Changeset 36e8ad4 in rtems-libbsd


Ignore:
Timestamp:
May 10, 2019, 1:59:04 PM (2 years ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
5, master
Children:
7801010
Parents:
5da04d6
git-author:
Sebastian Huber <sebastian.huber@…> (05/10/19 13:59:04)
git-committer:
Sebastian Huber <sebastian.huber@…> (05/13/19 07:32:37)
Message:

Use static inline functions for jail and prison

This helps the compiler to optimize away dead code.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • freebsd/sys/sys/jail.h

    r5da04d6 r36e8ad4  
    370370struct statfs;
    371371struct vfsconf;
     372#ifndef __rtems__
    372373int jailed(struct ucred *cred);
     374#else /* __rtems__ */
     375static inline int
     376jailed(struct ucred *cred)
     377{
     378
     379        (void)cred;
     380        return (0);
     381}
     382#endif /* __rtems__ */
     383#ifndef __rtems__
    373384int jailed_without_vnet(struct ucred *);
     385#else /* __rtems__ */
     386static inline int
     387jailed_without_vnet(struct ucred *cred)
     388{
     389
     390        (void)cred;
     391        return (0);
     392}
     393#endif /* __rtems__ */
    374394void getcredhostname(struct ucred *, char *, size_t);
    375395void getcreddomainname(struct ucred *, char *, size_t);
    376396void getcredhostuuid(struct ucred *, char *, size_t);
     397#ifndef __rtems__
    377398void getcredhostid(struct ucred *, unsigned long *);
     399#else /* __rtems__ */
     400static inline void
     401getcredhostid(struct ucred *cred, unsigned long *hostid)
     402{
     403
     404        (void)cred;
     405        *hostid = 0;
     406}
     407#endif /* __rtems__ */
    378408void prison0_init(void);
    379409int prison_allow(struct ucred *, unsigned);
     410#ifndef __rtems__
    380411int prison_check(struct ucred *cred1, struct ucred *cred2);
     412#else /* __rtems__ */
     413static inline int
     414prison_check(struct ucred *cred1, struct ucred *cred2)
     415{
     416
     417        (void)cred1;
     418        (void)cred2;
     419        return (0);
     420}
     421#endif /* __rtems__ */
    381422int prison_owns_vnet(struct ucred *);
    382423int prison_canseemount(struct ucred *cred, struct mount *mp);
     
    386427struct prison *prison_find_child(struct prison *, int);
    387428struct prison *prison_find_name(struct prison *, const char *);
     429#ifndef __rtems__
    388430int prison_flag(struct ucred *, unsigned);
     431#else /* __rtems__ */
     432static inline int
     433prison_flag(struct ucred *cred, unsigned flag)
     434{
     435
     436        (void)cred;
     437        return (prison0.pr_flags & flag);
     438}
     439#endif /* __rtems__ */
     440#ifndef __rtems__
    389441void prison_free(struct prison *pr);
     442#else /* __rtems__ */
     443static inline void
     444prison_free(struct prison *pr)
     445{
     446
     447        (void)pr;
     448}
     449#endif /* __rtems__ */
    390450void prison_free_locked(struct prison *pr);
     451#ifndef __rtems__
    391452void prison_hold(struct prison *pr);
     453#else /* __rtems__ */
     454static inline void
     455prison_hold(struct prison *pr)
     456{
     457
     458        (void)pr;
     459}
     460#endif /* __rtems__ */
    392461void prison_hold_locked(struct prison *pr);
    393462void prison_proc_hold(struct prison *);
     
    399468#define prison_equal_ip4(p1, p2) 1
    400469#endif /* __rtems__ */
     470#ifndef __rtems__
    401471int prison_get_ip4(struct ucred *cred, struct in_addr *ia);
     472#else /* __rtems__ */
     473static inline int
     474prison_get_ip4(struct ucred *cred, struct in_addr *ia)
     475{
     476
     477        (void)cred;
     478        (void)ia;
     479        return (EAFNOSUPPORT);
     480}
     481#endif /* __rtems__ */
     482#ifndef __rtems__
    402483int prison_local_ip4(struct ucred *cred, struct in_addr *ia);
     484#else /* __rtems__ */
     485static inline int
     486prison_local_ip4(struct ucred *cred, struct in_addr *ia)
     487{
     488
     489        (void)cred;
     490        (void)ia;
     491        return (0);
     492}
     493#endif /* __rtems__ */
     494#ifndef __rtems__
    403495int prison_remote_ip4(struct ucred *cred, struct in_addr *ia);
     496#else /* __rtems__ */
     497static inline int
     498prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
     499{
     500
     501        (void)cred;
     502        (void)ia;
     503        return (0);
     504}
     505#endif /* __rtems__ */
     506#ifndef __rtems__
    404507int prison_check_ip4(const struct ucred *, const struct in_addr *);
     508#else /* __rtems__ */
     509static inline int
     510prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
     511{
     512
     513        (void)cred;
     514        (void)ia;
     515        return (0);
     516}
     517#endif /* __rtems__ */
    405518int prison_check_ip4_locked(const struct prison *, const struct in_addr *);
     519#ifndef __rtems__
    406520int prison_saddrsel_ip4(struct ucred *, struct in_addr *);
     521#else /* __rtems__ */
     522static inline int
     523prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
     524{
     525
     526        (void)cred;
     527        (void)ia;
     528        return (1);
     529}
     530#endif /* __rtems__ */
    407531int prison_restrict_ip4(struct prison *, struct in_addr *);
    408532int prison_qcmp_v4(const void *, const void *);
     
    413537#define prison_equal_ip6(p1, p2) 1
    414538#endif /* __rtems__ */
     539#ifndef __rtems__
    415540int prison_get_ip6(struct ucred *, struct in6_addr *);
     541#else /* __rtems__ */
     542static inline int
     543prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
     544{
     545
     546        (void)cred;
     547        (void)ia6;
     548        return (EAFNOSUPPORT);
     549}
     550#endif /* __rtems__ */
     551#ifndef __rtems__
    416552int prison_local_ip6(struct ucred *, struct in6_addr *, int);
     553#else /* __rtems__ */
     554static inline int
     555prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
     556{
     557
     558        (void)cred;
     559        (void)ia6;
     560        (void)v6only;
     561        return (0);
     562}
     563#endif /* __rtems__ */
     564#ifndef __rtems__
    417565int prison_remote_ip6(struct ucred *, struct in6_addr *);
     566#else /* __rtems__ */
     567static inline int
     568prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
     569{
     570
     571        (void)cred;
     572        (void)ia6;
     573        return (0);
     574}
     575#endif /* __rtems__ */
     576#ifndef __rtems__
    418577int prison_check_ip6(const struct ucred *, const struct in6_addr *);
     578#else /* __rtems__ */
     579static inline int
     580prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
     581{
     582
     583        (void)cred;
     584        (void)ia6;
     585        return (0);
     586}
     587#endif /* __rtems__ */
    419588int prison_check_ip6_locked(const struct prison *, const struct in6_addr *);
     589#ifndef __rtems__
    420590int prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
     591#else /* __rtems__ */
     592static inline int
     593prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
     594{
     595
     596        (void)cred;
     597        (void)ia6;
     598        return (EAFNOSUPPORT);
     599}
     600#endif /* __rtems__ */
    421601int prison_restrict_ip6(struct prison *, struct in6_addr *);
    422602int prison_qcmp_v6(const void *, const void *);
    423603#endif
     604#ifndef __rtems__
    424605int prison_check_af(struct ucred *cred, int af);
     606#else /* __rtems__ */
     607static inline int
     608prison_check_af(struct ucred *cred, int af)
     609{
     610
     611        (void)cred;
     612        (void)af;
     613        return (0);
     614}
     615#endif /* __rtems__ */
     616#ifndef __rtems__
    425617int prison_if(struct ucred *cred, struct sockaddr *sa);
     618#else /* __rtems__ */
     619static inline int
     620prison_if(struct ucred *cred, struct sockaddr *sa)
     621{
     622
     623        (void)cred;
     624        (void)sa;
     625        return (0);
     626}
     627#endif /* __rtems__ */
    426628char *prison_name(struct prison *, struct prison *);
    427629int prison_priv_check(struct ucred *cred, int priv);
  • rtemsbsd/rtems/rtems-kernel-jail.c

    r5da04d6 r36e8ad4  
    107107};
    108108MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
    109 
    110 /*
    111  * See if a prison has the specific flag set.
    112  */
    113 int
    114 prison_flag(struct ucred *cred, unsigned flag)
    115 {
    116   /* This is an atomic read, so no locking is necessary. */
    117   return (prison0.pr_flags & flag);
    118 }
    119 
    120 void
    121 prison_free(struct prison *pr)
    122 {
    123 }
    124 
    125 void
    126 prison_hold(struct prison *pr)
    127 {
    128 }
    129 
    130 /*
    131  * Check if given address belongs to the jail referenced by cred (wrapper to
    132  * prison_check_ip[46]).
    133  *
    134  * Returns 0 if jail doesn't restrict the address family or if address belongs
    135  * to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if
    136  * the jail doesn't allow the address family.  IPv4 Address passed in in NBO.
    137  */
    138 int
    139 prison_if(struct ucred *cred, struct sockaddr *sa)
    140 {
    141   return 0;
    142 }
    143 
    144 /*
    145  * Return 1 if we should do proper source address selection or are not jailed.
    146  * We will return 0 if we should bypass source address selection in favour
    147  * of the primary jail IPv6 address. Only in this case *ia will be updated and
    148  * returned in NBO.
    149  * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
    150  */
    151 int
    152 prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
    153 {
    154   return EAFNOSUPPORT;
    155 }
    156 
    157 /*
    158  * Check if given address belongs to the jail referenced by cred/prison.
    159  *
    160  * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
    161  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    162  * doesn't allow IPv4.  Address passed in in NBO.
    163  */
    164 int
    165 prison_check_ip4(const struct ucred *cred, const struct in_addr *ia)
    166 {
    167   return 0;
    168 }
    169 
    170 /*
    171  * Assuming 0 means no restrictions.
    172  *
    173  * NOTE: RTEMS does not restrict via a jail so return 0.
    174  */
    175 int
    176 prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
    177 {
    178   return 0;
    179 }
    180 
    181 /*
    182  * Make sure our (source) address is set to something meaningful to this
    183  * jail.
    184  *
    185  * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
    186  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    187  * doesn't allow IPv4.  Address passed in in NBO and returned in NBO.
    188  */
    189 int
    190 prison_local_ip4(struct ucred *cred, struct in_addr *ia)
    191 {
    192   return 0;
    193 }
    194 
    195 /*
    196  * Rewrite destination address in case we will connect to loopback address.
    197  *
    198  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
    199  * Address passed in in NBO and returned in NBO.
    200  */
    201 int
    202 prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
    203 {
    204   return 0;
    205 }
    206 
    207 /*
    208  * Make sure our (source) address is set to something meaningful to this jail.
    209  *
    210  * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
    211  * when needed while binding.
    212  *
    213  * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
    214  * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
    215  * doesn't allow IPv6.
    216  *
    217  * NOTE: RTEMS does not restrict via a jail so return 0.
    218  */
    219 int
    220 prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
    221 {
    222   return 0;
    223 }
    224 
    225 /*
    226  * Rewrite destination address in case we will connect to loopback address.
    227  *
    228  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
    229  *
    230  * NOTE: RTEMS does not restrict via a jail so return 0.
    231  */
    232 int
    233 prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
    234 {
    235   return 0;
    236 }
    237 
    238 /*
    239  * Return 1 if we should do proper source address selection or are not jailed.
    240  * We will return 0 if we should bypass source address selection in favour
    241  * of the primary jail IPv4 address. Only in this case *ia will be updated and
    242  * returned in NBO.
    243  * Return EAFNOSUPPORT, in case this jail does not allow IPv4.
    244  */
    245 int
    246 prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
    247 {
    248   return 1;
    249 }
    250 
    251 /*
    252  * Pass back primary IPv4 address of this jail.
    253  *
    254  * If not restricted return success but do not alter the address.  Caller has
    255  * to make sure to initialize it correctly (e.g. INADDR_ANY).
    256  *
    257  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
    258  * Address returned in NBO.
    259  */
    260 int
    261 prison_get_ip4(struct ucred *cred, struct in_addr *ia)
    262 {
    263   return 0;
    264 }
    265 
    266 /*
    267  * Return 1 if the passed credential is in a jail and that jail does not
    268  * have its own virtual network stack, otherwise 0.
    269  */
    270 int
    271 jailed_without_vnet(struct ucred *cred)
    272 {
    273   return 0;
    274 }
    275 
    276 /*
    277  * Pass back primary IPv6 address for this jail.
    278  *
    279  * If not restricted return success but do not alter the address.  Caller has
    280  * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
    281  *
    282  * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
    283  */
    284 int
    285 prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
    286 {
    287   return 0;
    288 }
    289 /*
    290  * Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
    291  */
    292 int
    293 prison_check(struct ucred *cred1, struct ucred *cred2)
    294 {
    295   return 0;
    296 }
    297 
    298 /*
    299  * Check if a jail supports the given address family.
    300  *
    301  * Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT
    302  * if not.
    303  */
    304 int
    305 prison_check_af(struct ucred *cred, int af)
    306 {
    307   return 0;
    308 }
    309 
    310 /*
    311  * Return the correct hostname (domainname, et al) for the passed credential.
    312  */
    313 void
    314 getcredhostname(struct ucred *cred, char *buf, size_t size)
    315 {
    316   gethostname(buf, size);
    317 }
    318 
    319 void
    320 getcreddomainname(struct ucred *cred, char *buf, size_t size)
    321 {
    322   getdomainname(buf, size);
    323 }
    324 
    325 void
    326 getcredhostid(struct ucred *cred, unsigned long *hostid)
    327 {
    328   *hostid = 0;
    329 }
    330 
    331 /*
    332  * Return 1 if the passed credential is in a jail, otherwise 0.
    333  */
    334 int
    335 jailed(struct ucred *cred)
    336 {
    337   return 0;
    338 }
Note: See TracChangeset for help on using the changeset viewer.