Modify the mac_init_ipq() MAC Framework entry point to accept an
additional flags argument to indicate blocking disposition, and pass in M_NOWAIT from the IP reassembly code to indicate that blocking is not OK when labeling a new IP fragment reassembly queue. This should eliminate some of the WITNESS warnings that have started popping up since fine-grained IP stack locking started going in; if memory allocation fails, the creation of the fragment queue will be aborted. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
parent
1d8aed2b21
commit
5e7ce4785f
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -983,7 +983,10 @@ ip_reass(struct mbuf *m, struct ipqhead *head, struct ipq *fp,
|
||||
goto dropfrag;
|
||||
fp = mtod(t, struct ipq *);
|
||||
#ifdef MAC
|
||||
mac_init_ipq(fp);
|
||||
if (mac_init_ipq(fp, M_NOWAIT) != 0) {
|
||||
m_free(t);
|
||||
goto dropfrag;
|
||||
}
|
||||
mac_create_ipq(m, fp);
|
||||
#endif
|
||||
TAILQ_INSERT_HEAD(head, fp, ipq_list);
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -133,7 +133,7 @@ void mac_init_bpfdesc(struct bpf_d *);
|
||||
void mac_init_cred(struct ucred *);
|
||||
void mac_init_devfsdirent(struct devfs_dirent *);
|
||||
void mac_init_ifnet(struct ifnet *);
|
||||
void mac_init_ipq(struct ipq *);
|
||||
int mac_init_ipq(struct ipq *, int flag);
|
||||
int mac_init_socket(struct socket *, int flag);
|
||||
void mac_init_pipe(struct pipe *);
|
||||
int mac_init_mbuf(struct mbuf *m, int flag);
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -73,7 +73,7 @@ struct mac_policy_ops {
|
||||
void (*mpo_init_cred_label)(struct label *label);
|
||||
void (*mpo_init_devfsdirent_label)(struct label *label);
|
||||
void (*mpo_init_ifnet_label)(struct label *label);
|
||||
void (*mpo_init_ipq_label)(struct label *label);
|
||||
int (*mpo_init_ipq_label)(struct label *label, int flag);
|
||||
int (*mpo_init_mbuf_label)(struct label *label, int flag);
|
||||
void (*mpo_init_mount_label)(struct label *label);
|
||||
void (*mpo_init_mount_fs_label)(struct label *label);
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
|
||||
mac_init_ifnet_label(&ifp->if_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_ipq(struct ipq *ipq)
|
||||
int
|
||||
mac_init_ipq(struct ipq *ipq, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
mac_init_label(&ipq->ipq_label);
|
||||
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
|
||||
|
||||
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
|
||||
mac_destroy_label(&ipq->ipq_label);
|
||||
}
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacipqs, 1);
|
||||
#endif
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -2621,7 +2621,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_init_cred_label = mac_biba_init_label,
|
||||
.mpo_init_devfsdirent_label = mac_biba_init_label,
|
||||
.mpo_init_ifnet_label = mac_biba_init_label,
|
||||
.mpo_init_ipq_label = mac_biba_init_label,
|
||||
.mpo_init_ipq_label = mac_biba_init_label_waitcheck,
|
||||
.mpo_init_mbuf_label = mac_biba_init_label_waitcheck,
|
||||
.mpo_init_mount_label = mac_biba_init_label,
|
||||
.mpo_init_mount_fs_label = mac_biba_init_label,
|
||||
|
@ -2612,7 +2612,7 @@ static struct mac_policy_ops mac_lomac_ops =
|
||||
.mpo_init_cred_label = mac_lomac_init_label,
|
||||
.mpo_init_devfsdirent_label = mac_lomac_init_label,
|
||||
.mpo_init_ifnet_label = mac_lomac_init_label,
|
||||
.mpo_init_ipq_label = mac_lomac_init_label,
|
||||
.mpo_init_ipq_label = mac_lomac_init_label_waitcheck,
|
||||
.mpo_init_mbuf_label = mac_lomac_init_label_waitcheck,
|
||||
.mpo_init_mount_label = mac_lomac_init_label,
|
||||
.mpo_init_mount_fs_label = mac_lomac_init_label,
|
||||
|
@ -2384,7 +2384,7 @@ static struct mac_policy_ops mac_mls_ops =
|
||||
.mpo_init_cred_label = mac_mls_init_label,
|
||||
.mpo_init_devfsdirent_label = mac_mls_init_label,
|
||||
.mpo_init_ifnet_label = mac_mls_init_label,
|
||||
.mpo_init_ipq_label = mac_mls_init_label,
|
||||
.mpo_init_ipq_label = mac_mls_init_label_waitcheck,
|
||||
.mpo_init_mbuf_label = mac_mls_init_label_waitcheck,
|
||||
.mpo_init_mount_label = mac_mls_init_label,
|
||||
.mpo_init_mount_fs_label = mac_mls_init_label,
|
||||
|
@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
|
||||
.mpo_init_cred_label = mac_none_init_label,
|
||||
.mpo_init_devfsdirent_label = mac_none_init_label,
|
||||
.mpo_init_ifnet_label = mac_none_init_label,
|
||||
.mpo_init_ipq_label = mac_none_init_label,
|
||||
.mpo_init_ipq_label = mac_none_init_label_waitcheck,
|
||||
.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
|
||||
.mpo_init_mount_label = mac_none_init_label,
|
||||
.mpo_init_mount_fs_label = mac_none_init_label,
|
||||
|
@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
|
||||
.mpo_init_cred_label = mac_none_init_label,
|
||||
.mpo_init_devfsdirent_label = mac_none_init_label,
|
||||
.mpo_init_ifnet_label = mac_none_init_label,
|
||||
.mpo_init_ipq_label = mac_none_init_label,
|
||||
.mpo_init_ipq_label = mac_none_init_label_waitcheck,
|
||||
.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
|
||||
.mpo_init_mount_label = mac_none_init_label,
|
||||
.mpo_init_mount_fs_label = mac_none_init_label,
|
||||
|
@ -242,12 +242,13 @@ mac_test_init_ifnet_label(struct label *label)
|
||||
atomic_add_int(&init_count_ifnet, 1);
|
||||
}
|
||||
|
||||
static void
|
||||
mac_test_init_ipq_label(struct label *label)
|
||||
static int
|
||||
mac_test_init_ipq_label(struct label *label, int flag)
|
||||
{
|
||||
|
||||
SLOT(label) = IPQMAGIC;
|
||||
atomic_add_int(&init_count_ipq, 1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -133,7 +133,7 @@ void mac_init_bpfdesc(struct bpf_d *);
|
||||
void mac_init_cred(struct ucred *);
|
||||
void mac_init_devfsdirent(struct devfs_dirent *);
|
||||
void mac_init_ifnet(struct ifnet *);
|
||||
void mac_init_ipq(struct ipq *);
|
||||
int mac_init_ipq(struct ipq *, int flag);
|
||||
int mac_init_socket(struct socket *, int flag);
|
||||
void mac_init_pipe(struct pipe *);
|
||||
int mac_init_mbuf(struct mbuf *m, int flag);
|
||||
|
@ -73,7 +73,7 @@ struct mac_policy_ops {
|
||||
void (*mpo_init_cred_label)(struct label *label);
|
||||
void (*mpo_init_devfsdirent_label)(struct label *label);
|
||||
void (*mpo_init_ifnet_label)(struct label *label);
|
||||
void (*mpo_init_ipq_label)(struct label *label);
|
||||
int (*mpo_init_ipq_label)(struct label *label, int flag);
|
||||
int (*mpo_init_mbuf_label)(struct label *label, int flag);
|
||||
void (*mpo_init_mount_label)(struct label *label);
|
||||
void (*mpo_init_mount_fs_label)(struct label *label);
|
||||
|
Loading…
Reference in New Issue
Block a user