Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 May 2009 09:41:59 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r192881 - head/sys/security/mac
Message-ID:  <200905270941.n4R9fxso090068@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rwatson
Date: Wed May 27 09:41:58 2009
New Revision: 192881
URL: http://svn.freebsd.org/changeset/base/192881

Log:
  Convert the MAC Framework from using rwlocks to rmlocks to stabilize
  framework registration for non-sleepable entry points.
  
  Obtained from:	TrustedBSD Project

Modified:
  head/sys/security/mac/mac_framework.c
  head/sys/security/mac/mac_internal.h

Modified: head/sys/security/mac/mac_framework.c
==============================================================================
--- head/sys/security/mac/mac_framework.c	Wed May 27 09:31:50 2009	(r192880)
+++ head/sys/security/mac/mac_framework.c	Wed May 27 09:41:58 2009	(r192881)
@@ -78,7 +78,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/mac.h>
 #include <sys/module.h>
-#include <sys/rwlock.h>
+#include <sys/rmlock.h>
 #include <sys/sdt.h>
 #include <sys/sx.h>
 #include <sys/systm.h>
@@ -165,7 +165,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC
  *
  * The dynamic policy list is protected by two locks: modifying the list
  * requires both locks to be held exclusively.  One of the locks,
- * mac_policy_rw, is acquired over policy entry points that will never sleep;
+ * mac_policy_rm, is acquired over policy entry points that will never sleep;
  * the other, mac_policy_sx, is acquire over policy entry points that may
  * sleep.  The former category will be used when kernel locks may be held
  * over calls to the MAC Framework, during network processing in ithreads,
@@ -173,7 +173,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC
  * allocations, extended attribute I/O, etc.
  */
 #ifndef MAC_STATIC
-static struct rwlock mac_policy_rw;	/* Non-sleeping entry points. */
+static struct rmlock mac_policy_rm;	/* Non-sleeping entry points. */
 static struct sx mac_policy_sx;		/* Sleeping entry points. */
 #endif
 
@@ -185,14 +185,14 @@ static void	mac_policy_xlock_assert(void
 static void	mac_policy_xunlock(void);
 
 void
-mac_policy_slock_nosleep(void)
+mac_policy_slock_nosleep(struct rm_priotracker *tracker)
 {
 
 #ifndef MAC_STATIC
 	if (!mac_late)
 		return;
 
-	rw_rlock(&mac_policy_rw);
+	rm_rlock(&mac_policy_rm, tracker);
 #endif
 }
 
@@ -212,14 +212,14 @@ mac_policy_slock_sleep(void)
 }
 
 void
-mac_policy_sunlock_nosleep(void)
+mac_policy_sunlock_nosleep(struct rm_priotracker *tracker)
 {
 
 #ifndef MAC_STATIC
 	if (!mac_late)
 		return;
 
-	rw_runlock(&mac_policy_rw);
+	rm_runlock(&mac_policy_rm, tracker);
 #endif
 }
 
@@ -247,7 +247,7 @@ mac_policy_xlock(void)
 		return;
 
 	sx_xlock(&mac_policy_sx);
-	rw_wlock(&mac_policy_rw);
+	rm_wlock(&mac_policy_rm);
 #endif
 }
 
@@ -259,7 +259,7 @@ mac_policy_xunlock(void)
 	if (!mac_late)
 		return;
 
-	rw_wunlock(&mac_policy_rw);
+	rm_wunlock(&mac_policy_rm);
 	sx_xunlock(&mac_policy_sx);
 #endif
 }
@@ -272,7 +272,7 @@ mac_policy_xlock_assert(void)
 	if (!mac_late)
 		return;
 
-	rw_assert(&mac_policy_rw, RA_WLOCKED);
+	/* XXXRW: rm_assert(&mac_policy_rm, RA_WLOCKED); */
 	sx_assert(&mac_policy_sx, SA_XLOCKED);
 #endif
 }
@@ -289,7 +289,7 @@ mac_init(void)
 	mac_labelzone_init();
 
 #ifndef MAC_STATIC
-	rw_init(&mac_policy_rw, "mac_policy_rw");
+	rm_init(&mac_policy_rm, "mac_policy_rm", 0);
 	sx_init(&mac_policy_sx, "mac_policy_sx");
 #endif
 }

Modified: head/sys/security/mac/mac_internal.h
==============================================================================
--- head/sys/security/mac/mac_internal.h	Wed May 27 09:31:50 2009	(r192880)
+++ head/sys/security/mac/mac_internal.h	Wed May 27 09:41:58 2009	(r192881)
@@ -55,6 +55,9 @@
 #error "no user-serviceable parts inside"
 #endif
 
+#include <sys/lock.h>
+#include <sys/rmlock.h>
+
 /*
  * MAC Framework sysctl namespace.
  */
@@ -194,9 +197,9 @@ extern struct mtx			mac_ifnet_mtx;
  */
 int	mac_error_select(int error1, int error2);
 
-void	mac_policy_slock_nosleep(void);
+void	mac_policy_slock_nosleep(struct rm_priotracker *tracker);
 void	mac_policy_slock_sleep(void);
-void	mac_policy_sunlock_nosleep(void);
+void	mac_policy_sunlock_nosleep(struct rm_priotracker *tracker);
 void	mac_policy_sunlock_sleep(void);
 
 struct label	*mac_labelzone_alloc(int flags);
@@ -294,14 +297,16 @@ int	vn_setlabel(struct vnode *vp, struct
 			    error);					\
 	}								\
 	if (!LIST_EMPTY(&mac_policy_list)) {				\
-		mac_policy_slock_nosleep();				\
+		struct rm_priotracker tracker;				\
+									\
+		mac_policy_slock_nosleep(&tracker);			\
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {		\
 			if (mpc->mpc_ops->mpo_ ## check != NULL)	\
 				error = mac_error_select(		\
 				    mpc->mpc_ops->mpo_ ## check (args),	\
 				    error);				\
 		}							\
-		mac_policy_sunlock_nosleep();				\
+		mac_policy_sunlock_nosleep(&tracker);			\
 	}								\
 } while (0)
 
@@ -323,7 +328,9 @@ int	vn_setlabel(struct vnode *vp, struct
 		}							\
 	}								\
 	if (!LIST_EMPTY(&mac_policy_list)) {				\
-		mac_policy_slock_nosleep();				\
+		struct rm_priotracker tracker;				\
+									\
+		mac_policy_slock_nosleep(&tracker);			\
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {		\
 			if (mpc->mpc_ops->mpo_ ## check != NULL) {	\
 				if (mpc->mpc_ops->mpo_ ## check (args)	\
@@ -331,7 +338,7 @@ int	vn_setlabel(struct vnode *vp, struct
 					error = 0;			\
 			}						\
 		}							\
-		mac_policy_sunlock_nosleep();				\
+		mac_policy_sunlock_nosleep(&tracker);			\
 	}								\
 } while (0)
 
@@ -371,14 +378,16 @@ int	vn_setlabel(struct vnode *vp, struct
 			    mpc->mpc_ops->mpo_ ## operation (args);	\
 	}								\
 	if (!LIST_EMPTY(&mac_policy_list)) {				\
-		mac_policy_slock_nosleep();				\
+		struct rm_priotracker tracker;				\
+									\
+		mac_policy_slock_nosleep(&tracker);			\
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {		\
 			if (mpc->mpc_ops->mpo_ ## operation != NULL)	\
 				result = result composition		\
 				    mpc->mpc_ops->mpo_ ## operation	\
 				    (args);				\
 		}							\
-		mac_policy_sunlock_nosleep();				\
+		mac_policy_sunlock_nosleep(&tracker);			\
 	}								\
 } while (0)
 
@@ -492,12 +501,14 @@ int	vn_setlabel(struct vnode *vp, struct
 			mpc->mpc_ops->mpo_ ## operation (args);		\
 	}								\
 	if (!LIST_EMPTY(&mac_policy_list)) {				\
-		mac_policy_slock_nosleep();				\
+		struct rm_priotracker tracker;				\
+									\
+		mac_policy_slock_nosleep(&tracker);			\
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {		\
 			if (mpc->mpc_ops->mpo_ ## operation != NULL)	\
 				mpc->mpc_ops->mpo_ ## operation (args);	\
 		}							\
-		mac_policy_sunlock_nosleep();				\
+		mac_policy_sunlock_nosleep(&tracker);			\
 	}								\
 } while (0)
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905270941.n4R9fxso090068>