Index: ufs/ufs/ufs_vnops.c =================================================================== --- ufs/ufs/ufs_vnops.c (revision 191134) +++ ufs/ufs/ufs_vnops.c (working copy) @@ -374,7 +374,7 @@ #ifdef UFS_ACL if ((vp->v_mount->mnt_flag & MNT_ACLS) != 0) { - acl = uma_zalloc(acl_zone, M_WAITOK); + acl = acl_alloc(M_WAITOK); error = VOP_GETACL(vp, ACL_TYPE_ACCESS, acl, ap->a_cred, ap->a_td); switch (error) { @@ -398,7 +398,7 @@ error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, ap->a_accmode, ap->a_cred, NULL); } - uma_zfree(acl_zone, acl); + acl_free(acl); } else #endif /* !UFS_ACL */ error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, @@ -1507,8 +1507,8 @@ #ifdef UFS_ACL acl = dacl = NULL; if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { - acl = uma_zalloc(acl_zone, M_WAITOK); - dacl = uma_zalloc(acl_zone, M_WAITOK); + acl = acl_alloc(M_WAITOK); + dacl = acl_alloc(M_WAITOK); /* * Retrieve default ACL from parent, if any. @@ -1538,16 +1538,16 @@ */ ip->i_mode = dmode; DIP_SET(ip, i_mode, dmode); - uma_zfree(acl_zone, acl); - uma_zfree(acl_zone, dacl); + acl_free(acl); + acl_free(dacl); dacl = acl = NULL; break; default: UFS_VFREE(tvp, ip->i_number, dmode); vput(tvp); - uma_zfree(acl_zone, acl); - uma_zfree(acl_zone, dacl); + acl_free(acl); + acl_free(dacl); return (error); } } else { @@ -1617,13 +1617,13 @@ break; default: - uma_zfree(acl_zone, acl); - uma_zfree(acl_zone, dacl); + acl_free(acl); + acl_free(dacl); dacl = acl = NULL; goto bad; } - uma_zfree(acl_zone, acl); - uma_zfree(acl_zone, dacl); + acl_free(acl); + acl_free(dacl); dacl = acl = NULL; } #endif /* !UFS_ACL */ @@ -1689,9 +1689,9 @@ } else { #ifdef UFS_ACL if (acl != NULL) - uma_zfree(acl_zone, acl); + acl_free(acl); if (dacl != NULL) - uma_zfree(acl_zone, dacl); + acl_free(dacl); #endif dp->i_effnlink--; dp->i_nlink--; @@ -2325,7 +2325,7 @@ #ifdef UFS_ACL acl = NULL; if ((dvp->v_mount->mnt_flag & MNT_ACLS) != 0) { - acl = uma_zalloc(acl_zone, M_WAITOK); + acl = acl_alloc(M_WAITOK); /* * Retrieve default ACL for parent, if any. @@ -2360,14 +2360,14 @@ */ ip->i_mode = mode; DIP_SET(ip, i_mode, mode); - uma_zfree(acl_zone, acl); + acl_free(acl); acl = NULL; break; default: UFS_VFREE(tvp, ip->i_number, mode); vput(tvp); - uma_zfree(acl_zone, acl); + acl_free(acl); acl = NULL; return (error); } @@ -2433,10 +2433,10 @@ break; default: - uma_zfree(acl_zone, acl); + acl_free(acl); goto bad; } - uma_zfree(acl_zone, acl); + acl_free(acl); } #endif /* !UFS_ACL */ ufs_makedirentry(ip, cnp, &newdir); Index: kern/vfs_acl.c =================================================================== --- kern/vfs_acl.c (revision 191134) +++ kern/vfs_acl.c (working copy) @@ -81,28 +81,31 @@ vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type, struct acl *aclp) { - struct acl inkernacl; + struct acl *inkernelacl; struct mount *mp; int error; - error = copyin(aclp, &inkernacl, sizeof(struct acl)); + inkernelacl = acl_alloc(M_WAITOK); + error = copyin(aclp, inkernelacl, sizeof(struct acl)); if (error) - return(error); + goto out_free; error = vn_start_write(vp, &mp, V_WAIT | PCATCH); if (error != 0) - return (error); + goto out_free; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); #ifdef MAC - error = mac_vnode_check_setacl(td->td_ucred, vp, type, &inkernacl); + error = mac_vnode_check_setacl(td->td_ucred, vp, type, inkernelacl); if (error != 0) goto out; #endif - error = VOP_SETACL(vp, type, &inkernacl, td->td_ucred, td); + error = VOP_SETACL(vp, type, inkernelacl, td->td_ucred, td); #ifdef MAC out: #endif VOP_UNLOCK(vp, 0); vn_finished_write(mp); +out_free: + acl_free(inkernelacl); return(error); } @@ -113,22 +116,24 @@ vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type, struct acl *aclp) { - struct acl inkernelacl; + struct acl *inkernelacl; int error; + inkernelacl = acl_alloc(M_WAITOK); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); #ifdef MAC error = mac_vnode_check_getacl(td->td_ucred, vp, type); if (error != 0) goto out; #endif - error = VOP_GETACL(vp, type, &inkernelacl, td->td_ucred, td); + error = VOP_GETACL(vp, type, inkernelacl, td->td_ucred, td); #ifdef MAC out: #endif VOP_UNLOCK(vp, 0); if (error == 0) - error = copyout(&inkernelacl, aclp, sizeof(struct acl)); + error = copyout(inkernelacl, aclp, sizeof(struct acl)); + acl_free(inkernelacl); return (error); } @@ -166,13 +171,16 @@ vacl_aclcheck(struct thread *td, struct vnode *vp, acl_type_t type, struct acl *aclp) { - struct acl inkernelacl; + struct acl *inkernelacl; int error; - error = copyin(aclp, &inkernelacl, sizeof(struct acl)); + inkernelacl = acl_alloc(M_WAITOK); + error = copyin(aclp, inkernelacl, sizeof(struct acl)); if (error) - return(error); - error = VOP_ACLCHECK(vp, type, &inkernelacl, td->td_ucred, td); + goto out_free; + error = VOP_ACLCHECK(vp, type, inkernelacl, td->td_ucred, td); +out_free: + acl_free(inkernelacl); return (error); } @@ -417,6 +425,30 @@ return (error); } +/* + * Allocate "struct acl" instance. + */ +struct acl * +acl_alloc(int flags) +{ + struct acl *aclp; + + aclp = uma_zalloc(acl_zone, flags | M_ZERO); + + return (aclp); +} + +/* + * Free "struct acl". + */ +void +acl_free(struct acl *aclp) +{ + + uma_zfree(acl_zone, aclp); +} + + /* ARGUSED */ static void Index: sys/acl.h =================================================================== --- sys/acl.h (revision 191134) +++ sys/acl.h (working copy) @@ -116,8 +116,6 @@ #ifdef _KERNEL -extern uma_zone_t acl_zone; - /* * POSIX.1e ACLs are capable of expressing the read, write, and execute bits * of the POSIX mode field. We provide two masks: one that defines the bits @@ -141,6 +139,8 @@ mode_t acl_posix1e_acl_to_mode(struct acl *acl); mode_t acl_posix1e_newfilemode(mode_t cmode, struct acl *dacl); +struct acl *acl_alloc(int flags); +void acl_free(struct acl *aclp); /* * File system independent syntax check for a POSIX.1e ACL.