Robert Watson f93bfb23dc Add internal 'mac_policy_count' counter to the MAC Framework, which is a ... count of the number of registered policies. Rather than unconditionally locking sockets before passing them into MAC, lock them in the MAC entry points only if mac_policy_count is non-zero. This avoids locking overhead for a number of socket system calls when no policies are registered, eliminating measurable overhead for the MAC Framework for the socket subsystem when there are no active policies. Possibly socket locks should be acquired by policies if they are required for socket labels, which would further avoid locking overhead when there are policies but they don't require labeling of sockets, or possibly don't even implement socket controls. Obtained from: TrustedBSD Project		2009-06-02 18:26:17 +00:00
..
amd64	Implement accept4 syscall.	2009-06-01 20:48:39 +00:00
arm	maintain existing style	2009-05-30 18:23:55 +00:00
boot	Add a missing parameter when displaying GPT partitions with an unknown	2009-06-01 14:20:13 +00:00
bsm	Merge OpenBSM 1.1 from OpenBSM vendor branch to head.	2009-04-19 16:17:13 +00:00
cam	Remove dead code.	2009-05-12 16:38:32 +00:00
cddl	Allow the bootfs property to be set for raidz pools on FreeBSD.	2009-05-31 11:59:32 +00:00
compat	Add forgotten in previous commit flags argument.	2009-06-01 20:54:41 +00:00
conf	Add a simple API to manage scatter/gather lists of phyiscal addresses.	2009-06-01 20:35:39 +00:00
contrib	V_loif is not an array but a pure pointer, so treat it as such.	2009-06-01 21:29:54 +00:00
crypto	Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),	2009-05-27 09:52:12 +00:00
ddb	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
dev	Reorgansise the logic for tranversing the pipe list.	2009-06-02 17:31:59 +00:00
fs	nfs_write() can use the recently introduced vfs_bio_set_valid() instead of	2009-05-31 20:18:02 +00:00
gdb	Commit SYSINIT() ;-adding patch missed in previous pass.	2008-03-16 13:02:04 +00:00
geom	Crank the debug level necessary to display the "Label foo is removed"	2009-05-30 22:31:52 +00:00
gnu	Remove empty files and do nto try to build them.	2009-05-18 17:20:24 +00:00
i386	Implement accept4 syscall.	2009-06-01 20:48:39 +00:00
ia64	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
isa	Rename statclock_disable variable to atrtcclock_disable that it actually is,	2009-05-03 17:47:21 +00:00
kern	Add internal 'mac_policy_count' counter to the MAC Framework, which is a	2009-06-02 18:26:17 +00:00
kgssapi	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
libkern	Add memmove() to the kernel, making the kernel compile with Clang.	2009-02-28 16:21:25 +00:00
mips	pmap_enter() *must* set PG_WRITEABLE on the given page if it creates a	2009-05-23 22:05:14 +00:00
modules	driver for Marvell 88W8363 Wireless LAN controller	2009-06-01 18:07:01 +00:00
net	Revert a recent netisr2 change: when billing packets to the current	2009-06-01 18:38:36 +00:00
net80211	Remove hack used to deal with ifnet teardown now that if_detach and the	2009-06-02 16:57:27 +00:00
netatalk	Add internal 'mac_policy_count' counter to the MAC Framework, which is a	2009-06-02 18:26:17 +00:00
netgraph	Rework socket upcalls to close some races with setup/teardown of upcalls.	2009-06-01 21:17:03 +00:00
netinet	Add internal 'mac_policy_count' counter to the MAC Framework, which is a	2009-06-02 18:26:17 +00:00
netinet6	V_loif is not an array but a pure pointer, so treat it as such.	2009-06-01 21:29:54 +00:00
netipsec	Reimplement the netisr framework in order to support parallel netisr	2009-06-01 10:41:38 +00:00
netipx	Reimplement the netisr framework in order to support parallel netisr	2009-06-01 10:41:38 +00:00
netnatm	Reimplement the netisr framework in order to support parallel netisr	2009-06-01 10:41:38 +00:00
netncp	Retire the MALLOC and FREE macros. They are an abomination unto style(9).	2008-10-23 15:53:51 +00:00
netsmb	Rework socket upcalls to close some races with setup/teardown of upcalls.	2009-06-01 21:17:03 +00:00
nfs	Add cpu_flush_dcache() for use after non-DMA based I/O so that a	2009-05-18 18:37:18 +00:00
nfsclient	Rework socket upcalls to close some races with setup/teardown of upcalls.	2009-06-01 21:17:03 +00:00
nfsserver	Rework socket upcalls to close some races with setup/teardown of upcalls.	2009-06-01 21:17:03 +00:00
nlm	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
opencrypto	Fix cryptodev UIO creation.	2009-05-23 13:23:46 +00:00
pc98	Add cpu_flush_dcache() for use after non-DMA based I/O so that a	2009-05-18 18:37:18 +00:00
pci	When user_frac in the polling subsystem is low it is going to busy the	2009-05-30 15:14:44 +00:00
powerpc	Provide an analogous sysctl to hw.acpi.acline (dev.pmu.0.acline) to	2009-05-31 10:02:20 +00:00
rpc	Add internal 'mac_policy_count' counter to the MAC Framework, which is a	2009-06-02 18:26:17 +00:00
security	Add internal 'mac_policy_count' counter to the MAC Framework, which is a	2009-06-02 18:26:17 +00:00
sparc64	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
sun4v	Place hostnames and similar information fully under the prison system.	2009-05-29 21:27:12 +00:00
sys	Handle lock recursion differenty by always checking against LO_RECURSABLE	2009-06-02 13:03:35 +00:00
tools	Add SDT DTrace probes for VFS vnode operations in the vfs:vop	2009-03-29 03:30:15 +00:00
ufs	Handle lock recursion differenty by always checking against LO_RECURSABLE	2009-06-02 13:03:35 +00:00
vm	Correct a boundary case error in the management of a page's dirty bits by	2009-06-02 08:02:27 +00:00
xdr	MFdevbranch 192944	2009-05-28 08:18:12 +00:00
xen	Make ipi_cpu() function as intended.	2009-05-30 08:53:13 +00:00
Makefile	Remove the unmaintained University of Michigan NFSv4 client from 8.x	2009-05-22 12:35:12 +00:00