- remove the fileassoc "tabledata" functionality. use mountspecific instead.

- make pax_segvguard_cb static.

tested and ok'ed by elad.

sys/kern/kern_fileassoc.c

@@ -1,4 +1,4 @@
-/* $NetBSD: kern_fileassoc.c,v 1.16 2006/12/14 09:24:54 yamt Exp $ */
+/* $NetBSD: kern_fileassoc.c,v 1.17 2006/12/23 08:35:43 yamt Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_fileassoc.c,v 1.16 2006/12/14 09:24:54 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_fileassoc.c,v 1.17 2006/12/23 08:35:43 yamt Exp $");
 
 #include "opt_fileassoc.h"
 
@@ -97,37 +97,6 @@ struct fileassoc_table {
 	(hash32_buf((handle), FHANDLE_SIZE(handle), HASH32_BUF_INIT) \
 	 & ((tbl)->hash_mask))
 
-static void *
-table_getdata(struct fileassoc_table *tbl, const struct fileassoc *assoc)
-{
-
-	return specificdata_getspecific(fileassoc_domain, &tbl->data,
-	    assoc->key);
-}
-
-static void
-table_setdata(struct fileassoc_table *tbl, const struct fileassoc *assoc,
-    void *data)
-{
-
-	specificdata_setspecific(fileassoc_domain, &tbl->data, assoc->key,
-	    data);
-}
-
-static void
-table_cleanup(struct fileassoc_table *tbl, const struct fileassoc *assoc)
-{
-	fileassoc_cleanup_cb_t cb;
-	void *data;
-
-	cb = assoc->cleanup_cb;
-	if (cb == NULL) {
-		return;
-	}
-	data = table_getdata(tbl, assoc);
-	(*cb)(data, FILEASSOC_CLEANUP_TABLE);
-}
-
 static void *
 file_getdata(struct fileassoc_hash_entry *e, const struct fileassoc *assoc)
 {
@@ -156,7 +125,7 @@ file_cleanup(struct fileassoc_hash_entry *e, const struct fileassoc *assoc)
 		return;
 	}
 	data = file_getdata(e, assoc);
-	(*cb)(data, FILEASSOC_CLEANUP_FILE);
+	(*cb)(data);
 }
 
 static void
@@ -178,7 +147,6 @@ static void
 table_dtor(void *vp)
 {
 	struct fileassoc_table *tbl = vp;
-	const struct fileassoc *assoc;
 	struct fileassoc_hashhead *hh;
 	u_long i;
 
@@ -192,10 +160,6 @@ table_dtor(void *vp)
 		}
 	}
 
-	LIST_FOREACH(assoc, &fileassoc_list, list) {
-		table_cleanup(tbl, assoc);
-	}
-
 	/* Remove hash table and sysctl node */
 	hashdone(tbl->hash_tbl, M_TEMP);
 	specificdata_fini(fileassoc_domain, &tbl->data);
@@ -430,54 +394,9 @@ fileassoc_table_clear(struct mount *mp, fileassoc_t assoc)
 		}
 	}
 
-	table_cleanup(tbl, assoc);
-	table_setdata(tbl, assoc, NULL);
-
 	return (0);
 }
 
-/*
- * Add hook-specific data on a fileassoc table.
- */
-int
-fileassoc_tabledata_add(struct mount *mp, fileassoc_t assoc, void *data)
-{
-	struct fileassoc_table *tbl;
-
-	tbl = fileassoc_table_lookup(mp);
-	if (tbl == NULL)
-		return (EFAULT);
-
-	table_setdata(tbl, assoc, data);
-
-	return (0);
-}
-
-/*
- * Clear hook-specific data on a fileassoc table.
- */
-int
-fileassoc_tabledata_clear(struct mount *mp, fileassoc_t assoc)
-{
-
-	return fileassoc_tabledata_add(mp, assoc, NULL);
-}
-
-/*
- * Retrieve hook-specific data from a fileassoc table.
- */
-void *
-fileassoc_tabledata_lookup(struct mount *mp, fileassoc_t assoc)
-{
-	struct fileassoc_table *tbl;
-
-	tbl = fileassoc_table_lookup(mp);
-	if (tbl == NULL)
-		return (NULL);
-
-	return table_getdata(tbl, assoc);
-}
-
 /*
  * Add a file entry to a table.
  */

sys/kern/kern_pax.c

@@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.9 2006/12/11 15:24:28 yamt Exp $ */
+/* $NetBSD: kern_pax.c,v 1.10 2006/12/23 08:35:43 yamt Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@@ -84,6 +84,8 @@ struct pax_segvguard_uid_entry {
 struct pax_segvguard_entry {
 	LIST_HEAD(, pax_segvguard_uid_entry) segv_uids;
 };
+
+static void pax_segvguard_cb(void *);
 #endif /* PAX_SEGVGUARD */
 
 /* PaX internal setspecific flags */
@@ -252,8 +254,8 @@ pax_mprotect(struct lwp *l, vm_prot_t *prot, vm_prot_t *maxprot)
 #endif /* PAX_MPROTECT */
 
 #ifdef PAX_SEGVGUARD
-void
-pax_segvguard_cb(void *v, int what)
+static void
+pax_segvguard_cb(void *v)
 {
 	struct pax_segvguard_entry *p;
 	struct pax_segvguard_uid_entry *up;
@@ -261,12 +263,10 @@ pax_segvguard_cb(void *v, int what)
 	if (v == NULL)
 		return;
 
-	if (what == FILEASSOC_CLEANUP_FILE) {
-		p = v;
-		while ((up = LIST_FIRST(&p->segv_uids)) != NULL) {
-			LIST_REMOVE(up, sue_list);
-			free(up, M_TEMP);
-		}
+	p = v;
+	while ((up = LIST_FIRST(&p->segv_uids)) != NULL) {
+		LIST_REMOVE(up, sue_list);
+		free(up, M_TEMP);
 	}
 
 	free(v, M_TEMP);

sys/kern/kern_verifiedexec.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_verifiedexec.c,v 1.83 2006/12/20 01:51:48 christos Exp $	*/
+/*	$NetBSD: kern_verifiedexec.c,v 1.84 2006/12/23 08:35:43 yamt Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@NetBSD.org>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.83 2006/12/20 01:51:48 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.84 2006/12/23 08:35:43 yamt Exp $");
 
 #include "opt_veriexec.h"
 
@@ -40,6 +40,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.83 2006/12/20 01:51:48 chris
 #include <sys/vnode.h>
 #include <sys/namei.h>
 #include <sys/exec.h>
+#include <sys/once.h>
 #include <sys/proc.h>
 #include <sys/syslog.h>
 #include <sys/sysctl.h>
@@ -103,6 +104,7 @@ size_t veriexec_name_max;
 const struct sysctlnode *veriexec_count_node;
 
 static fileassoc_t veriexec_hook;
+static specificdata_key_t veriexec_mountspecific_key;
 
 LIST_HEAD(, veriexec_fpops) veriexec_fpops_list;
 
@@ -110,7 +112,7 @@ static int veriexec_raw_cb(kauth_cred_t, kauth_action_t, void *,
     void *, void *, void *, void *);
 static int sysctl_kern_veriexec(SYSCTLFN_PROTO);
 static struct veriexec_fpops *veriexec_fpops_lookup(const char *);
-static void veriexec_clear(void *, int);
+static void veriexec_clear(void *);
 
 static unsigned int veriexec_tablecount = 0;
 
@@ -320,6 +322,30 @@ veriexec_init(void)
 #undef FPOPS_ADD
 }
 
+static void
+veriexec_mountspecific_dtor(void *vp)
+{
+	struct veriexec_table_entry *vte = vp;
+
+	if (vte == NULL) {
+		return;
+	}
+	sysctl_free(__UNCONST(vte->vte_node));
+	veriexec_tablecount--;
+	free(vte, M_VERIEXEC);
+}
+
+static int
+veriexec_mountspecific_init(void)
+{
+	int error;
+
+	error = mount_specific_key_create(&veriexec_mountspecific_key,
+	    veriexec_mountspecific_dtor);
+
+	return error;
+}
+
 static struct veriexec_fpops *
 veriexec_fpops_lookup(const char *name)
 {
@@ -474,7 +500,8 @@ veriexec_table_lookup(struct mount *mp)
 	/* XXX: From raidframe init */
 	if (mp == NULL)
 		return NULL;
-	return (fileassoc_tabledata_lookup(mp, veriexec_hook));
+
+	return mount_getspecific(mp, veriexec_mountspecific_key);
 }
 
 struct veriexec_file_entry *
@@ -766,26 +793,16 @@ veriexec_report(const u_char *msg, const u_char *filename, struct lwp *l, int f)
 }
 
 static void
-veriexec_clear(void *data, int file_specific)
+veriexec_clear(void *data)
 {
-	if (file_specific) {
-		struct veriexec_file_entry *vfe = data;
+	struct veriexec_file_entry *vfe = data;
 
-		if (vfe != NULL) {
-			if (vfe->fp != NULL)
-				free(vfe->fp, M_VERIEXEC);
-			if (vfe->page_fp != NULL)
-				free(vfe->page_fp, M_VERIEXEC);
-			free(vfe, M_VERIEXEC);
-		}
-	} else {
-		struct veriexec_table_entry *vte = data;
-
-		if (vte != NULL) {
-			sysctl_free(__UNCONST(vte->vte_node));
-			veriexec_tablecount--;
-			free(vte, M_VERIEXEC);
-		}
+	if (vfe != NULL) {
+		if (vfe->fp != NULL)
+			free(vfe->fp, M_VERIEXEC);
+		if (vfe->page_fp != NULL)
+			free(vfe->page_fp, M_VERIEXEC);
+		free(vfe, M_VERIEXEC);
 	}
 }
 
@@ -1075,6 +1092,12 @@ veriexec_table_add(struct lwp *l, prop_dictionary_t dict)
 	struct nameidata nid;
 	u_char buf[16];
 	int error;
+	static ONCE_DECL(control);
+
+	error = RUN_ONCE(&control, veriexec_mountspecific_init);
+	if (error) {
+		return error;
+	}
 
 	NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE,
 	    prop_string_cstring_nocopy(prop_dictionary_get(dict, "mount")), l);
@@ -1088,11 +1111,7 @@ veriexec_table_add(struct lwp *l, prop_dictionary_t dict)
 		goto out;
 
 	vte = malloc(sizeof(*vte), M_VERIEXEC, M_WAITOK | M_ZERO);
-	error = fileassoc_tabledata_add(nid.ni_vp->v_mount, veriexec_hook, vte);
-#ifdef DIAGNOSTIC
-	if (error)
-		panic("Fileassoc: Inconsistency after adding table");
-#endif /* DIAGNOSTIC */
+	mount_setspecific(nid.ni_vp->v_mount, veriexec_mountspecific_key, vte);
 
 	snprintf(buf, sizeof(buf), "table%u", veriexec_tablecount++);
 	sysctl_createv(NULL, 0, &veriexec_count_node, &vte->vte_node,

sys/sys/fileassoc.h

@@ -1,4 +1,4 @@
-/* $NetBSD: fileassoc.h,v 1.7 2006/12/11 15:24:28 yamt Exp $ */
+/* $NetBSD: fileassoc.h,v 1.8 2006/12/23 08:35:43 yamt Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@@ -37,21 +37,15 @@
 #include <sys/param.h>
 
 typedef struct fileassoc *fileassoc_t;
-typedef void (*fileassoc_cleanup_cb_t)(void *, int);
+typedef void (*fileassoc_cleanup_cb_t)(void *);
 typedef void (*fileassoc_cb_t)(void *);
 
-#define	FILEASSOC_CLEANUP_TABLE	0
-#define	FILEASSOC_CLEANUP_FILE	1
-
 int fileassoc_register(const char *, fileassoc_cleanup_cb_t, fileassoc_t *);
 int fileassoc_deregister(fileassoc_t);
-void *fileassoc_tabledata_lookup(struct mount *, fileassoc_t);
 void *fileassoc_lookup(struct vnode *, fileassoc_t);
 int fileassoc_table_add(struct mount *, size_t);
 int fileassoc_table_delete(struct mount *);
 int fileassoc_table_clear(struct mount *, fileassoc_t);
-int fileassoc_tabledata_add(struct mount *, fileassoc_t, void *);
-int fileassoc_tabledata_clear(struct mount *, fileassoc_t);
 int fileassoc_file_delete(struct vnode *);
 int fileassoc_add(struct vnode *, fileassoc_t, void *);
 int fileassoc_clear(struct vnode *, fileassoc_t);

sys/sys/pax.h

@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.5 2006/11/22 02:02:51 elad Exp $ */
+/* $NetBSD: pax.h,v 1.6 2006/12/23 08:35:43 yamt Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@@ -43,7 +43,6 @@ void pax_adjust(struct lwp *, int);
 void pax_mprotect(struct lwp *, vm_prot_t *, vm_prot_t *);
 
 int pax_segvguard(struct lwp *, struct vnode *, const char *, boolean_t);
-void pax_segvguard_cb(void *, int);
 
 #endif /* !__SYS_PAX_H__ */