summaryrefslogtreecommitdiffstats
path: root/sys/security/mac
diff options
context:
space:
mode:
authormelifaro <melifaro@FreeBSD.org>2012-04-06 06:53:58 +0000
committermelifaro <melifaro@FreeBSD.org>2012-04-06 06:53:58 +0000
commit8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf (patch)
treeead0d5369047c56ec667d8a937da41d4682a0ed6 /sys/security/mac
parentb6974119420223f65336e5d64d2782bff6a82731 (diff)
downloadFreeBSD-src-8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf.zip
FreeBSD-src-8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf.tar.gz
- Improve BPF locking model.
Interface locks and descriptor locks are converted from mutex(9) to rwlock(9). This greately improves performance: in most common case we need to acquire 1 reader lock instead of 2 mutexes. - Remove filter(descriptor) (reader) lock in bpf_mtap[2] This was suggested by glebius@. We protect filter by requesting interface writer lock on filter change. - Cover struct bpf_if under BPF_INTERNAL define. This permits including bpf.h without including rwlock stuff. However, this is is temporary solution, struct bpf_if should be made opaque for any external caller. Found by: Dmitrij Tejblum <tejblum@yandex-team.ru> Sponsored by: Yandex LLC Reviewed by: glebius (previous version) Reviewed by: silence on -net@ Approved by: (mentor) MFC after: 3 weeks
Diffstat (limited to 'sys/security/mac')
-rw-r--r--sys/security/mac/mac_net.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index ed33885..b7e4c54 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -319,6 +319,7 @@ mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m)
{
struct label *label;
+ /* Assume reader lock is enough. */
BPFD_LOCK_ASSERT(d);
if (mac_policy_count == 0)
@@ -354,6 +355,7 @@ mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp)
{
int error;
+ /* Assume reader lock is enough. */
BPFD_LOCK_ASSERT(d);
if (mac_policy_count == 0)
OpenPOWER on IntegriCloud