Modify the mac_init_ipq() MAC Framework entry point to accept an

additional flags argument to indicate blocking disposition, and
pass in M_NOWAIT from the IP reassembly code to indicate that
blocking is not OK when labeling a new IP fragment reassembly
queue.  This should eliminate some of the WITNESS warnings that
have started popping up since fine-grained IP stack locking
started going in; if memory allocation fails, the creation of
the fragment queue will be aborted.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson 2003-03-26 15:12:03 +00:00
parent 1d8aed2b21
commit 5e7ce4785f
20 changed files with 124 additions and 48 deletions

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -983,7 +983,10 @@ ip_reass(struct mbuf *m, struct ipqhead *head, struct ipq *fp,
goto dropfrag;
fp = mtod(t, struct ipq *);
#ifdef MAC
mac_init_ipq(fp);
if (mac_init_ipq(fp, M_NOWAIT) != 0) {
m_free(t);
goto dropfrag;
}
mac_create_ipq(m, fp);
#endif
TAILQ_INSERT_HEAD(head, fp, ipq_list);

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -133,7 +133,7 @@ void mac_init_bpfdesc(struct bpf_d *);
void mac_init_cred(struct ucred *);
void mac_init_devfsdirent(struct devfs_dirent *);
void mac_init_ifnet(struct ifnet *);
void mac_init_ipq(struct ipq *);
int mac_init_ipq(struct ipq *, int flag);
int mac_init_socket(struct socket *, int flag);
void mac_init_pipe(struct pipe *);
int mac_init_mbuf(struct mbuf *m, int flag);

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -73,7 +73,7 @@ struct mac_policy_ops {
void (*mpo_init_cred_label)(struct label *label);
void (*mpo_init_devfsdirent_label)(struct label *label);
void (*mpo_init_ifnet_label)(struct label *label);
void (*mpo_init_ipq_label)(struct label *label);
int (*mpo_init_ipq_label)(struct label *label, int flag);
int (*mpo_init_mbuf_label)(struct label *label, int flag);
void (*mpo_init_mount_label)(struct label *label);
void (*mpo_init_mount_fs_label)(struct label *label);

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -697,15 +697,23 @@ mac_init_ifnet(struct ifnet *ifp)
mac_init_ifnet_label(&ifp->if_label);
}
void
mac_init_ipq(struct ipq *ipq)
int
mac_init_ipq(struct ipq *ipq, int flag)
{
int error;
mac_init_label(&ipq->ipq_label);
MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
if (error) {
MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
mac_destroy_label(&ipq->ipq_label);
}
#ifdef MAC_DEBUG
atomic_add_int(&nmacipqs, 1);
if (error == 0)
atomic_add_int(&nmacipqs, 1);
#endif
return (error);
}
int

View File

@ -2621,7 +2621,7 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_init_cred_label = mac_biba_init_label,
.mpo_init_devfsdirent_label = mac_biba_init_label,
.mpo_init_ifnet_label = mac_biba_init_label,
.mpo_init_ipq_label = mac_biba_init_label,
.mpo_init_ipq_label = mac_biba_init_label_waitcheck,
.mpo_init_mbuf_label = mac_biba_init_label_waitcheck,
.mpo_init_mount_label = mac_biba_init_label,
.mpo_init_mount_fs_label = mac_biba_init_label,

View File

@ -2612,7 +2612,7 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_init_cred_label = mac_lomac_init_label,
.mpo_init_devfsdirent_label = mac_lomac_init_label,
.mpo_init_ifnet_label = mac_lomac_init_label,
.mpo_init_ipq_label = mac_lomac_init_label,
.mpo_init_ipq_label = mac_lomac_init_label_waitcheck,
.mpo_init_mbuf_label = mac_lomac_init_label_waitcheck,
.mpo_init_mount_label = mac_lomac_init_label,
.mpo_init_mount_fs_label = mac_lomac_init_label,

View File

@ -2384,7 +2384,7 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_init_cred_label = mac_mls_init_label,
.mpo_init_devfsdirent_label = mac_mls_init_label,
.mpo_init_ifnet_label = mac_mls_init_label,
.mpo_init_ipq_label = mac_mls_init_label,
.mpo_init_ipq_label = mac_mls_init_label_waitcheck,
.mpo_init_mbuf_label = mac_mls_init_label_waitcheck,
.mpo_init_mount_label = mac_mls_init_label,
.mpo_init_mount_fs_label = mac_mls_init_label,

View File

@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
.mpo_init_cred_label = mac_none_init_label,
.mpo_init_devfsdirent_label = mac_none_init_label,
.mpo_init_ifnet_label = mac_none_init_label,
.mpo_init_ipq_label = mac_none_init_label,
.mpo_init_ipq_label = mac_none_init_label_waitcheck,
.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
.mpo_init_mount_label = mac_none_init_label,
.mpo_init_mount_fs_label = mac_none_init_label,

View File

@ -974,7 +974,7 @@ static struct mac_policy_ops mac_none_ops =
.mpo_init_cred_label = mac_none_init_label,
.mpo_init_devfsdirent_label = mac_none_init_label,
.mpo_init_ifnet_label = mac_none_init_label,
.mpo_init_ipq_label = mac_none_init_label,
.mpo_init_ipq_label = mac_none_init_label_waitcheck,
.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
.mpo_init_mount_label = mac_none_init_label,
.mpo_init_mount_fs_label = mac_none_init_label,

View File

@ -242,12 +242,13 @@ mac_test_init_ifnet_label(struct label *label)
atomic_add_int(&init_count_ifnet, 1);
}
static void
mac_test_init_ipq_label(struct label *label)
static int
mac_test_init_ipq_label(struct label *label, int flag)
{
SLOT(label) = IPQMAGIC;
atomic_add_int(&init_count_ipq, 1);
return (0);
}
static int

View File

@ -133,7 +133,7 @@ void mac_init_bpfdesc(struct bpf_d *);
void mac_init_cred(struct ucred *);
void mac_init_devfsdirent(struct devfs_dirent *);
void mac_init_ifnet(struct ifnet *);
void mac_init_ipq(struct ipq *);
int mac_init_ipq(struct ipq *, int flag);
int mac_init_socket(struct socket *, int flag);
void mac_init_pipe(struct pipe *);
int mac_init_mbuf(struct mbuf *m, int flag);

View File

@ -73,7 +73,7 @@ struct mac_policy_ops {
void (*mpo_init_cred_label)(struct label *label);
void (*mpo_init_devfsdirent_label)(struct label *label);
void (*mpo_init_ifnet_label)(struct label *label);
void (*mpo_init_ipq_label)(struct label *label);
int (*mpo_init_ipq_label)(struct label *label, int flag);
int (*mpo_init_mbuf_label)(struct label *label, int flag);
void (*mpo_init_mount_label)(struct label *label);
void (*mpo_init_mount_fs_label)(struct label *label);