From owner-svn-src-head@FreeBSD.ORG Wed May 27 09:41:59 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 568A71065674; Wed, 27 May 2009 09:41:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 391AB8FC1B; Wed, 27 May 2009 09:41:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n4R9fxgJ090070; Wed, 27 May 2009 09:41:59 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n4R9fxso090068; Wed, 27 May 2009 09:41:59 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200905270941.n4R9fxso090068@svn.freebsd.org> From: Robert Watson Date: Wed, 27 May 2009 09:41:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r192881 - head/sys/security/mac X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 09:41:59 -0000 Author: rwatson Date: Wed May 27 09:41:58 2009 New Revision: 192881 URL: http://svn.freebsd.org/changeset/base/192881 Log: Convert the MAC Framework from using rwlocks to rmlocks to stabilize framework registration for non-sleepable entry points. Obtained from: TrustedBSD Project Modified: head/sys/security/mac/mac_framework.c head/sys/security/mac/mac_internal.h Modified: head/sys/security/mac/mac_framework.c ============================================================================== --- head/sys/security/mac/mac_framework.c Wed May 27 09:31:50 2009 (r192880) +++ head/sys/security/mac/mac_framework.c Wed May 27 09:41:58 2009 (r192881) @@ -78,7 +78,7 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include +#include #include #include #include @@ -165,7 +165,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC * * The dynamic policy list is protected by two locks: modifying the list * requires both locks to be held exclusively. One of the locks, - * mac_policy_rw, is acquired over policy entry points that will never sleep; + * mac_policy_rm, is acquired over policy entry points that will never sleep; * the other, mac_policy_sx, is acquire over policy entry points that may * sleep. The former category will be used when kernel locks may be held * over calls to the MAC Framework, during network processing in ithreads, @@ -173,7 +173,7 @@ MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC * allocations, extended attribute I/O, etc. */ #ifndef MAC_STATIC -static struct rwlock mac_policy_rw; /* Non-sleeping entry points. */ +static struct rmlock mac_policy_rm; /* Non-sleeping entry points. */ static struct sx mac_policy_sx; /* Sleeping entry points. */ #endif @@ -185,14 +185,14 @@ static void mac_policy_xlock_assert(void static void mac_policy_xunlock(void); void -mac_policy_slock_nosleep(void) +mac_policy_slock_nosleep(struct rm_priotracker *tracker) { #ifndef MAC_STATIC if (!mac_late) return; - rw_rlock(&mac_policy_rw); + rm_rlock(&mac_policy_rm, tracker); #endif } @@ -212,14 +212,14 @@ mac_policy_slock_sleep(void) } void -mac_policy_sunlock_nosleep(void) +mac_policy_sunlock_nosleep(struct rm_priotracker *tracker) { #ifndef MAC_STATIC if (!mac_late) return; - rw_runlock(&mac_policy_rw); + rm_runlock(&mac_policy_rm, tracker); #endif } @@ -247,7 +247,7 @@ mac_policy_xlock(void) return; sx_xlock(&mac_policy_sx); - rw_wlock(&mac_policy_rw); + rm_wlock(&mac_policy_rm); #endif } @@ -259,7 +259,7 @@ mac_policy_xunlock(void) if (!mac_late) return; - rw_wunlock(&mac_policy_rw); + rm_wunlock(&mac_policy_rm); sx_xunlock(&mac_policy_sx); #endif } @@ -272,7 +272,7 @@ mac_policy_xlock_assert(void) if (!mac_late) return; - rw_assert(&mac_policy_rw, RA_WLOCKED); + /* XXXRW: rm_assert(&mac_policy_rm, RA_WLOCKED); */ sx_assert(&mac_policy_sx, SA_XLOCKED); #endif } @@ -289,7 +289,7 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rw_init(&mac_policy_rw, "mac_policy_rw"); + rm_init(&mac_policy_rm, "mac_policy_rm", 0); sx_init(&mac_policy_sx, "mac_policy_sx"); #endif } Modified: head/sys/security/mac/mac_internal.h ============================================================================== --- head/sys/security/mac/mac_internal.h Wed May 27 09:31:50 2009 (r192880) +++ head/sys/security/mac/mac_internal.h Wed May 27 09:41:58 2009 (r192881) @@ -55,6 +55,9 @@ #error "no user-serviceable parts inside" #endif +#include +#include + /* * MAC Framework sysctl namespace. */ @@ -194,9 +197,9 @@ extern struct mtx mac_ifnet_mtx; */ int mac_error_select(int error1, int error2); -void mac_policy_slock_nosleep(void); +void mac_policy_slock_nosleep(struct rm_priotracker *tracker); void mac_policy_slock_sleep(void); -void mac_policy_sunlock_nosleep(void); +void mac_policy_sunlock_nosleep(struct rm_priotracker *tracker); void mac_policy_sunlock_sleep(void); struct label *mac_labelzone_alloc(int flags); @@ -294,14 +297,16 @@ int vn_setlabel(struct vnode *vp, struct error); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) \ error = mac_error_select( \ mpc->mpc_ops->mpo_ ## check (args), \ error); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -323,7 +328,9 @@ int vn_setlabel(struct vnode *vp, struct } \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) { \ if (mpc->mpc_ops->mpo_ ## check (args) \ @@ -331,7 +338,7 @@ int vn_setlabel(struct vnode *vp, struct error = 0; \ } \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -371,14 +378,16 @@ int vn_setlabel(struct vnode *vp, struct mpc->mpc_ops->mpo_ ## operation (args); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## operation != NULL) \ result = result composition \ mpc->mpc_ops->mpo_ ## operation \ (args); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0) @@ -492,12 +501,14 @@ int vn_setlabel(struct vnode *vp, struct mpc->mpc_ops->mpo_ ## operation (args); \ } \ if (!LIST_EMPTY(&mac_policy_list)) { \ - mac_policy_slock_nosleep(); \ + struct rm_priotracker tracker; \ + \ + mac_policy_slock_nosleep(&tracker); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## operation != NULL) \ mpc->mpc_ops->mpo_ ## operation (args); \ } \ - mac_policy_sunlock_nosleep(); \ + mac_policy_sunlock_nosleep(&tracker); \ } \ } while (0)