PERFORCE change 19555 for review

Fri Oct 18 17:22:40 GMT 2002

http://perforce.freebsd.org/chv.cgi?CH=19555

Change 19555 by cvance at cvance_laptop on 2002/10/18 10:21:46

	Add basic locking support for the security server.  Note 
	that it's not quite right yet, but it's a whole lot better 
	than no locking.  Thanks go to Hiten Pandya for a patch
	he sent a while back.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services_private.h#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services.c#6 (text+ko) ====

@@ -57,6 +57,10 @@
  */
 static __u32 latest_granting = 0;
 
+#if defined(__FreeBSD__) && defined(_KERNEL)
+POLICY_INIT;
+LOAD_INIT;
+#endif
 
 /*
  * Return the boolean value of a constraint expression 
@@ -302,7 +306,7 @@
 
 	/* Allocate space for the context; caller must free this space. */
 	scontextp = (char *) sebsd_malloc(*scontext_len+1, M_SEBSD_SS, 
-					  M_WAITOK);
+					  M_NOWAIT);
 	if (!scontextp) {
 		return -ENOMEM;
 	}
@@ -348,7 +352,7 @@
 
 			*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
 			scontextp = sebsd_malloc(*scontext_len, M_SEBSD_SS, 
-						 M_WAITOK);
+						 M_NOWAIT);
 			strcpy(scontextp, initial_sid_to_string[sid]);
 			*scontext = (security_context_t) scontextp;
 			return 0;

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/services_private.h#4 (text+ko) ====

@@ -54,6 +54,40 @@
 /* #define convert_context_handle_invalid_context(context) -EINVAL */
 /* #endif */
 
+#ifdef __FreeBSD__
+
+#ifdef _KERNEL
+struct sx;
+struct sx policy_lock;
+#define	POLICY_INIT		\
+	SX_SYSINIT(policy_lock, &policy_lock, "SEBSD Policy Lock")
+#define POLICY_RDLOCK 		sx_slock(&policy_lock)
+#define POLICY_WRLOCK 		sx_xlock(&policy_lock)
+#define POLICY_RDUNLOCK 	sx_sunlock(&policy_lock)
+#define POLICY_WRUNLOCK 	sx_xunlock(&policy_lock)
+#else
+#define POLICY_RDLOCK
+#define POLICY_WRLOCK
+#define POLICY_RDUNLOCK
+#define POLICY_WRUNLOCK
+#endif
+
+#ifdef _KERNEL
+struct mtx;
+struct mtx load_lock;
+#define LOAD_INIT	\
+	MTX_SYSINIT(load_lock, &load_lock, "SEBSD Load Lock", MTX_DEF)
+#define LOAD_LOCK 	mtx_lock(&load_lock)
+#define LOAD_UNLOCK	mtx_unlock(&load_lock)
+#else
+#define LOAD_LOCK 
+#define LOAD_UNLOCK
+#define INTERRUPTS_OFF 
+#define INTERRUPTS_ON 
+#endif
+
+#else /* __FreeBSD__ */
+
 #ifdef __KERNEL__
 static DECLARE_MUTEX(policy_sem);
 #define POLICY_RDLOCK safe_down(&policy_sem)
@@ -79,3 +113,4 @@
 #define INTERRUPTS_OFF 
 #define INTERRUPTS_ON 
 #endif
+#endif /* __FreeBSD__ */

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#7 (text+ko) ====

@@ -12,6 +12,8 @@
 #include <sys/conf.h>
 #include <sys/kernel.h>
 #include <sys/systm.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
 #endif /* FreeBSD _KERNEL */
 
 #include <machine/limits.h>
@@ -24,19 +26,32 @@
 
 #define SIDTAB_HASH(sid) (sid & SIDTAB_HASH_MASK)
 
-#ifdef __KERNEL__ /* TBD/CDV this does nothing... */
+#ifdef __FreeBSD__
+#ifdef _KERNEL
+#define INIT_SIDTAB_LOCK(s) \
+	mtx_init(&(s)->sidtab_mtx, "SID Table lock", NULL, MTX_DEF)
+#define SIDTAB_TRYLOCK(s) mtx_trylock(&(s)->sidtab_mtx)
+#define SIDTAB_LOCK(s)    mtx_lock(&(s)->sidtab_mtx)
+#define SIDTAB_UNLOCK(s)  mtx_unlock(&(s)->sidtab_mtx)
+#else
+#define INIT_SIDTAB_LOCK(s) 
+#define SIDTAB_TRYLOCK(s) 0
+#define SIDTAB_LOCK(s) 0
+#define SIDTAB_UNLOCK(s)
+#endif
+#else /* __FreeBSD__ */
+#ifdef __KERNEL__
 #define INIT_SIDTAB_LOCK(s) init_MUTEX(&s->sem)
 #define SIDTAB_LOCK(s) safe_down(&s->sem)
 #define SIDTAB_UNLOCK(s) safe_up(&s->sem)
-#else
+#else /* __KERNEL__ */
 #define INIT_SIDTAB_LOCK(s) 
 #define SIDTAB_LOCK(s) 0
 #define SIDTAB_UNLOCK(s)
 #endif
+#endif /* __FreeBSD__ */
 
-#ifndef __TBD_CDV__
 #define wmb() 
-#endif /* __TBD_CDV__ */
 
 int sidtab_init(sidtab_t *s) 
 {
@@ -75,7 +90,7 @@
 		return -EEXIST;
 
 	newnode = (sidtab_node_t *) sebsd_malloc(sizeof(sidtab_node_t),
-						 M_SEBSD_SS, M_WAITOK);
+						 M_SEBSD_SS, M_NOWAIT);
 	if (newnode == NULL) 
 		return -ENOMEM;
 	newnode->sid = sid;
@@ -258,7 +273,8 @@
 
 	sid = sidtab_search_context(s, context);
 	if (!sid) {
-		if (SIDTAB_LOCK(s))
+		ret = SIDTAB_TRYLOCK(s);
+		if (ret == 0)
 			return -EAGAIN;
 		/* Rescan now that we hold the semaphore. */
 		sid = sidtab_search_context(s, context);
@@ -358,8 +374,8 @@
 	SIDTAB_LOCK(s);
 	mynel = s->nel;
 	mysids = (security_id_t *)sebsd_malloc(mynel*sizeof(security_id_t),
-					       M_SEBSD_SS, M_WAITOK);
-	if (!mysids) {
+					       M_SEBSD_SS, M_NOWAIT);
+	if (mysids == NULL) {
 		rc = -ENOMEM;
 		goto out;
 	}

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.h#3 (text+ko) ====

@@ -27,13 +27,18 @@
 
 #define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
 
+struct mtx;
 typedef struct {
 	sidtab_ptr_t *htable;
 	unsigned int nel;	/* number of elements */
 	unsigned int next_sid;	/* next SID to allocate */
-#ifdef __KERNEL__
+#if defined(__KERNEL__) || defined(_KERNEL)
+#ifdef __FreeBSD__
+	struct mtx sidtab_mtx;
+#else
 	struct semaphore sem;
 #endif
+#endif /* KERNEL */
 } sidtab_t;
 
 int sidtab_init(sidtab_t *s);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

