upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

mac: cheaper check for mac_pipe_check_read

Browse source 
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D36082
This commit is contained in:
Mateusz Guzik 2022-08-08 19:14:09 +00:00
parent 4c2ef8c1d7
commit 60dae3b83b
3 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/security/mac/mac_framework.c
View file

@ -145,6 +145,7 @@ FPFLAG_RARE(vnode_check_access);
FPFLAG_RARE(vnode_check_readlink);
FPFLAG_RARE(pipe_check_stat);
FPFLAG_RARE(pipe_check_poll);
FPFLAG_RARE(pipe_check_read);
FPFLAG_RARE(ifnet_create_mbuf);
FPFLAG_RARE(ifnet_check_transmit);
@ -447,6 +448,8 @@ struct mac_policy_fastpath_elem mac_policy_fastpath_array[] = {
.flag = &mac_pipe_check_stat_fp_flag },
{ .offset = FPO(pipe_check_poll),
.flag = &mac_pipe_check_poll_fp_flag },
{ .offset = FPO(pipe_check_read),
.flag = &mac_pipe_check_read_fp_flag },
{ .offset = FPO(ifnet_create_mbuf),
.flag = &mac_ifnet_create_mbuf_fp_flag },
{ .offset = FPO(ifnet_check_transmit),

17
sys/security/mac/mac_framework.h
View file

@ -271,7 +271,22 @@ extern bool mac_pipe_check_stat_fp_flag;
#endif
#define mac_pipe_check_stat_enabled() __predict_false(mac_pipe_check_stat_fp_flag)
int mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp);
int mac_pipe_check_read(struct ucred *cred, struct pipepair *pp);
int mac_pipe_check_read_impl(struct ucred *cred, struct pipepair *pp);
#ifdef MAC
extern bool mac_pipe_check_read_fp_flag;
#else
#define mac_pipe_check_read_fp_flag false
#endif
#define mac_pipe_check_read_enabled() __predict_false(mac_pipe_check_read_fp_flag)
static inline int
mac_pipe_check_read(struct ucred *cred, struct pipepair *pp)
{
if (mac_pipe_check_read_enabled())
return (mac_pipe_check_read_impl(cred, pp));
return (0);
}
int mac_pipe_check_write(struct ucred *cred, struct pipepair *pp);
void mac_pipe_create(struct ucred *cred, struct pipepair *pp);
void mac_pipe_destroy(struct pipepair *);

2
sys/security/mac/mac_pipe.c
View file

@ -179,7 +179,7 @@ MAC_CHECK_PROBE_DEFINE2(pipe_check_read, "struct ucred *",
"struct pipepair *");
int
mac_pipe_check_read(struct ucred *cred, struct pipepair *pp)
mac_pipe_check_read_impl(struct ucred *cred, struct pipepair *pp)
{
int error;