From owner-svn-src-all@FreeBSD.ORG Wed Feb 25 13:42:39 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1AE6C106566B; Wed, 25 Feb 2009 13:42:39 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0775B8FC19; Wed, 25 Feb 2009 13:42:39 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n1PDgc8t098368; Wed, 25 Feb 2009 13:42:38 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n1PDgcdd098367; Wed, 25 Feb 2009 13:42:38 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200902251342.n1PDgcdd098367@svn.freebsd.org> From: Robert Watson Date: Wed, 25 Feb 2009 13:42:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r189038 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb security/audit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2009 13:42:39 -0000 Author: rwatson Date: Wed Feb 25 13:42:38 2009 New Revision: 189038 URL: http://svn.freebsd.org/changeset/base/189038 Log: Merge r184825 from head to stable/7: Wrap sx locking of the audit worker sleep lock in macros, update comments. Sponsored by: Apple, Inc. Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/ath/ath_hal/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/security/audit/audit_worker.c Modified: stable/7/sys/security/audit/audit_worker.c ============================================================================== --- stable/7/sys/security/audit/audit_worker.c Wed Feb 25 13:30:17 2009 (r189037) +++ stable/7/sys/security/audit/audit_worker.c Wed Feb 25 13:42:38 2009 (r189038) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2005 Apple Inc. + * Copyright (c) 1999-2008 Apple Inc. * Copyright (c) 2006-2008 Robert N. M. Watson * All rights reserved. * @@ -78,17 +78,24 @@ static struct proc *audit_thread; /* * audit_cred and audit_vp are the stored credential and vnode to use for - * active audit trail. They are protected by audit_worker_sx, which will be - * held across all I/O and all rotation to prevent them from being replaced - * (rotated) while in use. The audit_file_rotate_wait flag is set when the - * kernel has delivered a trigger to auditd to rotate the trail, and is - * cleared when the next rotation takes place. It is also protected by - * audit_worker_sx. + * active audit trail. They are protected by the audit worker lock, which + * will be held across all I/O and all rotation to prevent them from being + * replaced (rotated) while in use. The audit_file_rotate_wait flag is set + * when the kernel has delivered a trigger to auditd to rotate the trail, and + * is cleared when the next rotation takes place. It is also protected by + * the audit worker lock. */ static int audit_file_rotate_wait; -static struct sx audit_worker_sx; static struct ucred *audit_cred; static struct vnode *audit_vp; +static struct sx audit_worker_lock; + +#define AUDIT_WORKER_LOCK_INIT() sx_init(&audit_worker_lock, \ + "audit_worker_lock"); +#define AUDIT_WORKER_LOCK_ASSERT() sx_assert(&audit_worker_lock, \ + SA_XLOCKED) +#define AUDIT_WORKER_LOCK() sx_xlock(&audit_worker_lock) +#define AUDIT_WORKER_UNLOCK() sx_xunlock(&audit_worker_lock) /* * Write an audit record to a file, performed as the last stage after both @@ -111,7 +118,7 @@ audit_record_write(struct vnode *vp, str struct vattr vattr; long temp; - sx_assert(&audit_worker_sx, SA_LOCKED); /* audit_file_rotate_wait. */ + AUDIT_WORKER_LOCK_ASSERT(); if (vp == NULL) return; @@ -191,7 +198,7 @@ audit_record_write(struct vnode *vp, str */ if ((audit_fstat.af_filesz != 0) && (audit_file_rotate_wait == 0) && (vattr.va_size >= audit_fstat.af_filesz)) { - sx_assert(&audit_worker_sx, SA_XLOCKED); + AUDIT_WORKER_LOCK_ASSERT(); audit_file_rotate_wait = 1; (void)audit_send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL); @@ -300,20 +307,20 @@ audit_worker_process_record(struct kaudi au_event_t event; au_id_t auid; int error, sorf; - int trail_locked; + int locked; /* - * We hold the audit_worker_sx lock over both writes, if there are - * two, so that the two records won't be split across a rotation and - * end up in two different trail files. + * We hold the audit worker lock over both writes, if there are two, + * so that the two records won't be split across a rotation and end + * up in two different trail files. */ if (((ar->k_ar_commit & AR_COMMIT_USER) && (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) || (ar->k_ar_commit & AR_PRESELECT_TRAIL)) { - sx_xlock(&audit_worker_sx); - trail_locked = 1; + AUDIT_WORKER_LOCK(); + locked = 1; } else - trail_locked = 0; + locked = 0; /* * First, handle the user record, if any: commit to the system trail @@ -321,7 +328,7 @@ audit_worker_process_record(struct kaudi */ if ((ar->k_ar_commit & AR_COMMIT_USER) && (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) { - sx_assert(&audit_worker_sx, SA_XLOCKED); + AUDIT_WORKER_LOCK_ASSERT(); audit_record_write(audit_vp, audit_cred, ar->k_udata, ar->k_ulen); } @@ -360,7 +367,7 @@ audit_worker_process_record(struct kaudi } if (ar->k_ar_commit & AR_PRESELECT_TRAIL) { - sx_assert(&audit_worker_sx, SA_XLOCKED); + AUDIT_WORKER_LOCK_ASSERT(); audit_record_write(audit_vp, audit_cred, bsm->data, bsm->len); } @@ -371,8 +378,8 @@ audit_worker_process_record(struct kaudi kau_free(bsm); out: - if (trail_locked) - sx_xunlock(&audit_worker_sx); + if (locked) + AUDIT_WORKER_UNLOCK(); } /* @@ -453,14 +460,14 @@ audit_rotate_vnode(struct ucred *cred, s * Rotate the vnode/cred, and clear the rotate flag so that we will * send a rotate trigger if the new file fills. */ - sx_xlock(&audit_worker_sx); + AUDIT_WORKER_LOCK(); old_audit_cred = audit_cred; old_audit_vp = audit_vp; audit_cred = cred; audit_vp = vp; audit_file_rotate_wait = 0; audit_enabled = (audit_vp != NULL); - sx_xunlock(&audit_worker_sx); + AUDIT_WORKER_UNLOCK(); /* * If there was an old vnode/credential, close and free. @@ -479,7 +486,7 @@ audit_worker_init(void) { int error; - sx_init(&audit_worker_sx, "audit_worker_sx"); + AUDIT_WORKER_LOCK_INIT(); error = kthread_create(audit_worker, NULL, &audit_thread, RFHIGHPID, 0, "audit"); if (error)