Date: Wed, 5 Oct 2005 23:22:07 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 84872 for review Message-ID: <200510052322.j95NM7DF083492@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=84872 Change 84872 by wsalamon@gretsch on 2005/10/05 23:21:29 Move the extern declares of the audit control variables to the private header file. Clean up kern_audit.c by removing dead code, renaming the record free function to be more descriptive, some better comments. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#7 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#3 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#44 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#7 (text+ko) ==== @@ -42,6 +42,16 @@ #endif /* + * Audit control variables that are usually set/read via system calls + * and used to control various aspects of auditing. + */ +extern struct au_qctrl audit_qctrl; +extern struct audit_fstat audit_fstat; +extern struct au_mask audit_nae_mask; +extern int audit_panic_on_write_fail; +extern int audit_fail_stop; + +/* * Success/failure conditions for the conversion of a kernel audit record to * BSM format. */ ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#3 (text+ko) ==== @@ -34,13 +34,6 @@ #ifdef AUDIT -/* XXX replace these externs with accessor functions? */ -extern struct au_qctrl audit_qctrl; -extern struct audit_fstat audit_fstat; -extern struct au_mask audit_nae_mask; -extern int audit_panic_on_write_fail; -extern int audit_fail_stop; - /* * MPSAFE * ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#44 (text+ko) ==== @@ -83,11 +83,38 @@ MALLOC_DEFINE(M_AUDIT, "audit", "Audit event records"); +/* + * Audit control settings that are set/read by system calls and are + * hence non-static. + */ /* * Define the audit control flags. */ -int audit_enabled; -int audit_suspended; +int audit_enabled; +int audit_suspended; + +/* + * Flags controlling behavior in low storage situations. + * Should we panic if a write fails? Should we fail stop + * if we're out of disk space? + */ +int audit_panic_on_write_fail; +int audit_fail_stop; + +/* + * Audit queue control settings (minimum free, low/high water marks, etc.) + */ +struct au_qctrl audit_qctrl; + +/* + * Global audit statistiscs. + */ +struct audit_fstat audit_fstat; + +/* + * Preselection mask for non-attributable events. + */ +struct au_mask audit_nae_mask; /* * Mutex to protect global variables shared between various threads and @@ -155,42 +182,21 @@ */ static struct cv audit_fail_cv; -/* XXX make a function to access this variable, then make it static */ -struct au_qctrl audit_qctrl; - -/* - * Global audit statistiscs. - */ -/* XXX make a function to access this variable, then make it static */ -struct audit_fstat audit_fstat; - -/* - Preselection mask for non-attributable events. - */ -/* XXX make a function to access this variable, then make it static */ -struct au_mask audit_nae_mask; - /* * Flags related to Kernel->user-space communication. */ static int audit_file_rotate_wait; /* - * Flags controlling behavior in low storage situations. - * Should we panic if a write fails? Should we fail stop - * if we're out of disk space? Are we currently "failing - * stop" due to out of disk space? + * Are we currently "failing stop" due to out of disk space? */ -/* XXX make a function to access these variables, then make them static */ -int audit_panic_on_write_fail; -int audit_fail_stop; static int audit_in_failure; /* - * XXXAUDIT: For consistency, perhaps audit_record_free()? + * Perform a deep free of an audit record (core record and referenced objects) */ static void -audit_free(struct kaudit_record *ar) +audit_record_free(struct kaudit_record *ar) { if (ar->k_ar.ar_arg_upath1 != NULL) { @@ -510,7 +516,8 @@ * conditional allocation and queueing. Go back to * waiting when we're done. * - * XXX: We go out of our way to avoid calling audit_free() + * XXX: We go out of our way to avoid calling + * audit_record_free(). * with the audit_mtx held, to avoid a lock order reversal * as free() may grab Giant. This should be fixed at * some point. @@ -527,7 +534,7 @@ mtx_unlock(&audit_mtx); while ((ar = TAILQ_FIRST(&ar_worklist))) { TAILQ_REMOVE(&ar_worklist, ar, k_q); - audit_free(ar); + audit_record_free(ar); } mtx_lock(&audit_mtx); continue; @@ -540,7 +547,8 @@ * records and perform our own clustering, if the lower * layers aren't doing it automatically enough. * - * XXX: We go out of our way to avoid calling audit_free() + * XXX: We go out of our way to avoid calling + * audit_record_free() * with the audit_mtx held, to avoid a lock order reversal * as free() may grab Giant. This should be fixed at * some point. @@ -569,7 +577,7 @@ printf("audit_worker: write error %d\n", error); } - audit_free(ar); + audit_record_free(ar); } mtx_lock(&audit_mtx); } @@ -683,11 +691,6 @@ "audit_worker (flag " "now %d)\n", audit_replacement_flag)); mtx_unlock(&audit_mtx); - /* XXX Need to figure out how the kernel->userspace file full - * signalling will take place. - * - * XXXAUDIT: This comment may now be obsolete. - */ audit_file_rotate_wait = 0; /* We can now request another rotation */ } @@ -793,20 +796,6 @@ /* * MPSAFE - * XXXAUDIT: So far, this is unused, and should probably be GC'd. - */ -void -audit_abort(struct kaudit_record *ar) -{ - - mtx_lock(&audit_mtx); - audit_pre_q_len--; - mtx_unlock(&audit_mtx); - audit_free(ar); -} - -/* - * MPSAFE */ void audit_commit(struct kaudit_record *ar, int error, int retval) @@ -863,7 +852,7 @@ mtx_lock(&audit_mtx); audit_pre_q_len--; mtx_unlock(&audit_mtx); - audit_free(ar); + audit_record_free(ar); return; } @@ -889,7 +878,7 @@ if (audit_suspended || !audit_enabled) { audit_pre_q_len--; mtx_unlock(&audit_mtx); - audit_free(ar); + audit_record_free(ar); return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510052322.j95NM7DF083492>