diff options
| author | melifaro <melifaro@FreeBSD.org> | 2012-04-06 06:53:58 +0000 |
|---|---|---|
| committer | melifaro <melifaro@FreeBSD.org> | 2012-04-06 06:53:58 +0000 |
| commit | 8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf (patch) | |
| tree | ead0d5369047c56ec667d8a937da41d4682a0ed6 /sys/security/mac | |
| parent | b6974119420223f65336e5d64d2782bff6a82731 (diff) | |
| download | FreeBSD-src-8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf.zip FreeBSD-src-8b1d10268c8ffd28f6c4b0da1e3906b139fc94cf.tar.gz | |
- Improve BPF locking model.
Interface locks and descriptor locks are converted from mutex(9) to rwlock(9).
This greately improves performance: in most common case we need to acquire 1
reader lock instead of 2 mutexes.
- Remove filter(descriptor) (reader) lock in bpf_mtap[2]
This was suggested by glebius@. We protect filter by requesting interface
writer lock on filter change.
- Cover struct bpf_if under BPF_INTERNAL define. This permits including bpf.h
without including rwlock stuff. However, this is is temporary solution,
struct bpf_if should be made opaque for any external caller.
Found by: Dmitrij Tejblum <tejblum@yandex-team.ru>
Sponsored by: Yandex LLC
Reviewed by: glebius (previous version)
Reviewed by: silence on -net@
Approved by: (mentor)
MFC after: 3 weeks
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_net.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index ed33885..b7e4c54 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -319,6 +319,7 @@ mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m) { struct label *label; + /* Assume reader lock is enough. */ BPFD_LOCK_ASSERT(d); if (mac_policy_count == 0) @@ -354,6 +355,7 @@ mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp) { int error; + /* Assume reader lock is enough. */ BPFD_LOCK_ASSERT(d); if (mac_policy_count == 0) |
