From 36e8ad437406a02ebc9ef93ace356d6c5bf0042d Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Fri, 10 May 2019 15:59:04 +0200 Subject: Use static inline functions for jail and prison This helps the compiler to optimize away dead code. --- freebsd/sys/sys/jail.h | 202 ++++++++++++++++++++++++++++++++ rtemsbsd/rtems/rtems-kernel-jail.c | 230 ------------------------------------- 2 files changed, 202 insertions(+), 230 deletions(-) diff --git a/freebsd/sys/sys/jail.h b/freebsd/sys/sys/jail.h index ccd9f57f..8cb934e0 100644 --- a/freebsd/sys/sys/jail.h +++ b/freebsd/sys/sys/jail.h @@ -369,15 +369,56 @@ struct mount; struct sockaddr; struct statfs; struct vfsconf; +#ifndef __rtems__ int jailed(struct ucred *cred); +#else /* __rtems__ */ +static inline int +jailed(struct ucred *cred) +{ + + (void)cred; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int jailed_without_vnet(struct ucred *); +#else /* __rtems__ */ +static inline int +jailed_without_vnet(struct ucred *cred) +{ + + (void)cred; + return (0); +} +#endif /* __rtems__ */ void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); +#ifndef __rtems__ void getcredhostid(struct ucred *, unsigned long *); +#else /* __rtems__ */ +static inline void +getcredhostid(struct ucred *cred, unsigned long *hostid) +{ + + (void)cred; + *hostid = 0; +} +#endif /* __rtems__ */ void prison0_init(void); int prison_allow(struct ucred *, unsigned); +#ifndef __rtems__ int prison_check(struct ucred *cred1, struct ucred *cred2); +#else /* __rtems__ */ +static inline int +prison_check(struct ucred *cred1, struct ucred *cred2) +{ + + (void)cred1; + (void)cred2; + return (0); +} +#endif /* __rtems__ */ int prison_owns_vnet(struct ucred *); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, @@ -385,10 +426,38 @@ void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct prison *prison_find(int prid); struct prison *prison_find_child(struct prison *, int); struct prison *prison_find_name(struct prison *, const char *); +#ifndef __rtems__ int prison_flag(struct ucred *, unsigned); +#else /* __rtems__ */ +static inline int +prison_flag(struct ucred *cred, unsigned flag) +{ + + (void)cred; + return (prison0.pr_flags & flag); +} +#endif /* __rtems__ */ +#ifndef __rtems__ void prison_free(struct prison *pr); +#else /* __rtems__ */ +static inline void +prison_free(struct prison *pr) +{ + + (void)pr; +} +#endif /* __rtems__ */ void prison_free_locked(struct prison *pr); +#ifndef __rtems__ void prison_hold(struct prison *pr); +#else /* __rtems__ */ +static inline void +prison_hold(struct prison *pr) +{ + + (void)pr; +} +#endif /* __rtems__ */ void prison_hold_locked(struct prison *pr); void prison_proc_hold(struct prison *); void prison_proc_free(struct prison *); @@ -398,12 +467,67 @@ int prison_equal_ip4(struct prison *, struct prison *); #else /* __rtems__ */ #define prison_equal_ip4(p1, p2) 1 #endif /* __rtems__ */ +#ifndef __rtems__ int prison_get_ip4(struct ucred *cred, struct in_addr *ia); +#else /* __rtems__ */ +static inline int +prison_get_ip4(struct ucred *cred, struct in_addr *ia) +{ + + (void)cred; + (void)ia; + return (EAFNOSUPPORT); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_local_ip4(struct ucred *cred, struct in_addr *ia); +#else /* __rtems__ */ +static inline int +prison_local_ip4(struct ucred *cred, struct in_addr *ia) +{ + + (void)cred; + (void)ia; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); +#else /* __rtems__ */ +static inline int +prison_remote_ip4(struct ucred *cred, struct in_addr *ia) +{ + + (void)cred; + (void)ia; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_check_ip4(const struct ucred *, const struct in_addr *); +#else /* __rtems__ */ +static inline int +prison_check_ip4(const struct ucred *cred, const struct in_addr *ia) +{ + + (void)cred; + (void)ia; + return (0); +} +#endif /* __rtems__ */ int prison_check_ip4_locked(const struct prison *, const struct in_addr *); +#ifndef __rtems__ int prison_saddrsel_ip4(struct ucred *, struct in_addr *); +#else /* __rtems__ */ +static inline int +prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia) +{ + + (void)cred; + (void)ia; + return (1); +} +#endif /* __rtems__ */ int prison_restrict_ip4(struct prison *, struct in_addr *); int prison_qcmp_v4(const void *, const void *); #ifdef INET6 @@ -412,17 +536,95 @@ int prison_equal_ip6(struct prison *, struct prison *); #else /* __rtems__ */ #define prison_equal_ip6(p1, p2) 1 #endif /* __rtems__ */ +#ifndef __rtems__ int prison_get_ip6(struct ucred *, struct in6_addr *); +#else /* __rtems__ */ +static inline int +prison_get_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + + (void)cred; + (void)ia6; + return (EAFNOSUPPORT); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_local_ip6(struct ucred *, struct in6_addr *, int); +#else /* __rtems__ */ +static inline int +prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only) +{ + + (void)cred; + (void)ia6; + (void)v6only; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_remote_ip6(struct ucred *, struct in6_addr *); +#else /* __rtems__ */ +static inline int +prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + + (void)cred; + (void)ia6; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_check_ip6(const struct ucred *, const struct in6_addr *); +#else /* __rtems__ */ +static inline int +prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6) +{ + + (void)cred; + (void)ia6; + return (0); +} +#endif /* __rtems__ */ int prison_check_ip6_locked(const struct prison *, const struct in6_addr *); +#ifndef __rtems__ int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); +#else /* __rtems__ */ +static inline int +prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + + (void)cred; + (void)ia6; + return (EAFNOSUPPORT); +} +#endif /* __rtems__ */ int prison_restrict_ip6(struct prison *, struct in6_addr *); int prison_qcmp_v6(const void *, const void *); #endif +#ifndef __rtems__ int prison_check_af(struct ucred *cred, int af); +#else /* __rtems__ */ +static inline int +prison_check_af(struct ucred *cred, int af) +{ + + (void)cred; + (void)af; + return (0); +} +#endif /* __rtems__ */ +#ifndef __rtems__ int prison_if(struct ucred *cred, struct sockaddr *sa); +#else /* __rtems__ */ +static inline int +prison_if(struct ucred *cred, struct sockaddr *sa) +{ + + (void)cred; + (void)sa; + return (0); +} +#endif /* __rtems__ */ char *prison_name(struct prison *, struct prison *); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(SYSCTL_HANDLER_ARGS); diff --git a/rtemsbsd/rtems/rtems-kernel-jail.c b/rtemsbsd/rtems/rtems-kernel-jail.c index d6ce1dd0..59068ed4 100644 --- a/rtemsbsd/rtems/rtems-kernel-jail.c +++ b/rtemsbsd/rtems/rtems-kernel-jail.c @@ -106,233 +106,3 @@ struct prison prison0 = { .pr_allow = PR_ALLOW_ALL_STATIC }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); - -/* - * See if a prison has the specific flag set. - */ -int -prison_flag(struct ucred *cred, unsigned flag) -{ - /* This is an atomic read, so no locking is necessary. */ - return (prison0.pr_flags & flag); -} - -void -prison_free(struct prison *pr) -{ -} - -void -prison_hold(struct prison *pr) -{ -} - -/* - * Check if given address belongs to the jail referenced by cred (wrapper to - * prison_check_ip[46]). - * - * Returns 0 if jail doesn't restrict the address family or if address belongs - * to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if - * the jail doesn't allow the address family. IPv4 Address passed in in NBO. - */ -int -prison_if(struct ucred *cred, struct sockaddr *sa) -{ - return 0; -} - -/* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour - * of the primary jail IPv6 address. Only in this case *ia will be updated and - * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv6. - */ -int -prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - return EAFNOSUPPORT; -} - -/* - * Check if given address belongs to the jail referenced by cred/prison. - * - * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv4. Address passed in in NBO. - */ -int -prison_check_ip4(const struct ucred *cred, const struct in_addr *ia) -{ - return 0; -} - -/* - * Assuming 0 means no restrictions. - * - * NOTE: RTEMS does not restrict via a jail so return 0. - */ -int -prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6) -{ - return 0; -} - -/* - * Make sure our (source) address is set to something meaningful to this - * jail. - * - * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv4. Address passed in in NBO and returned in NBO. - */ -int -prison_local_ip4(struct ucred *cred, struct in_addr *ia) -{ - return 0; -} - -/* - * Rewrite destination address in case we will connect to loopback address. - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. - * Address passed in in NBO and returned in NBO. - */ -int -prison_remote_ip4(struct ucred *cred, struct in_addr *ia) -{ - return 0; -} - -/* - * Make sure our (source) address is set to something meaningful to this jail. - * - * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0) - * when needed while binding. - * - * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv6. - * - * NOTE: RTEMS does not restrict via a jail so return 0. - */ -int -prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only) -{ - return 0; -} - -/* - * Rewrite destination address in case we will connect to loopback address. - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. - * - * NOTE: RTEMS does not restrict via a jail so return 0. - */ -int -prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - return 0; -} - -/* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour - * of the primary jail IPv4 address. Only in this case *ia will be updated and - * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv4. - */ -int -prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia) -{ - return 1; -} - -/* - * Pass back primary IPv4 address of this jail. - * - * If not restricted return success but do not alter the address. Caller has - * to make sure to initialize it correctly (e.g. INADDR_ANY). - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. - * Address returned in NBO. - */ -int -prison_get_ip4(struct ucred *cred, struct in_addr *ia) -{ - return 0; -} - -/* - * Return 1 if the passed credential is in a jail and that jail does not - * have its own virtual network stack, otherwise 0. - */ -int -jailed_without_vnet(struct ucred *cred) -{ - return 0; -} - -/* - * Pass back primary IPv6 address for this jail. - * - * If not restricted return success but do not alter the address. Caller has - * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT). - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. - */ -int -prison_get_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - return 0; -} -/* - * Return 0 if jails permit p1 to frob p2, otherwise ESRCH. - */ -int -prison_check(struct ucred *cred1, struct ucred *cred2) -{ - return 0; -} - -/* - * Check if a jail supports the given address family. - * - * Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT - * if not. - */ -int -prison_check_af(struct ucred *cred, int af) -{ - return 0; -} - -/* - * Return the correct hostname (domainname, et al) for the passed credential. - */ -void -getcredhostname(struct ucred *cred, char *buf, size_t size) -{ - gethostname(buf, size); -} - -void -getcreddomainname(struct ucred *cred, char *buf, size_t size) -{ - getdomainname(buf, size); -} - -void -getcredhostid(struct ucred *cred, unsigned long *hostid) -{ - *hostid = 0; -} - -/* - * Return 1 if the passed credential is in a jail, otherwise 0. - */ -int -jailed(struct ucred *cred) -{ - return 0; -} -- cgit v1.2.3