From owner-p4-projects@FreeBSD.ORG Sun Jun 6 20:43:24 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2704910656F1; Sun, 6 Jun 2010 20:43:24 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDAD610656DF for ; Sun, 6 Jun 2010 20:43:23 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from repoman.freebsd.org (unknown [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id C943B8FC0A for ; Sun, 6 Jun 2010 20:43:23 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o56KhN3G038906 for ; Sun, 6 Jun 2010 20:43:23 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o56KhNgR038902 for perforce@freebsd.org; Sun, 6 Jun 2010 20:43:23 GMT (envelope-from gpf@FreeBSD.org) Date: Sun, 6 Jun 2010 20:43:23 GMT Message-Id: <201006062043.o56KhNgR038902@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 179269 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jun 2010 20:43:24 -0000 http://p4web.freebsd.org/@@179269?ac=10 Change 179269 by gpf@gpf_desktop on 2010/06/06 20:42:52 Current nfs server: - These changed aim to make the audit code less racy as well as friendly to mp-unsafe filesystems, e.g: Having vfs locked and vnode locked when calling AUDIT_ARG_VNODE1(). Keeping our own reference counter for the vnodes so that they are valid when we are calling the vn_fullpath_* KPIs, which must be called after we unlock the vfs. - fixed a small bug - also a few styl(9)ish changes since I'm here, mostly changing all vnode pointer variable names to AUDIT_* - one or two minor changes as well Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#14 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#14 (text+ko) ==== @@ -88,7 +88,7 @@ #include #include -/* xxxgpf: 4 debuging */ +/* xxxgpf: 4 debugging */ #include #include @@ -320,16 +320,19 @@ nfsm_srvmtofh(fhp); tl = nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED); error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp, - nam, &rdonly, TRUE); - - AUDIT_vp = vp; - + nam, &rdonly, TRUE); if (error) { nfsm_reply(NFSX_UNSIGNED); nfsm_srvpostop_attr(1, NULL); error = 0; goto nfsmout; } + + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } nfsmode = fxdr_unsigned(u_int32_t, *tl); if ((nfsmode & NFSV3ACCESS_READ) && nfsrv_access(vp, VREAD, cred, rdonly, 0)) @@ -362,11 +365,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (AUDIT_vp != NULL) { - AUDIT_ARG_VNODE1(AUDIT_vp); + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); - } + vrele(AUDIT_vp); } return(error); @@ -401,14 +403,17 @@ nfsm_srvmtofh(fhp); error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp, nam, &rdonly, TRUE); - - AUDIT_vp = vp; - if (error) { nfsm_reply(0); error = 0; goto nfsmout; } + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + error = VOP_GETATTR(vp, vap, cred); vput(vp); vp = NULL; @@ -428,11 +433,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (AUDIT_vp != NULL) { - AUDIT_ARG_VNODE1(AUDIT_vp); + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); - } + vrele(AUDIT_vp); } return(error); @@ -523,9 +527,6 @@ */ error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp, nam, &rdonly, TRUE); - - AUDIT_vp = vp; - vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked); if (error) { nfsm_reply(2 * NFSX_UNSIGNED); @@ -535,6 +536,10 @@ goto nfsmout; } + AUDIT_vp = vp; + if (AUDIT_vp != NULL) + vref(AUDIT_vp); + /* * vp now an active resource, pay careful attention to cleanup */ @@ -573,6 +578,8 @@ goto out; } error = VOP_SETATTR(vp, vap, cred); + if (AUDIT_vp != NULL) + AUDIT_ARG_VNODE1(AUDIT_vp); postat_ret = VOP_GETATTR(vp, vap, cred); if (!error) error = postat_ret; @@ -599,11 +606,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (AUDIT_vp != NULL) { - AUDIT_ARG_VNODE1(AUDIT_vp); + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); - } + vrele(AUDIT_vp); } return(error); @@ -654,7 +660,6 @@ * namei failure, only dirp to cleanup. Clear out garbarge from * structure in case macros jump to nfsmout. */ - if (error) { if (dirp) { vrele(dirp); @@ -667,6 +672,12 @@ goto nfsmout; } + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + /* * Locate index file for public filehandle * @@ -750,16 +761,12 @@ * Get underlying attribute, then release remaining resources ( for * the same potential blocking reason ) and reply. */ - vp = ndp->ni_vp; - - AUDIT_vp = vp; - + vp = ndp->ni_vp; bzero((caddr_t)fhp, sizeof(nfh)); fhp->fh_fsid = vp->v_mount->mnt_stat.f_fsid; error = VOP_VPTOFH(vp, &fhp->fh_fid, ndp->ni_dvp); if (!error) error = VOP_GETATTR(vp, vap, cred); - vput(vp); vrele(ndp->ni_startdir); vrele(dirp); @@ -797,11 +804,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (AUDIT_vp != NULL) { - AUDIT_ARG_VNODE1(AUDIT_vp); + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); - } + vrele(AUDIT_vp); } return (error); @@ -827,7 +833,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mp3, *nmp, *mreq; struct vnode *vp = NULL; - struct vnode *link_vp = NULL; + struct vnode *AUDIT_vp = NULL; struct vattr attr; nfsfh_t nfh; fhandle_t *fhp; @@ -872,10 +878,7 @@ uiop->uio_segflg = UIO_SYSSPACE; uiop->uio_td = NULL; error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp, - nam, &rdonly, TRUE); - - link_vp = vp; - + nam, &rdonly, TRUE); if (error) { nfsm_reply(2 * NFSX_UNSIGNED); if (v3) @@ -883,6 +886,12 @@ error = 0; goto nfsmout; } + + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } if (vp->v_type != VLNK) { if (v3) error = EINVAL; @@ -917,11 +926,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (link_vp != NULL) { - AUDIT_ARG_VNODE1(link_vp); - nfsrv_auditpath(link_vp, NULL, NULL, fhp, 1); - } + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); + vrele(AUDIT_vp); } return(error); @@ -950,7 +958,7 @@ struct mbuf *mb, *mreq; struct mbuf *m2; struct vnode *vp = NULL; - struct vnode *new_vp = NULL; + struct vnode *AUDIT_vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -981,8 +989,7 @@ */ error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp, - nam, &rdonly, TRUE); - new_vp = vp; + nam, &rdonly, TRUE); if (error) { vp = NULL; nfsm_reply(2 * NFSX_UNSIGNED); @@ -991,7 +998,13 @@ error = 0; goto nfsmout; } - + + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + if (vp->v_type != VREG) { if (v3) error = EINVAL; @@ -1179,11 +1192,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (new_vp != NULL) { - AUDIT_ARG_VNODE1(new_vp); - nfsrv_auditpath(new_vp, NULL, NULL, fhp, 1); - } + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); + vrele(AUDIT_vp); } return(error); @@ -1215,7 +1227,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *vp = NULL; - struct vnode *new_vp = NULL; + struct vnode *AUDIT_vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -1295,7 +1307,6 @@ } error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp, nam, &rdonly, TRUE); - new_vp = vp; vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked); if (error) { vp = NULL; @@ -1304,8 +1315,14 @@ nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap); error = 0; goto nfsmout; - } - + } + + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + if (v3) forat_ret = VOP_GETATTR(vp, &forat, cred); if (vp->v_type != VREG) { @@ -1410,11 +1427,10 @@ VFS_UNLOCK_GIANT(vfslocked); /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - if (new_vp != NULL) { - AUDIT_ARG_VNODE1(new_vp); - nfsrv_auditpath(new_vp, NULL, NULL, fhp, 1); - } + if (AUDIT_vp != NULL) { + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 1); + vrele(AUDIT_vp); } return(error); @@ -1443,6 +1459,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3), how, exclusive_flag = 0; struct mbuf *mb, *mreq; struct vnode *dirp = NULL; + struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL; nfsfh_t nfh; fhandle_t *fhp; u_quad_t tempsize; @@ -1497,6 +1514,10 @@ goto nfsmout; } + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + /* * No error. Continue. State: * @@ -1555,7 +1576,6 @@ break; }; } - AUDIT_ARG_MODE(vap->va_mode); /* * Iff doesn't exist, create it @@ -1568,6 +1588,7 @@ if (nd.ni_vp == NULL) { if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; + AUDIT_ARG_MODE(vap->va_mode); if (vap->va_type == VREG || vap->va_type == VSOCK) { error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); if (error) @@ -1639,6 +1660,7 @@ error = ENXIO; } } else { + AUDIT_ARG_MODE(vap->va_mode); if (vap->va_size != -1) { error = nfsrv_access(nd.ni_vp, VWRITE, cred, (nd.ni_cnd.cn_flags & RDONLY), 0); @@ -1650,6 +1672,11 @@ } } } + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } if (!error) { bzero((caddr_t)fhp, sizeof(nfh)); @@ -1717,12 +1744,17 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - nfsrv_auditpath(nd.ni_vp, nd.ni_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); - if (nd.ni_vp != NULL) - AUDIT_ARG_VNODE1(nd.ni_vp); - } + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return (error); } @@ -1786,9 +1818,6 @@ error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, FALSE); - - AUDIT_dvp = nd.ni_dvp; - vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd); if (error) { nfsm_reply(NFSX_WCCDATA(1)); @@ -1796,6 +1825,11 @@ error = 0; goto nfsmout; } + + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + tl = nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED); vtyp = nfsv3tov_type(*tl); if (vtyp != VCHR && vtyp != VBLK && vtyp != VSOCK && vtyp != VFIFO) { @@ -1809,8 +1843,7 @@ major = fxdr_unsigned(u_int32_t, *tl++); minor = fxdr_unsigned(u_int32_t, *tl); vap->va_rdev = makedev(major, minor); - } - AUDIT_ARG_MODE(vap->va_mode); + } /* * Iff doesn't exist, create it. @@ -1822,27 +1855,37 @@ vap->va_type = vtyp; if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; + AUDIT_ARG_MODE(vap->va_mode); if (vtyp == VSOCK) { vrele(nd.ni_startdir); nd.ni_startdir = NULL; error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); - AUDIT_vp = nd.ni_vp; - if (error) NDFREE(&nd, NDF_ONLY_PNBUF); + else { + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + } } else { if (vtyp != VFIFO && (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, 0))) goto out; error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); - AUDIT_vp = nd.ni_vp; - if (error) { NDFREE(&nd, NDF_ONLY_PNBUF); goto out; } + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + vput(nd.ni_vp); nd.ni_vp = NULL; @@ -1917,12 +1960,17 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); - if (AUDIT_vp != NULL) - AUDIT_ARG_VNODE1(AUDIT_vp); - } + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return (0); nfsmout: if (nd.ni_dvp) { @@ -1941,12 +1989,17 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDITING_TD(curthread)) nfsrv_auditpath(AUDIT_vp, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); - if (AUDIT_vp != NULL) - AUDIT_ARG_VNODE1(AUDIT_vp); - } + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return (error); } @@ -1968,7 +2021,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *dirp; - struct vnode *parent_dvp = NULL; + struct vnode *AUDIT_dvp = NULL; struct vattr dirfor, diraft; nfsfh_t nfh; fhandle_t *fhp; @@ -1995,18 +2048,18 @@ nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE; error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, FALSE); - - parent_dvp = nd.ni_dvp; - if (nd.ni_vp != NULL) { - AUDIT_ARG_VNODE1(nd.ni_vp); - } - vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd); if (dirp && !v3) { vrele(dirp); dirp = NULL; } if (error == 0) { + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + if (nd.ni_vp != NULL) + AUDIT_ARG_VNODE1(nd.ni_vp); + if (nd.ni_vp->v_type == VDIR) { error = EPERM; /* POSIX */ goto out; @@ -2065,9 +2118,15 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - nfsrv_auditpath(NULL, parent_dvp, nd.ni_cnd.cn_pnbuf, NULL, 1); + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDIT_dvp != NULL) { + if (AUDITING_TD(curthread)) + nfsrv_auditpath(NULL, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, NULL, 1); + vrele(AUDIT_dvp); } return(error); @@ -2091,7 +2150,7 @@ struct mbuf *mb, *mreq; struct nameidata fromnd, tond; struct vnode *fvp, *tvp, *tdvp, *fdirp = NULL; - struct vnode *from_dvp = NULL, *to_dvp = NULL, *vp = NULL; + struct vnode *AUDIT_fromdvp = NULL, *AUDIT_todvp = NULL, *AUDIT_vp = NULL; struct vnode *tdirp = NULL; struct vattr fdirfor, fdiraft, tdirfor, tdiraft; nfsfh_t fnfh, tnfh; @@ -2148,6 +2207,17 @@ error = 0; goto nfsmout; } + + AUDIT_vp = fromnd.ni_vp; + if (AUDIT_vp != NULL) { + vn_lock(AUDIT_vp, LK_SHARED); + AUDIT_ARG_VNODE1(AUDIT_vp); + VOP_UNLOCK(AUDIT_vp, 0); + } + AUDIT_fromdvp = fromnd.ni_dvp; + if (AUDIT_fromdvp != NULL) + vref(AUDIT_fromdvp); + fvp = fromnd.ni_vp; nfsm_srvmtofh(tfhp); nfsm_srvnamesiz(len2); @@ -2157,12 +2227,7 @@ tond.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | MPSAFE; error = nfs_namei(&tond, nfsd, tfhp, len2, slp, nam, &md, &dpos, &tdirp, v3, &tdirfor, &tdirfor_ret, FALSE); - vfslocked = nfsrv_lockedpair_nd(vfslocked, &tond); - - from_dvp = fromnd.ni_dvp; - to_dvp = tond.ni_dvp; - vp = fromnd.ni_vp; - + vfslocked = nfsrv_lockedpair_nd(vfslocked, &tond); if (tdirp && !v3) { vrele(tdirp); tdirp = NULL; @@ -2170,6 +2235,10 @@ if (error) goto out1; + AUDIT_todvp = tond.ni_dvp; + if (AUDIT_todvp != NULL) + vref(AUDIT_todvp); + tdvp = tond.ni_dvp; tvp = tond.ni_vp; if (tvp != NULL) { @@ -2310,13 +2379,19 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ if (AUDITING_TD(curthread)) { - nfsrv_auditpath(NULL, from_dvp, fromnd.ni_cnd.cn_pnbuf, NULL, 1); - if (vp != NULL) - AUDIT_ARG_VNODE1(vp); - nfsrv_auditpath(NULL, to_dvp, tond.ni_cnd.cn_pnbuf, NULL, 2); + nfsrv_auditpath(NULL, AUDIT_fromdvp, fromnd.ni_cnd.cn_pnbuf, NULL, 1); + nfsrv_auditpath(NULL, AUDIT_todvp, tond.ni_cnd.cn_pnbuf, NULL, 2); } + if (AUDIT_fromdvp != NULL) + vrele(AUDIT_fromdvp); + if (AUDIT_todvp != NULL) + vrele(AUDIT_todvp); return (error); } @@ -2338,7 +2413,7 @@ int getret = 1, v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *vp = NULL, *xp, *dirp = NULL; - struct vnode *new_vp = NULL, *parent_dir_vp = NULL; + struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL; struct vattr dirfor, diraft, at; nfsfh_t nfh, dnfh; fhandle_t *fhp, *dfhp; @@ -2376,6 +2451,12 @@ error = 0; goto nfsmout; } + + AUDIT_vp = vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } if (v3) getret = VOP_GETATTR(vp, &at, cred); if (vp->v_type == VDIR) { @@ -2398,6 +2479,11 @@ vp = NULL; goto out2; } + + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + xp = nd.ni_vp; if (xp != NULL) { error = EEXIST; @@ -2413,10 +2499,7 @@ goto out2; } vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); - error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd); - - parent_dir_vp = nd.ni_dvp; - new_vp = nd.ni_vp; + error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd); NDFREE(&nd, NDF_ONLY_PNBUF); /* fall through */ @@ -2471,13 +2554,19 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ if (AUDITING_TD(curthread)) { - nfsrv_auditpath(NULL, parent_dir_vp, nd.ni_cnd.cn_pnbuf, NULL, 1); - if (vp != NULL) - AUDIT_ARG_VNODE1(vp); - nfsrv_auditpath(vp, NULL, NULL, fhp, 2); + nfsrv_auditpath(NULL, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, NULL, 1); + nfsrv_auditpath(AUDIT_vp, NULL, NULL, fhp, 2); } + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return(error); } @@ -2504,7 +2593,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *dirp = NULL; - struct vnode *symlink_vp = NULL, *parent_dir_vp = NULL; + struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct mount *mp = NULL; @@ -2537,6 +2626,11 @@ nfsm_srvsattr(vap); nfsm_srvpathsiz(len2); } + + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + if (dirp && !v3) { vrele(dirp); dirp = NULL; @@ -2565,22 +2659,25 @@ } if (pathcp != NULL) - AUDIT_ARG_UPATH2(curthread, pathcp); - AUDIT_ARG_MODE(vap->va_mode); + AUDIT_ARG_UPATH2(curthread, pathcp); /* * issue symlink op. SAVESTART is set so the underlying path component * is only freed by the VOP if an error occurs. */ if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; + AUDIT_ARG_MODE(vap->va_mode); error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, pathcp); if (error) NDFREE(&nd, NDF_ONLY_PNBUF); - else - vput(nd.ni_vp); - - symlink_vp = nd.ni_vp; - parent_dir_vp = nd.ni_dvp; + else { + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + vput(nd.ni_vp); + } nd.ni_vp = NULL; /* @@ -2614,7 +2711,7 @@ if (error == 0) { bzero((caddr_t)fhp, sizeof(nfh)); fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid; - error = VOP_VPTOFH(nd.ni_vp, &fhp->fh_fid, parent_dir_vp); + error = VOP_VPTOFH(nd.ni_vp, &fhp->fh_fid, AUDIT_dvp); if (!error) error = VOP_GETATTR(nd.ni_vp, vap, cred); vput(nd.ni_vp); @@ -2671,12 +2768,17 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - nfsrv_auditpath(symlink_vp, parent_dir_vp, nd.ni_cnd.cn_pnbuf, fhp, 1); - if (symlink_vp != NULL) - AUDIT_ARG_VNODE1(symlink_vp); - } + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return (error); } @@ -2702,7 +2804,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *dirp = NULL; - struct vnode *new_dir_vp = NULL, *parent_dir_vp = NULL; + struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL; int vpexcl = 0; nfsfh_t nfh; fhandle_t *fhp; @@ -2741,6 +2843,10 @@ error = 0; goto nfsmout; } + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + VATTR_NULL(vap); if (v3) { nfsm_srvsattr(vap); @@ -2759,8 +2865,7 @@ NDFREE(&nd, NDF_ONLY_PNBUF); error = EEXIST; goto out; - } - AUDIT_ARG_MODE(vap->va_mode); + } /* * Issue mkdir op. Since SAVESTART is not set, the pathname @@ -2769,11 +2874,8 @@ */ if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; - error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); - - new_dir_vp = nd.ni_vp; - parent_dir_vp = nd.ni_dvp; - + AUDIT_ARG_MODE(vap->va_mode); + error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); NDFREE(&nd, NDF_ONLY_PNBUF); vpexcl = 1; @@ -2781,9 +2883,15 @@ nd.ni_dvp = NULL; if (!error) { + AUDIT_vp = nd.ni_vp; + if (AUDIT_vp != NULL) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } + bzero((caddr_t)fhp, sizeof(nfh)); fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid; - error = VOP_VPTOFH(nd.ni_vp, &fhp->fh_fid, parent_dir_vp); + error = VOP_VPTOFH(nd.ni_vp, &fhp->fh_fid, AUDIT_dvp); if (!error) error = VOP_GETATTR(nd.ni_vp, vap, cred); } @@ -2847,12 +2955,17 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - nfsrv_auditpath(new_dir_vp, parent_dir_vp, nd.ni_cnd.cn_pnbuf, fhp, 1); - if (new_dir_vp != NULL) - AUDIT_ARG_VNODE1(new_dir_vp); - } + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDITING_TD(curthread)) + nfsrv_auditpath(AUDIT_vp, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, fhp, 1); + if (AUDIT_dvp != NULL) + vrele(AUDIT_dvp); + if (AUDIT_vp != NULL) + vrele(AUDIT_vp); return (error); } @@ -2873,7 +2986,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *vp, *dirp = NULL; - struct vnode *parent_dvp = NULL; + struct vnode *AUDIT_dvp = NULL; struct vattr dirfor, diraft; nfsfh_t nfh; fhandle_t *fhp; @@ -2901,11 +3014,6 @@ error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, FALSE); - parent_dvp = nd.ni_dvp; - if (nd.ni_vp != NULL) { - AUDIT_ARG_VNODE1(nd.ni_vp); - } - vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd); if (dirp && !v3) { vrele(dirp); @@ -2918,6 +3026,12 @@ error = 0; goto nfsmout; } + AUDIT_dvp = nd.ni_dvp; + if (AUDIT_dvp != NULL) + vref(AUDIT_dvp); + if (nd.ni_vp != NULL) + AUDIT_ARG_VNODE1(nd.ni_vp); + vp = nd.ni_vp; if (vp->v_type != VDIR) { error = ENOTDIR; @@ -2986,10 +3100,16 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); - /* XXX AUDIT */ - if (AUDITING_TD(curthread)) { - nfsrv_auditpath(NULL, parent_dvp, nd.ni_cnd.cn_pnbuf, NULL, 1); - } + /* + * XXXgpf: + * There's a chance that nd.ni_cnd.cn_pnbuf contains junk, + * if an error occured; do we mind? + */ + if (AUDIT_dvp != NULL) { + if (AUDITING_TD(curthread)) + nfsrv_auditpath(NULL, AUDIT_dvp, nd.ni_cnd.cn_pnbuf, NULL, 1); + vrele(AUDIT_dvp); + } return(error); } @@ -3049,7 +3169,7 @@ struct mbuf *mb, *mreq; char *cpos, *cend, *rbuf; struct vnode *vp = NULL; - struct vnode *dir_vp = NULL; + struct vnode *AUDIT_vp = NULL; struct vattr at; nfsfh_t nfh; fhandle_t *fhp; @@ -3088,7 +3208,13 @@ fullsiz = siz; error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp, nam, &rdonly, TRUE); - dir_vp = vp; + if (!error) { >>> TRUNCATED FOR MAIL (1000 lines) <<<