FreeBSD src
Go to file
rwatson 1fd1a984a7 Move MAC label storage for mbufs into m_tags from the m_pkthdr structure,
returning some additional room in the first mbuf in a chain, and
avoiding feature-specific contents in the mbuf header.  To do this:

- Modify mbuf_to_label() to extract the tag, returning NULL if not
  found.

- Introduce mac_init_mbuf_tag() which does most of the work
  mac_init_mbuf() used to do, except on an m_tag rather than an
  mbuf.

- Scale back mac_init_mbuf() to perform m_tag allocation and invoke
  mac_init_mbuf_tag().

- Replace mac_destroy_mbuf() with mac_destroy_mbuf_tag(), since
  m_tag's are now GC'd deep in the m_tag/mbuf code rather than
  at a higher level when mbufs are directly free()'d.

- Add mac_copy_mbuf_tag() to support m_copy_pkthdr() and related
  notions.

- Generally change all references to mbuf labels so that they use
  mbuf_to_label() rather than &mbuf->m_pkthdr.label.  This
  required no changes in the MAC policies (yay!).

- Tweak mbuf release routines to not call mac_destroy_mbuf(),
  tag destruction takes care of it for us now.

- Remove MAC magic from m_copy_pkthdr() and m_move_pkthdr() --
  the existing m_tag support does all this for us.  Note that
  we can no longer just zero the m_tag list on the target mbuf,
  rather, we have to delete the chain because m_tag's will
  already be hung off freshly allocated mbuf's.

- Tweak m_tag copying routines so that if we're copying a MAC
  m_tag, we don't do a binary copy, rather, we initialize the
  new storage and do a deep copy of the label.

- Remove use of MAC_FLAG_INITIALIZED in a few bizarre places
  having to do with mbuf header copies previously.

- When an mbuf is copied in ip_input(), we no longer need to
  explicitly copy the label because it will get handled by the
  m_tag code now.

- No longer any weird handling of MAC labels in if_loop.c during
  header copies.

- Add MPC_LOADTIME_FLAG_LABELMBUFS flag to Biba, MLS, mac_test.
  In mac_test, handle the label==NULL case, since it can be
  dynamically loaded.

In order to improve performance with this change, introduce the notion
of "lazy MAC label allocation" -- only allocate m_tag storage for MAC
labels if we're running with a policy that uses MAC labels on mbufs.
Policies declare this intent by setting the MPC_LOADTIME_FLAG_LABELMBUFS
flag in their load-time flags field during declaration.  Note: this
opens up the possibility of post-boot policy modules getting back NULL
slot entries even though they have policy invariants of non-NULL slot
entries, as the policy might have been loaded after the mbuf was
allocated, leaving the mbuf without label storage.  Policies that cannot
handle this case must be declared as NOTLATE, or must be modified.

- mac_labelmbufs holds the current cumulative status as to whether
  any policies require mbuf labeling or not.  This is updated whenever
  the active policy set changes by the function mac_policy_updateflags().
  The function iterates the list and checks whether any have the
  flag set.  Write access to this variable is protected by the policy
  list; read access is currently not protected for performance reasons.
  This might change if it causes problems.

- Add MAC_POLICY_LIST_ASSERT_EXCLUSIVE() to permit the flags update
  function to assert appropriate locks.

- This makes allocation in mac_init_mbuf() conditional on the flag.

Reviewed by:	sam
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-14 20:39:06 +00:00
bin Correct style bugs. Don't skip zombies in cputime(), according to Bruce, 2003-04-14 19:51:36 +00:00
contrib Teach gcc how to put unitialized data into BSS on FreeBSD. 2003-04-13 01:04:01 +00:00
crypto - when using a child process instead of a thread, change the child's 2003-03-31 13:48:18 +00:00
etc Add NTT-ME SS-LAN CARD MN128. This card entry has been 2003-04-10 17:16:01 +00:00
games Add an option to print the time in 12-hour format. 2003-03-28 16:37:45 +00:00
gnu Removed invasion into these makefiles by the "legacy" stuff; 2003-04-12 14:44:49 +00:00
include Dynamic object dependency mapping: libmap. 2003-04-07 16:21:26 +00:00
kerberos5 Migrate to a new way of dealing with building from old revisions of 2003-04-05 20:30:30 +00:00
lib Merge in vfprintf.c rev. 1.58. 2003-04-14 12:15:59 +00:00
libexec Code cleanups and sanity checking for config file parser. 2003-04-10 01:44:19 +00:00
release Add sbsh(4) entry. 2003-04-13 19:15:30 +00:00
sbin Avoid off_t -> integer overflow when sorting the locksector addresses. 2003-04-14 09:36:39 +00:00
secure Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
share Add CPUTYPE support for "athlon-tbird", as GCC makes the distinction. 2003-04-14 17:36:29 +00:00
sys Move MAC label storage for mbufs into m_tags from the m_pkthdr structure, 2003-04-14 20:39:06 +00:00
tools Add a test case for printf("%5.0f", 0.001). 2003-04-14 11:26:32 +00:00
usr.bin Uncomment the description of the -f option. Add rfork() to the list of 2003-04-14 07:22:25 +00:00
usr.sbin Oops. Back out a style "fix" in the previous commit. SRCS must be defined 2003-04-13 14:21:56 +00:00
COPYRIGHT Update to add the July 22, 1999 addendum. 1999-09-05 21:33:47 +00:00
MAINTAINERS Nuke xargs, I haven't had to help anyone with it, so I assume it stands on 2003-02-18 00:07:06 +00:00
Makefile Kill upgrade target docs. It too is stale. 2003-04-03 05:34:36 +00:00
Makefile.inc1 kbdcontrol.c rev. 1.35 and onwards support the KEYMAP_PATH 2003-04-14 14:46:13 +00:00
README KerberosIV de-orbit burn continues. Disconnect from "make world". 2003-03-08 10:01:26 +00:00
UPDATING Mention that 20021024 entry doesn't affect disks formatted in 2003-03-31 12:46:18 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The
``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html