.mpo_cred_check_setowner_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SETUTIMES_VNODE: + mpc->mpc_ops.mpo_cred_check_setutimes_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SCHED_PROC: + mpc->mpc_ops.mpo_cred_check_sched_proc = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_SIGNAL_PROC: + mpc->mpc_ops.mpo_cred_check_signal_proc = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_STAT_VNODE: + mpc->mpc_ops.mpo_cred_check_stat_vnode = + mpe->mpe_function; + break; + case MAC_IFNET_CHECK_SEND_MBUF: + mpc->mpc_ops.mpo_ifnet_check_send_mbuf = + mpe->mpe_function; + break; + case MAC_SOCKET_CHECK_RECEIVE_MBUF: + mpc->mpc_ops.mpo_socket_check_receive_mbuf = + mpe->mpe_function; + break; + default: + printf("MAC policy `%s': unknown operation %d\n", + mpc->mpc_name, mpe->mpe_constant); + return (EINVAL); + } + } sx_xlock(&mac_policy_list_lock); LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) { if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { @@ -249,7 +491,7 @@ slot = ffs(mac_policies_free); if (slot == 0) { sx_xunlock(&mac_policy_list_lock); - return (EEXIST); + return (ENOMEM); } slot--; mac_policies_free &= ~(1 << slot); @@ -261,8 +503,8 @@ printf("Security policy: %s (%s)\n", mpc->mpc_fullname, mpc->mpc_name); /* Per-policy initialization. */ - if (mpc->mpc_ops->mpo_init != NULL) - (*(mpc->mpc_ops->mpo_init))(mpc); + if (mpc->mpc_ops.mpo_init != NULL) + (*(mpc->mpc_ops.mpo_init))(mpc); sx_xunlock(&mac_policy_list_lock); return (0); @@ -278,8 +520,8 @@ if (mpc->mpc_field_off != -1) return (EBUSY); sx_xlock(&mac_policy_list_lock); - if (mpc->mpc_ops->mpo_destroy != NULL) - (*(mpc->mpc_ops->mpo_destroy))(mpc); + if (mpc->mpc_ops.mpo_destroy != NULL) + (*(mpc->mpc_ops.mpo_destroy))(mpc); LIST_REMOVE(mpc, mpc_list); sx_xunlock(&mac_policy_list_lock); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_subr.c#20 (text+ko) ==== @@ -677,7 +677,7 @@ getnewvnode(tag, mp, vops, vpp) enum vtagtype tag; struct mount *mp; - vop_t **vops; + vop_t ***vops; struct vnode **vpp; { int s; @@ -1552,7 +1552,7 @@ } if (vfinddev(dev, VCHR, vpp)) return (0); - error = getnewvnode(VT_NON, (struct mount *)0, spec_vnodeop_p, &nvp); + error = getnewvnode(VT_NON, (struct mount *)0, &spec_vnodeop_p, &nvp); if (error) { *vpp = NULLVP; return (error); @@ -1578,7 +1578,7 @@ udev_t nvp_rdev; { struct vnode *ovp; - vop_t **ops; + vop_t ***ops; dev_t dev; if (nvp->v_type == VBLK) @@ -1952,7 +1952,7 @@ vgonel(vp, td); } else { vclean(vp, 0, td); - vp->v_op = spec_vnodeop_p; + vp->v_op = &spec_vnodeop_p; insmntque(vp, (struct mount *) 0); } mtx_lock(&mntvnode_mtx); @@ -2108,7 +2108,7 @@ /* * Done with purge, notify sleepers of the grim news. */ - vp->v_op = dead_vnodeop_p; + vp->v_op = &dead_vnodeop_p; if (vp->v_pollinfo != NULL) vn_pollgone(vp); vp->v_tag = VT_NON; @@ -2847,7 +2847,7 @@ int error; /* Allocate a new vnode */ - if ((error = getnewvnode(VT_VFS, mp, sync_vnodeop_p, &vp)) != 0) { + if ((error = getnewvnode(VT_VFS, mp, &sync_vnodeop_p, &vp)) != 0) { mp->mnt_syncer = NULL; return (error); } ==== //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_node.c#4 (text+ko) ==== @@ -223,7 +223,7 @@ */ np = uma_zalloc(nfsnode_zone, M_WAITOK); - error = getnewvnode(VT_NFS, mntp, nfsv2_vnodeop_p, &nvp); + error = getnewvnode(VT_NFS, mntp, &nfsv2_vnodeop_p, &nvp); if (error) { if (nfs_node_hash_lock < 0) wakeup(&nfs_node_hash_lock); ==== //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_subs.c#5 (text+ko) ==== @@ -527,10 +527,10 @@ if (vp->v_type != vtyp) { vp->v_type = vtyp; if (vp->v_type == VFIFO) { - vp->v_op = fifo_nfsv2nodeop_p; + vp->v_op = &fifo_nfsv2nodeop_p; } if (vp->v_type == VCHR || vp->v_type == VBLK) { - vp->v_op = spec_nfsv2nodeop_p; + vp->v_op = &spec_nfsv2nodeop_p; vp = addaliasu(vp, rdev); np->n_vnode = vp; } ==== //depot/projects/trustedbsd/mac/sys/security/lomac/lomacfs.h#3 (text+ko) ==== @@ -103,7 +103,7 @@ #define VTOLOMAC(vp) ((struct lomac_node *)(vp)->v_data) #define VTOLVP(vp) VTOLOMAC(vp)->ln_lowervp #define VFSTOLOMAC(mp) ((struct lomac_mount *)mp->mnt_data) -#define VISLOMAC(vp) (vp->v_op == lomacfs_vnodeop_p) +#define VISLOMAC(vp) (vp->v_op == &lomacfs_vnodeop_p) int lomacfs_node_alloc(struct mount *mp, struct componentname *cnp, struct vnode *dvp, struct vnode *lowervp, struct vnode **vpp); ==== //depot/projects/trustedbsd/mac/sys/security/lomac/lomacfs_subr.c#3 (text+ko) ==== @@ -73,7 +73,7 @@ return (EEXIST); } } - error = getnewvnode(VT_NULL, mp, lomacfs_vnodeop_p, vpp); + error = getnewvnode(VT_NULL, mp, &lomacfs_vnodeop_p, vpp); if (error) { vput(lowervp); free(lp, M_LOMACFS); ==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#19 (text+ko) ==== @@ -105,7 +105,7 @@ int v_holdcnt; /* page & buffer references */ u_long v_id; /* capability identifier */ struct mount *v_mount; /* ptr to vfs we are in */ - vop_t **v_op; /* vnode operations vector */ + vop_t ***v_op; /* vnode operations vector */ TAILQ_ENTRY(vnode) v_freelist; /* vnode freelist */ TAILQ_ENTRY(vnode) v_nmntvnodes; /* vnodes for mount point */ struct buflists v_cleanblkhd; /* clean blocklist head */ @@ -527,7 +527,7 @@ /* * This call works for vnodes in the kernel. */ -#define VCALL(VP,OFF,AP) VOCALL((VP)->v_op,(OFF),(AP)) +#define VCALL(VP,OFF,AP) VOCALL(*(VP)->v_op,(OFF),(AP)) #define VDESC(OP) (& __CONCAT(OP,_desc)) #define VOFFSET(OP) (VDESC(OP)->vdesc_offset) @@ -583,7 +583,7 @@ void cvtstat(struct stat *st, struct ostat *ost); void cvtnstat(struct stat *sb, struct nstat *nsb); int getnewvnode(enum vtagtype tag, - struct mount *mp, vop_t **vops, struct vnode **vpp); + struct mount *mp, vop_t ***vops, struct vnode **vpp); int lease_check(struct vop_lease_args *ap); int spec_vnoperate(struct vop_generic_args *); int speedup_syncer(void); ==== //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_vfsops.c#9 (text+ko) ==== @@ -1192,7 +1192,7 @@ ump->um_malloctype, M_WAITOK); /* Allocate a new vnode/inode. */ - error = getnewvnode(VT_UFS, mp, ffs_vnodeop_p, &vp); + error = getnewvnode(VT_UFS, mp, &ffs_vnodeop_p, &vp); if (error) { /* * Do not wake up processes while holding the mutex, ==== //depot/projects/trustedbsd/mac/sys/ufs/ifs/ifs_vfsops.c#4 (text+ko) ==== @@ -201,7 +201,7 @@ ump->um_malloctype, M_WAITOK); /* Allocate a new vnode/inode. */ - error = getnewvnode(VT_UFS, mp, ifs_vnodeop_p, &vp); + error = getnewvnode(VT_UFS, mp, &ifs_vnodeop_p, &vp); if (error) { /* * Do not wake up processes while holding the mutex, ==== //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#30 (text+ko) ==== @@ -2208,12 +2208,12 @@ switch(vp->v_type = IFTOVT(ip->i_mode)) { case VCHR: case VBLK: - vp->v_op = specops; + vp->v_op = &specops; vp = addaliasu(vp, ip->i_rdev); ip->i_vnode = vp; break; case VFIFO: - vp->v_op = fifoops; + vp->v_op = &fifoops; break; default: break; ==== //depot/projects/trustedbsd/mac/sys/vm/vm_swap.c#5 (text+ko) ==== @@ -263,7 +263,7 @@ u_long aligned_nblks; if (!swapdev_vp) { - error = getnewvnode(VT_NON, NULL, swapdev_vnodeop_p, + error = getnewvnode(VT_NON, NULL, &swapdev_vnodeop_p, &swapdev_vp); if (error) panic("Cannot get vnode for swapdev"); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message