PERFORCE change 41851 for review
Robert Watson
rwatson at FreeBSD.org
Mon Nov 10 01:30:13 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41851
Change 41851 by rwatson at rwatson_paprika on 2003/11/09 17:29:33
Use the UMA zone allocator to allocate temporary labels
for the socket and ifnet code, rather than using the stack.
This permits us to GC some of the older init/destroy
functions for sockets and ifnets, reducing code duplication.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_net.c#7 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_net.c#7 (text+ko) ====
@@ -124,15 +124,6 @@
bpf_d->bd_label = mac_bpfdesc_label_alloc();
}
-static void
-mac_init_ifnet_label(struct label *label)
-{
-
- mac_init_label(label);
- MAC_PERFORM(init_ifnet_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacifnets);
-}
-
static struct label *
mac_ifnet_label_alloc(void)
{
@@ -229,24 +220,6 @@
return (0);
}
-static int
-mac_init_socket_label(struct label *label, int flag)
-{
- int error;
-
- mac_init_label(label);
-
- MAC_CHECK(init_socket_label, label, flag);
- if (error) {
- MAC_PERFORM(destroy_socket_label, label);
- mac_destroy_label(label);
- } else {
- MAC_DEBUG_COUNTER_INC(&nmacsockets);
- }
-
- return (error);
-}
-
static struct label *
mac_socket_label_alloc(int flag)
{
@@ -320,15 +293,6 @@
}
static void
-mac_destroy_ifnet_label(struct label *label)
-{
-
- MAC_PERFORM(destroy_ifnet_label, label);
- mac_destroy_label(label);
- MAC_DEBUG_COUNTER_DEC(&nmacifnets);
-}
-
-static void
mac_ifnet_label_free(struct label *label)
{
@@ -372,15 +336,6 @@
}
static void
-mac_destroy_socket_label(struct label *label)
-{
-
- MAC_PERFORM(destroy_socket_label, label);
- mac_destroy_label(label);
- MAC_DEBUG_COUNTER_DEC(&nmacsockets);
-}
-
-static void
mac_socket_label_free(struct label *label)
{
@@ -891,7 +846,7 @@
mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifnet)
{
- struct label intlabel;
+ struct label *intlabel;
struct mac mac;
char *buffer;
int error;
@@ -911,11 +866,11 @@
return (error);
}
- mac_init_ifnet_label(&intlabel);
- error = mac_internalize_ifnet_label(&intlabel, buffer);
+ intlabel = mac_ifnet_label_alloc();
+ error = mac_internalize_ifnet_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error) {
- mac_destroy_ifnet_label(&intlabel);
+ mac_ifnet_label_free(intlabel);
return (error);
}
@@ -926,20 +881,20 @@
*/
error = suser_cred(cred, 0);
if (error) {
- mac_destroy_ifnet_label(&intlabel);
+ mac_ifnet_label_free(intlabel);
return (error);
}
MAC_CHECK(check_ifnet_relabel, cred, ifnet, ifnet->if_label,
- &intlabel);
+ intlabel);
if (error) {
- mac_destroy_ifnet_label(&intlabel);
+ mac_ifnet_label_free(intlabel);
return (error);
}
- MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, &intlabel);
+ MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, intlabel);
- mac_destroy_ifnet_label(&intlabel);
+ mac_ifnet_label_free(intlabel);
return (0);
}
@@ -947,7 +902,7 @@
mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
struct mac *mac)
{
- struct label intlabel;
+ struct label *intlabel;
char *buffer;
int error;
@@ -962,23 +917,23 @@
return (error);
}
- mac_init_socket_label(&intlabel, M_WAITOK);
- error = mac_internalize_socket_label(&intlabel, buffer);
+ intlabel = mac_socket_label_alloc(M_WAITOK);
+ error = mac_internalize_socket_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error) {
- mac_destroy_socket_label(&intlabel);
+ mac_socket_label_free(intlabel);
return (error);
}
- mac_check_socket_relabel(cred, so, &intlabel);
+ mac_check_socket_relabel(cred, so, intlabel);
if (error) {
- mac_destroy_socket_label(&intlabel);
+ mac_socket_label_free(intlabel);
return (error);
}
- mac_relabel_socket(cred, so, &intlabel);
+ mac_relabel_socket(cred, so, intlabel);
- mac_destroy_socket_label(&intlabel);
+ mac_socket_label_free(intlabel);
return (0);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list