From owner-p4-projects@FreeBSD.ORG  Wed Jan 14 13:39:39 2004
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 885C816A4CF; Wed, 14 Jan 2004 13:39:39 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4BEE116A4D0
	for <perforce@freebsd.org>; Wed, 14 Jan 2004 13:39:39 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 135C743D82
	for <perforce@freebsd.org>; Wed, 14 Jan 2004 13:38:22 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0ELcJ0B021655
	for <perforce@freebsd.org>; Wed, 14 Jan 2004 13:38:19 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0ELcIws021652
	for perforce@freebsd.org; Wed, 14 Jan 2004 13:38:18 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Wed, 14 Jan 2004 13:38:18 -0800 (PST)
Message-Id: <200401142138.i0ELcIws021652@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 45360 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2004 21:39:39 -0000

http://perforce.freebsd.org/chv.cgi?CH=45360

Change 45360 by rwatson@rwatson_tislabs on 2004/01/14 13:38:17

	Break out memory allocation in audit_proc_init() and
	audit_proc_fork()  into audit_proc_alloc() to match
	audit_proc_free().  This allows us to avoid memory
	allocation while holding the process mutex.  While here,
	assert the process mutex for parent and child when
	forking, since we currently believe p_au and contents will
	be protected by that lock.  While here, fix a memory leak
	in the MAC code from when process creation fails.

Affected files ...

.. //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#3 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#3 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#12 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#11 edit

Differences ...

==== //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#3 (text+ko) ====

@@ -398,6 +398,7 @@
 	p->p_ucred->cr_ruidinfo = uifind(0);
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
 #ifdef AUDIT
+	audit_proc_alloc(p);
 	audit_proc_init(p);
 #endif
 #ifdef MAC

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#3 (text+ko) ====

@@ -290,6 +290,9 @@
 #ifdef MAC
 	mac_init_proc(newproc);
 #endif
+#ifdef AUDIT
+	audit_proc_alloc(newproc);
+#endif
 
 	/*
 	 * Although process entries are dynamically created, we still keep
@@ -739,6 +742,12 @@
 		printf("maxproc limit exceeded by uid %i, please see tuning(7) and login.conf(5).\n",
 			uid);
 	sx_xunlock(&allproc_lock);
+#ifdef MAC
+	mac_proc_destroy(newproc);
+#endif
+#ifdef AUDIT
+	audit_proc_free(newproc);
+#endif
 	uma_zfree(proc_zone, newproc);
 	if (p1->p_flag & P_SA) {
 		PROC_LOCK(p1);

==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#12 (text+ko) ====

@@ -1251,6 +1251,16 @@
 	ar->k_ar.ar_valid_arg |= ARG_SVIPC_ADDR;
 }
 
+/*
+ * Allocate storage for a new process (init, or otherwise).
+ */
+void
+audit_proc_alloc(struct proc *p)
+{
+
+	p->p_au = malloc(sizeof(*p->p_au), M_AUDIT, M_WAITOK);
+}
+
 /* 
  * Initialize the audit information for the a process, presumably the first 
  * process in the system.
@@ -1261,25 +1271,19 @@
 audit_proc_init(struct proc *p)
 {
 
-	p->p_au = malloc(sizeof(*p->p_au), M_AUDIT, M_WAITOK);
 	bzero((void *)p->p_au, sizeof(*p->p_au));
 }
 
 /* 
  * Copy the audit info from the parent process to the child process when
  * a fork takes place.
- * XXX Need to check for failure from the memory allocation, in here
- * as well as in any functions that use the process auditing info.
  */
 void
 audit_proc_fork(struct proc *parent, struct proc *child)
 {
 
-	/* Always set up the audit information pointer as this function
-	 * should only be called when the proc is new. If proc structures
-	 * are ever cached and reused, then this behavior will leak memory.
-	 */
-	child->p_au = malloc(sizeof(*child->p_au), M_AUDIT, M_WAITOK);
+	PROC_LOCK_ASSERT(parent, MA_OWNED);
+	PROC_LOCK_ASSERT(child, MA_OWNED);
 	bcopy(parent->p_au, child->p_au, sizeof(*child->p_au));
 }
 

==== //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#11 (text+ko) ====

@@ -154,6 +154,7 @@
 void			 audit_arg_svipc_id(int id);
 void			 audit_arg_svipc_addr(void *addr);
 
+void			 audit_proc_alloc(struct proc *p);
 void			 audit_proc_init(struct proc *p);
 void			 audit_proc_fork(struct proc *parent, 
 					 struct proc *child);