src-test2/sys/security, branch master

src-test2/sys/security, branch master FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=master 2020-12-17T18:52:04Z audit: rework AUDIT_SYSCLOSE 2020-12-17T18:52:04Z Mateusz Guzik mjg@FreeBSD.org 2020-12-17T18:52:04Z urn:sha1:08a5615cfe61083a4e51e93c2885aa09d852c627 This in particular avoids spurious lookups on close. pipe: allow for lockless pipe_stat 2020-11-19T06:30:25Z Mateusz Guzik mjg@FreeBSD.org 2020-11-19T06:30:25Z urn:sha1:89744405e64b2116fbdd7d0e866a34731c96e4d5 pipes get stated all thet time and this avoidably contributed to contention. The pipe lock is only held to accomodate MAC and to check the type. Since normally there is no probe for pipe stat depessimize this by having the flag. The pipe_state field gets modified with locks held all the time and it's not feasible to convert them to use atomic store. Move the type flag away to a separate variable as a simple cleanup and to provide stable field to read. Use short for both fields to avoid growing the struct. While here short-circuit MAC for pipe_poll as well. mac_framework.h: fix build with DEBUG_VFS_LOCKS and !MAC 2020-09-03T20:30:52Z Andriy Gapon avg@FreeBSD.org 2020-09-03T20:30:52Z urn:sha1:137d26e8a378c50b439f3bc3f26ea5d7660c5607 I have such a custom kernel configuration and its build failed with: linking kernel.full ld: error: undefined symbol: mac_vnode_assert_locked >>> referenced by mac_framework.h:556 (/usr/devel/git/apu2c4/sys/security/mac/mac_framework.h:556) >>> tmpfs_vnops.o:(mac_vnode_check_stat) >>> referenced by mac_framework.h:556 (/usr/devel/git/apu2c4/sys/security/mac/mac_framework.h:556) >>> vfs_default.o:(mac_vnode_check_stat) >>> referenced by mac_framework.h:556 (/usr/devel/git/apu2c4/sys/security/mac/mac_framework.h:556) >>> ufs_vnops.o:(mac_vnode_check_stat) security: clean up empty lines in .c and .h files 2020-09-01T21:26:00Z Mateusz Guzik mjg@FreeBSD.org 2020-09-01T21:26:00Z urn:sha1:e5ecee7440496904939e936501d0db93bed15415 cache: drop the always curthread argument from reverse lookup routines 2020-08-24T08:57:02Z Mateusz Guzik mjg@FreeBSD.org 2020-08-24T08:57:02Z urn:sha1:feabaaf9956aa2e9bbe5e877ab1a1cf5eae476c0 Note VOP_VPTOCNP keeps getting it as temporary compatibility for zfs. Tested by: pho vfs: add VOP_STAT 2020-08-07T23:06:40Z Mateusz Guzik mjg@FreeBSD.org 2020-08-07T23:06:40Z urn:sha1:51ea7bea910148ae6cf40c57de0cd3b120d542e3 The current scheme of calling VOP_GETATTR adds avoidable overhead. An example with tmpfs doing fstat (ops/s): before: 7488958 after: 7913833 Reviewed by: kib (previous version) Differential Revision: https://reviews.freebsd.org/D25910 mac: even up all entry points to the same scheme 2020-08-06T00:23:06Z Mateusz Guzik mjg@FreeBSD.org 2020-08-06T00:23:06Z urn:sha1:4ec34a908bb2caf1967fd6e26e152e0bf2e4534e - use a macro for checking whether the site is enabled - expand it to 0 if mac is not compiled in to begin with vfs: add a cheaper entry for mac_vnode_check_access 2020-08-05T07:34:45Z Mateusz Guzik mjg@FreeBSD.org 2020-08-05T07:34:45Z urn:sha1:18f67bc413e8a4e6b313c023e8612603f1ea17c0 Fix tinderbox build after r363714 2020-07-30T22:56:57Z Mateusz Guzik mjg@FreeBSD.org 2020-07-30T22:56:57Z urn:sha1:5b0acaf75ff8d416a51c820b1c062dada0edaf66 vfs: elide MAC-induced locking on rename if there are no relevant hoooks 2020-07-29T17:05:31Z Mateusz Guzik mjg@FreeBSD.org 2020-07-29T17:05:31Z urn:sha1:fad6dd772d15214036aeea34a1c280dc8390fdfb