PERFORCE change 113355 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 16:13:28 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=113355

Change 113355 by millert at millert_macbook on 2007/01/22 16:12:25

	Back out thread labels (which were really just references
	to the parent task's label handle).  It was a proof of
	concept that doesn't work well with the current label handle
	model.  A real solution requires reference-counted labels
	that may be modified in-place.  I have a design to do that
	but it is not likely to happen any time soon.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#11 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/task.c#10 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/thread.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/thread.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#11 (text+ko) ====

@@ -149,7 +149,7 @@
  * Returned label handle is locked.
  */
 ipc_labelh_t
-labelh_modify(ipc_labelh_t old, int keepold)
+labelh_modify(ipc_labelh_t old)
 {
 	ipc_labelh_t lh;
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.h#6 (text+ko) ====

@@ -45,7 +45,7 @@
 
 void labelh_destroy(ipc_port_t port);
 ipc_labelh_t labelh_duplicate(ipc_labelh_t old);
-ipc_labelh_t labelh_modify(ipc_labelh_t old, int keepold);
+ipc_labelh_t labelh_modify(ipc_labelh_t old);
 ipc_labelh_t labelh_new(int canblock);
 kern_return_t labelh_new_user(ipc_space_t, struct label *, mach_port_name_t *);
 void labelh_release(ipc_labelh_t lh);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/task.c#10 (text+ko) ====

@@ -1696,35 +1696,10 @@
 	struct label	*pl,
 	struct task	*task)
 {
-	thread_t thread;
-	ipc_labelh_t oldlabel;
 
 	tasklabel_lock(task);
-	oldlabel = task->label;
-
-	/*
-	 * For each thread in the task, release a reference to the label
-	 * handle in the thread if it matches the parent's.
-	 * XXX - do we need to hold the task while this is going on?
-	 */
-	queue_iterate(&task->threads, thread, thread_t, task_threads) {
-		if (thread->label == oldlabel)
-			lh_release(oldlabel);
-	}
-	task->label = labelh_modify(task->label, 1);
+	task->label = labelh_modify(task->label);
 	mac_task_label_update(pl, &task->maclabel);
-	/*
-	 * Replace the old label in the task's threads with the new one.
-	 */
-	queue_iterate(&task->threads, thread, thread_t, task_threads) {
-		if (thread->label == oldlabel) {
-			thread->label = task->label;
-			lh_reference(task->label);
-		}
-	}
-	/* Free old label if it is no longer in use.  */
-	if (task->label != oldlabel)
-		lh_check_unlock(oldlabel);
 	tasklabel_unlock(task);
 	ip_lock(task->itk_self);
 	mac_port_label_update_cred(pl, &task->itk_self->ip_label);
@@ -1737,35 +1712,10 @@
 	void		*arg,
 	void (*f)	(struct label *l, void *arg))
 {
-	thread_t thread;
-	ipc_labelh_t oldlabel;
 
 	tasklabel_lock(task);
-	oldlabel = task->label;
-
-	/*
-	 * For each thread in the task, release a reference to the label
-	 * handle in the thread if it matches the parent's.
-	 * XXX - do we need to hold the task while this is going on?
-	 */
-	queue_iterate(&task->threads, thread, thread_t, task_threads) {
-		if (thread->label == oldlabel)
-			lh_release(oldlabel);
-	}
-	task->label = labelh_modify(task->label, 1);
+	task->label = labelh_modify(task->label);
 	(*f)(&task->maclabel, arg);
-	/*
-	 * Replace the old label in the task's threads with the new one.
-	 */
-	queue_iterate(&task->threads, thread, thread_t, task_threads) {
-		if (thread->label == oldlabel) {
-			thread->label = task->label;
-			lh_reference(task->label);
-		}
-	}
-	/* Free old label if it is no longer in use.  */
-	if (task->label != oldlabel)
-		lh_check_unlock(oldlabel);
 	tasklabel_unlock(task);
 }
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/thread.c#4 (text+ko) ====

@@ -391,10 +391,6 @@
 
 	machine_thread_destroy(thread);
 
-#ifdef MAC
-	labelh_release(task->label);
-#endif
-
 	zfree(thread_zone, thread);
 }
 
@@ -669,11 +665,6 @@
 	new_thread->pri_shift = new_thread->processor_set->pri_shift;
 	compute_priority(new_thread, FALSE);
 
-#ifdef MAC
-	labelh_reference(parent_task->label);
-	new_thread->label = parent_task->label;
-#endif
-
 	new_thread->active = TRUE;
 
 	*out_thread = new_thread;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/thread.h#4 (text+ko) ====

@@ -122,9 +122,7 @@
 #include <kern/timer_call.h>
 #include <kern/task.h>
 #include <kern/exception.h>
-#include <security/_label.h>
 
-#include <ipc/ipc_labelh.h>
 #include <ipc/ipc_kmsg.h>
 
 #include <machine/cpu_data.h>
@@ -357,10 +355,6 @@
 #ifdef	MACH_BSD
 		void					*uthread;
 #endif
-
-#ifdef MAC
-		ipc_labelh_t				label;
-#endif
 };
 
 #define ith_state		saved.receive.state

More information about the trustedbsd-cvs mailing list