diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-02-01 05:56:51 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-02-01 05:56:51 +0000 |
| commit | b8e797cfe04273fadc8e4c77b305325e0f1549f3 (patch) | |
| tree | 02367146686e83fbaea5ff9d00e36f8d0cf2b688 /sys/security | |
| parent | 75249cf38e5ac423561abeb1906852c0579f9e3c (diff) | |
| download | FreeBSD-src-b8e797cfe04273fadc8e4c77b305325e0f1549f3.zip FreeBSD-src-b8e797cfe04273fadc8e4c77b305325e0f1549f3.tar.gz | |
Coalesce pipe allocations and frees. Previously, the pipe code
would allocate two 'struct pipe's from the pipe zone, and malloc a
mutex.
- Create a new "struct pipepair" object holding the two 'struct
pipe' instances, struct mutex, and struct label reference. Pipe
structures now have a back-pointer to the pipe pair, and a
'pipe_present' flag to indicate whether the half has been
closed.
- Perform mutex init/destroy in zone init/destroy, avoiding
reallocating the mutex for each pipe. Perform most pipe structure
setup in zone constructor.
- VM memory mappings for pageable buffers are still done outside of
the UMA zone.
- Change MAC API to speak 'struct pipepair' instead of 'struct pipe',
update many policies. MAC labels are also handled outside of the
UMA zone for now. Label-only policy modules don't have to be
recompiled, but if a module is recompiled, its pipe entry points
will need to be updated. If a module actually reached into the
pipe structures (unlikely), that would also need to be modified.
These changes substantially simplify failure handling in the pipe
code as there are many fewer possible failure modes.
On half-close, pipes no longer free the 'struct pipe' for the closed
half until a full-close takes place. However, VM mapped buffers
are still released on half-close.
Some code refactoring is now possible to clean up some of the back
references, etc; this patch attempts not to change the structure
of most of the pipe implementation, only allocation/free code
paths, so as to avoid introducing bugs (hopefully).
This cuts about 8%-9% off the cost of sequential pipe allocation
and free in system call tests on UP and SMP in my micro-benchmarks.
May or may not make a difference in macro-benchmarks, but doing
less work is good.
Reviewed by: juli, tjr
Testing help: dwhite, fenestro, scottl, et al
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 6 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 67 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 29 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 6 | ||||
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 16 | ||||
| -rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 12 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 16 | ||||
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 16 |
9 files changed, 95 insertions, 93 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index f42b075..7e90752 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -745,7 +745,7 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) pipe = fp->f_data; intlabel = mac_pipe_label_alloc(); PIPE_LOCK(pipe); - mac_copy_pipe_label(pipe->pipe_label, intlabel); + mac_copy_pipe_label(pipe->pipe_pair->pp_label, intlabel); PIPE_UNLOCK(pipe); error = mac_externalize_pipe_label(intlabel, elements, buffer, mac.m_buflen); @@ -953,8 +953,8 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) if (error == 0) { pipe = fp->f_data; PIPE_LOCK(pipe); - error = mac_pipe_label_set(td->td_ucred, pipe, - intlabel); + error = mac_pipe_label_set(td->td_ucred, + pipe->pipe_pair, intlabel); PIPE_UNLOCK(pipe); } mac_pipe_label_free(intlabel); diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index ed04abd..83e0252 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -120,7 +120,7 @@ struct mount; struct proc; struct sockaddr; struct socket; -struct pipe; +struct pipepair; struct thread; struct timespec; struct ucred; @@ -142,7 +142,7 @@ void mac_init_ifnet(struct ifnet *); int mac_init_inpcb(struct inpcb *, int flag); int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); -void mac_init_pipe(struct pipe *); +void mac_init_pipe(struct pipepair *); int mac_init_mbuf(struct mbuf *mbuf, int flag); int mac_init_mbuf_tag(struct m_tag *, int flag); void mac_init_mount(struct mount *); @@ -157,7 +157,7 @@ void mac_destroy_ifnet(struct ifnet *); void mac_destroy_inpcb(struct inpcb *); void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); -void mac_destroy_pipe(struct pipe *); +void mac_destroy_pipe(struct pipepair *); void mac_destroy_proc(struct proc *); void mac_destroy_mbuf_tag(struct m_tag *); void mac_destroy_mount(struct mount *); @@ -202,7 +202,7 @@ void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket); void mac_set_socket_peer_from_socket(struct socket *oldsocket, struct socket *newsocket); -void mac_create_pipe(struct ucred *cred, struct pipe *pipe); +void mac_create_pipe(struct ucred *cred, struct pipepair *pp); /* * Labeling event operations: network objects. @@ -255,12 +255,12 @@ int mac_check_kld_load(struct ucred *cred, struct vnode *vp); int mac_check_kld_stat(struct ucred *cred); int mac_check_kld_unload(struct ucred *cred); int mac_check_mount_stat(struct ucred *cred, struct mount *mp); -int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +int mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, unsigned long cmd, void *data); -int mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_read(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe); -int mac_check_pipe_write(struct ucred *cred, struct pipe *pipe); +int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); +int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); int mac_check_proc_debug(struct ucred *cred, struct proc *proc); int mac_check_proc_sched(struct ucred *cred, struct proc *proc); int mac_check_proc_signal(struct ucred *cred, struct proc *proc, @@ -351,7 +351,7 @@ int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifnet); int mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *extmac); -int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, +int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 61633c3..ec7a9ef 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -73,11 +73,10 @@ mac_pipe_label_alloc(void) } void -mac_init_pipe(struct pipe *pipe) +mac_init_pipe(struct pipepair *pp) { - pipe->pipe_label = pipe->pipe_peer->pipe_label = - mac_pipe_label_alloc(); + pp->pp_label = mac_pipe_label_alloc(); } void @@ -90,11 +89,11 @@ mac_pipe_label_free(struct label *label) } void -mac_destroy_pipe(struct pipe *pipe) +mac_destroy_pipe(struct pipepair *pp) { - mac_pipe_label_free(pipe->pipe_label); - pipe->pipe_label = NULL; + mac_pipe_label_free(pp->pp_label); + pp->pp_label = NULL; } void @@ -126,123 +125,125 @@ mac_internalize_pipe_label(struct label *label, char *string) } void -mac_create_pipe(struct ucred *cred, struct pipe *pipe) +mac_create_pipe(struct ucred *cred, struct pipepair *pp) { - MAC_PERFORM(create_pipe, cred, pipe, pipe->pipe_label); + MAC_PERFORM(create_pipe, cred, pp, pp->pp_label); } static void -mac_relabel_pipe(struct ucred *cred, struct pipe *pipe, struct label *newlabel) +mac_relabel_pipe(struct ucred *cred, struct pipepair *pp, + struct label *newlabel) { - MAC_PERFORM(relabel_pipe, cred, pipe, pipe->pipe_label, newlabel); + MAC_PERFORM(relabel_pipe, cred, pp, pp->pp_label, newlabel); } int -mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd, - void *data) +mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, + unsigned long cmd, void *data) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data); + MAC_CHECK(check_pipe_ioctl, cred, pp, pp->pp_label, cmd, data); return (error); } int -mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe) +mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label); + MAC_CHECK(check_pipe_poll, cred, pp, pp->pp_label); return (error); } int -mac_check_pipe_read(struct ucred *cred, struct pipe *pipe) +mac_check_pipe_read(struct ucred *cred, struct pipepair *pp) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label); + MAC_CHECK(check_pipe_read, cred, pp, pp->pp_label); return (error); } static int -mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +mac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *newlabel) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel); + MAC_CHECK(check_pipe_relabel, cred, pp, pp->pp_label, newlabel); return (error); } int -mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe) +mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label); + MAC_CHECK(check_pipe_stat, cred, pp, pp->pp_label); return (error); } int -mac_check_pipe_write(struct ucred *cred, struct pipe *pipe) +mac_check_pipe_write(struct ucred *cred, struct pipepair *pp) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label); + MAC_CHECK(check_pipe_write, cred, pp, pp->pp_label); return (error); } int -mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label) +mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, + struct label *label) { int error; - PIPE_LOCK_ASSERT(pipe, MA_OWNED); + mtx_assert(&pp->pp_mtx, MA_OWNED); - error = mac_check_pipe_relabel(cred, pipe, label); + error = mac_check_pipe_relabel(cred, pp, label); if (error) return (error); - mac_relabel_pipe(cred, pipe, label); + mac_relabel_pipe(cred, pp, label); return (0); } diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 55ed7fb..6c26538 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -60,7 +60,7 @@ struct label; struct mac_policy_conf; struct mbuf; struct mount; -struct pipe; +struct pipepair; struct sbuf; struct socket; struct ucred; @@ -199,7 +199,7 @@ struct mac_policy_ops { struct label *newsocketlabel); void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so, struct label *oldlabel, struct label *newlabel); - void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe, + void (*mpo_relabel_pipe)(struct ucred *cred, struct pipepair *pp, struct label *oldlabel, struct label *newlabel); void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf, struct label *mbuflabel, struct socket *so, @@ -207,7 +207,7 @@ struct mac_policy_ops { void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketpeerlabel); - void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe, + void (*mpo_create_pipe)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel); /* @@ -312,19 +312,20 @@ struct mac_policy_ops { int (*mpo_check_kld_unload)(struct ucred *cred); int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp, struct label *mntlabel); - int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel, unsigned long cmd, void *data); - int (*mpo_check_pipe_poll)(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel); - int (*mpo_check_pipe_read)(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel); + int (*mpo_check_pipe_ioctl)(struct ucred *cred, + struct pipepair *pp, struct label *pipelabel, + unsigned long cmd, void *data); + int (*mpo_check_pipe_poll)(struct ucred *cred, + struct pipepair *pp, struct label *pipelabel); + int (*mpo_check_pipe_read)(struct ucred *cred, + struct pipepair *pp, struct label *pipelabel); int (*mpo_check_pipe_relabel)(struct ucred *cred, - struct pipe *pipe, struct label *pipelabel, + struct pipepair *pp, struct label *pipelabel, struct label *newlabel); - int (*mpo_check_pipe_stat)(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel); - int (*mpo_check_pipe_write)(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel); + int (*mpo_check_pipe_stat)(struct ucred *cred, + struct pipepair *pp, struct label *pipelabel); + int (*mpo_check_pipe_write)(struct ucred *cred, + struct pipepair *pp, struct label *pipelabel); int (*mpo_check_proc_debug)(struct ucred *cred, struct proc *proc); int (*mpo_check_proc_sched)(struct ucred *cred, diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index f42b075..7e90752 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -745,7 +745,7 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) pipe = fp->f_data; intlabel = mac_pipe_label_alloc(); PIPE_LOCK(pipe); - mac_copy_pipe_label(pipe->pipe_label, intlabel); + mac_copy_pipe_label(pipe->pipe_pair->pp_label, intlabel); PIPE_UNLOCK(pipe); error = mac_externalize_pipe_label(intlabel, elements, buffer, mac.m_buflen); @@ -953,8 +953,8 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) if (error == 0) { pipe = fp->f_data; PIPE_LOCK(pipe); - error = mac_pipe_label_set(td->td_ucred, pipe, - intlabel); + error = mac_pipe_label_set(td->td_ucred, + pipe->pipe_pair, intlabel); PIPE_UNLOCK(pipe); } mac_pipe_label_free(intlabel); diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index a813b9b..aee7714 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1017,7 +1017,7 @@ mac_biba_create_socket(struct ucred *cred, struct socket *socket, } static void -mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, +mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_biba *source, *dest; @@ -1054,7 +1054,7 @@ mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, } static void -mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, +mac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_biba *source, *dest; @@ -1588,7 +1588,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, } static int -mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { @@ -1601,7 +1601,7 @@ mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, } static int -mac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_biba *subj, *obj; @@ -1619,7 +1619,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, } static int -mac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_biba *subj, *obj; @@ -1637,7 +1637,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, } static int -mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_biba *subj, *obj, *new; @@ -1688,7 +1688,7 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } static int -mac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_biba *subj, *obj; @@ -1706,7 +1706,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, } static int -mac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, +mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_biba *subj, *obj; diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 10608d1..f86e106 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1156,7 +1156,7 @@ mac_lomac_create_socket(struct ucred *cred, struct socket *socket, } static void -mac_lomac_create_pipe(struct ucred *cred, struct pipe *pipe, +mac_lomac_create_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_lomac *source, *dest; @@ -1193,7 +1193,7 @@ mac_lomac_relabel_socket(struct ucred *cred, struct socket *socket, } static void -mac_lomac_relabel_pipe(struct ucred *cred, struct pipe *pipe, +mac_lomac_relabel_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_lomac *source, *dest; @@ -1798,7 +1798,7 @@ mac_lomac_check_kld_unload(struct ucred *cred) } static int -mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { @@ -1811,7 +1811,7 @@ mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, } static int -mac_lomac_check_pipe_read(struct ucred *cred, struct pipe *pipe, +mac_lomac_check_pipe_read(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_lomac *subj, *obj; @@ -1829,7 +1829,7 @@ mac_lomac_check_pipe_read(struct ucred *cred, struct pipe *pipe, } static int -mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_lomac *subj, *obj, *new; @@ -1880,7 +1880,7 @@ mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } static int -mac_lomac_check_pipe_write(struct ucred *cred, struct pipe *pipe, +mac_lomac_check_pipe_write(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_lomac *subj, *obj; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 96016ce..b5ddecc 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -987,7 +987,7 @@ mac_mls_create_socket(struct ucred *cred, struct socket *socket, } static void -mac_mls_create_pipe(struct ucred *cred, struct pipe *pipe, +mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_mls *source, *dest; @@ -1024,7 +1024,7 @@ mac_mls_relabel_socket(struct ucred *cred, struct socket *socket, } static void -mac_mls_relabel_pipe(struct ucred *cred, struct pipe *pipe, +mac_mls_relabel_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1479,7 +1479,7 @@ mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, } static int -mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { @@ -1492,7 +1492,7 @@ mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, } static int -mac_mls_check_pipe_poll(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_mls *subj, *obj; @@ -1510,7 +1510,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipe *pipe, } static int -mac_mls_check_pipe_read(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_mls *subj, *obj; @@ -1528,7 +1528,7 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipe *pipe, } static int -mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct mac_mls *subj, *obj, *new; @@ -1579,7 +1579,7 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } static int -mac_mls_check_pipe_stat(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_mls *subj, *obj; @@ -1597,7 +1597,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipe *pipe, } static int -mac_mls_check_pipe_write(struct ucred *cred, struct pipe *pipe, +mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { struct mac_mls *subj, *obj; diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 0d5fdf3..945a237 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -803,7 +803,7 @@ mac_test_create_socket(struct ucred *cred, struct socket *socket, } static void -mac_test_create_pipe(struct ucred *cred, struct pipe *pipe, +mac_test_create_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { @@ -831,7 +831,7 @@ mac_test_relabel_socket(struct ucred *cred, struct socket *socket, } static void -mac_test_relabel_pipe(struct ucred *cred, struct pipe *pipe, +mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { @@ -1247,7 +1247,7 @@ mac_test_check_mount_stat(struct ucred *cred, struct mount *mp, } static int -mac_test_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { @@ -1258,7 +1258,7 @@ mac_test_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, } static int -mac_test_check_pipe_poll(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_poll(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { @@ -1269,7 +1269,7 @@ mac_test_check_pipe_poll(struct ucred *cred, struct pipe *pipe, } static int -mac_test_check_pipe_read(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_read(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { @@ -1280,7 +1280,7 @@ mac_test_check_pipe_read(struct ucred *cred, struct pipe *pipe, } static int -mac_test_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { @@ -1292,7 +1292,7 @@ mac_test_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } static int -mac_test_check_pipe_stat(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_stat(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { @@ -1303,7 +1303,7 @@ mac_test_check_pipe_stat(struct ucred *cred, struct pipe *pipe, } static int -mac_test_check_pipe_write(struct ucred *cred, struct pipe *pipe, +mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { |
