diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-02-01 05:56:51 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-02-01 05:56:51 +0000 |
| commit | b8e797cfe04273fadc8e4c77b305325e0f1549f3 (patch) | |
| tree | 02367146686e83fbaea5ff9d00e36f8d0cf2b688 /sys/security/mac/mac_framework.h | |
| parent | 75249cf38e5ac423561abeb1906852c0579f9e3c (diff) | |
| download | FreeBSD-src-b8e797cfe04273fadc8e4c77b305325e0f1549f3.zip FreeBSD-src-b8e797cfe04273fadc8e4c77b305325e0f1549f3.tar.gz | |
Coalesce pipe allocations and frees. Previously, the pipe code
would allocate two 'struct pipe's from the pipe zone, and malloc a
mutex.
- Create a new "struct pipepair" object holding the two 'struct
pipe' instances, struct mutex, and struct label reference. Pipe
structures now have a back-pointer to the pipe pair, and a
'pipe_present' flag to indicate whether the half has been
closed.
- Perform mutex init/destroy in zone init/destroy, avoiding
reallocating the mutex for each pipe. Perform most pipe structure
setup in zone constructor.
- VM memory mappings for pageable buffers are still done outside of
the UMA zone.
- Change MAC API to speak 'struct pipepair' instead of 'struct pipe',
update many policies. MAC labels are also handled outside of the
UMA zone for now. Label-only policy modules don't have to be
recompiled, but if a module is recompiled, its pipe entry points
will need to be updated. If a module actually reached into the
pipe structures (unlikely), that would also need to be modified.
These changes substantially simplify failure handling in the pipe
code as there are many fewer possible failure modes.
On half-close, pipes no longer free the 'struct pipe' for the closed
half until a full-close takes place. However, VM mapped buffers
are still released on half-close.
Some code refactoring is now possible to clean up some of the back
references, etc; this patch attempts not to change the structure
of most of the pipe implementation, only allocation/free code
paths, so as to avoid introducing bugs (hopefully).
This cuts about 8%-9% off the cost of sequential pipe allocation
and free in system call tests on UP and SMP in my micro-benchmarks.
May or may not make a difference in macro-benchmarks, but doing
less work is good.
Reviewed by: juli, tjr
Testing help: dwhite, fenestro, scottl, et al
Diffstat (limited to 'sys/security/mac/mac_framework.h')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index ed04abd..83e0252 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -120,7 +120,7 @@ struct mount; struct proc; struct sockaddr; struct socket; -struct pipe; +struct pipepair; struct thread; struct timespec; struct ucred; @@ -142,7 +142,7 @@ void mac_init_ifnet(struct ifnet *); int mac_init_inpcb(struct inpcb *, int flag); int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); -void mac_init_pipe(struct pipe *); +void mac_init_pipe(struct pipepair *); int mac_init_mbuf(struct mbuf *mbuf, int flag); int mac_init_mbuf_tag(struct m_tag *, int flag); void mac_init_mount(struct mount *); @@ -157,7 +157,7 @@ void mac_destroy_ifnet(struct ifnet *); void mac_destroy_inpcb(struct inpcb *); void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); -void mac_destroy_pipe(struct pipe *); +void mac_destroy_pipe(struct pipepair *); void mac_destroy_proc(struct proc *); void mac_destroy_mbuf_tag(struct m_tag *); void mac_destroy_mount(struct mount *); @@ -202,7 +202,7 @@ void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket); void mac_set_socket_peer_from_socket(struct socket *oldsocket, struct socket *newsocket); -void mac_create_pipe(struct ucred *cred, struct pipe *pipe); +void mac_create_pipe(struct ucred *cred, struct pipepair *pp); /* * Labeling event operations: network objects. @@ -255,12 +255,12 @@ int mac_check_kld_load(struct ucred *cred, struct vnode *vp); int mac_check_kld_stat(struct ucred *cred); int mac_check_kld_unload(struct ucred *cred); int mac_check_mount_stat(struct ucred *cred, struct mount *mp); -int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +int mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, unsigned long cmd, void *data); -int mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_read(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_write(struct ucred *cred, struct pipe *pipe); +int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); int mac_check_proc_debug(struct ucred *cred, struct proc *proc); int mac_check_proc_sched(struct ucred *cred, struct proc *proc); int mac_check_proc_signal(struct ucred *cred, struct proc *proc, @@ -351,7 +351,7 @@ int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifnet); int mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *extmac); -int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, +int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); |
