From owner-p4-projects@FreeBSD.ORG  Sat Aug 15 13:40:46 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id BD4E7106568F; Sat, 15 Aug 2009 13:40:45 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69AA6106568C
	for <perforce@FreeBSD.org>; Sat, 15 Aug 2009 13:40:45 +0000 (UTC)
	(envelope-from marinosi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 57A308FC16
	for <perforce@FreeBSD.org>; Sat, 15 Aug 2009 13:40:45 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n7FDejWD071668
	for <perforce@FreeBSD.org>; Sat, 15 Aug 2009 13:40:45 GMT
	(envelope-from marinosi@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n7FDejIA071666
	for perforce@freebsd.org; Sat, 15 Aug 2009 13:40:45 GMT
	(envelope-from marinosi@FreeBSD.org)
Date: Sat, 15 Aug 2009 13:40:45 GMT
Message-Id: <200908151340.n7FDejIA071666@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	marinosi@FreeBSD.org using -f
From: Ilias Marinos <marinosi@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 167362 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Aug 2009 13:40:46 -0000

http://perforce.freebsd.org/chv.cgi?CH=167362

Change 167362 by marinosi@marinosi_redrum on 2009/08/15 13:40:29

	- Addded the appropriate mask for the audit_records to be committed directly
	to the filesystem.
	- Added some debugging code.
	
	Record processing is working fine from the appropriate workers. Records
	are not committed to the filesystem yet, because audit_vp is not set up.
	A new syscall to handle this will be added.

Affected files ...

.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#24 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#10 edit

Differences ...

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#24 (text) ====

@@ -794,16 +794,19 @@
 	 */
 	mtx_init(&(as->audit_mtx), "audit_mtx", NULL, MTX_DEF);
 
+	cv_init(&(as->audit_worker_cv), "audit_worker_cv");
+	cv_init(&(as->audit_watermark_cv), "audit_watermark_cv");
+	cv_init(&(as->audit_fail_cv), "audit_fail_cv");
+
 	/*
 	 * For all the != audit_base_slice slices, we should initialize the
 	 * extra needed variables, mutexes etc here.
 	 */
-	if ( as != audit_base_slice )
+	if ( as != audit_base_slice ) {
+		as->audit_enabled = 1;
 		mtx_init(&(as->as_dev_mtx), "as_dev_mtx", NULL, MTX_DEF);
+	}
 
-	cv_init(&(as->audit_worker_cv), "audit_worker_cv");
-	cv_init(&(as->audit_watermark_cv), "audit_watermark_cv");
-	cv_init(&(as->audit_fail_cv), "audit_fail_cv");
 
 }
 
@@ -866,7 +869,6 @@
 	struct kaudit_record *ar = NULL;
 	int error;
 
-	uprintf("IN audit_slice_commit_rec()\n");
 	/*
 	 * XXXRW: This error value seems never to be used?  Possibly we
 	 * should validate the record before calling audit_new, and return
@@ -907,13 +909,19 @@
 	 * base slice may already be using it to record the write
 	 * syscall.
 	 */
-	uprintf("Calling audit_new().\n");
 	ar = audit_new(AUE_NULL, td, as);
 	if (ar == NULL)
 		return (1);
-	uprintf("audit_new() returned a non-NULL ar.\n");
 	
 	/*
+	 * Set the appropriate mask in order to directly commit the BSM rec to
+	 * the filesystem.
+	 */
+	ar->k_ar_commit = 0u;
+	ar->k_ar_commit |= AR_COMMIT_USER;
+	ar->k_ar_commit |= AR_PRESELECT_USER_TRAIL;
+
+	/*
 	 * Note: it could be that some records initiated while audit was
 	 * enabled should still be committed?
 	 */

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#10 (text) ====

@@ -223,7 +223,6 @@
 		}
 	}
 
-	uprintf("Ready to write record!\n");
 	error = vn_rdwr(UIO_WRITE, as->audit_vp, data, len, (off_t)0, UIO_SYSSPACE,
 	    IO_APPEND|IO_UNIT, as->audit_cred, NULL, NULL, curthread);
 	if (error == ENOSPC)
@@ -321,6 +320,7 @@
 	if ((ar->k_ar_commit & AR_COMMIT_USER) &&
 	    (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) {
 		AUDIT_WORKER_LOCK_ASSERT(as);
+		printf("audit_worker_process_record(): Ready to call audit_record_write().\n");
 		audit_record_write(as, ar->k_udata,
 		    ar->k_ulen);
 	}
@@ -407,7 +407,7 @@
 		while (TAILQ_EMPTY(&(as->audit_q)))
 			cv_wait(&(as->audit_worker_cv), &(as->audit_mtx));
 
-		uprintf("audit_worker(): Record in the queue!\n");
+		printf("audit_worker(): Record in the queue!\n");
 		/*
 		 * If there are records in the global audit record queue,
 		 * transfer them to a thread-local queue and process them
@@ -429,8 +429,9 @@
 		mtx_unlock(&(as->audit_mtx));
 		while ((ar = TAILQ_FIRST(&ar_worklist))) {
 			TAILQ_REMOVE(&ar_worklist, ar, k_q);
-			uprintf("audit_worker(): Calling audit_worker_process_record()!\n");
+			printf("audit_worker(): Calling audit_worker_process_record()!\n");
 			audit_worker_process_record(ar, as);
+			printf("audit_worker(): Returned from  audit_worker_process_record()!\n");
 			audit_free(ar);
 		}
 		mtx_lock(&(as->audit_mtx));