From owner-svn-src-head@FreeBSD.ORG Fri Nov 14 01:24:53 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FAB41065670; Fri, 14 Nov 2008 01:24:53 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 24D6C8FC08; Fri, 14 Nov 2008 01:24:53 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mAE1Oqrt074762; Fri, 14 Nov 2008 01:24:52 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mAE1OqJD074759; Fri, 14 Nov 2008 01:24:52 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200811140124.mAE1OqJD074759@svn.freebsd.org> From: Robert Watson Date: Fri, 14 Nov 2008 01:24:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r184948 - head/sys/security/audit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2008 01:24:53 -0000 Author: rwatson Date: Fri Nov 14 01:24:52 2008 New Revision: 184948 URL: http://svn.freebsd.org/changeset/base/184948 Log: When repeatedly accessing a thread credential, cache the credential pointer in a local thread. While this is unlikely to significantly improve performance given modern compiler behavior, it makes the code more readable and reduces diffs to the Mac OS X version of the same code (which stores things in creds in the same way, but where the cred for a thread is reached quite differently). Discussed with: sson MFC after: 1 month Sponsored by: Apple Inc. Obtained from: TrustedBSD Project Modified: head/sys/security/audit/audit.c head/sys/security/audit/audit_arg.c head/sys/security/audit/audit_syscalls.c Modified: head/sys/security/audit/audit.c ============================================================================== --- head/sys/security/audit/audit.c Fri Nov 14 00:20:24 2008 (r184947) +++ head/sys/security/audit/audit.c Fri Nov 14 01:24:52 2008 (r184948) @@ -207,6 +207,7 @@ audit_record_ctor(void *mem, int size, v { struct kaudit_record *ar; struct thread *td; + struct ucred *cred; KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size")); @@ -219,15 +220,16 @@ audit_record_ctor(void *mem, int size, v /* * Export the subject credential. */ - cru2x(td->td_ucred, &ar->k_ar.ar_subj_cred); - ar->k_ar.ar_subj_ruid = td->td_ucred->cr_ruid; - ar->k_ar.ar_subj_rgid = td->td_ucred->cr_rgid; - ar->k_ar.ar_subj_egid = td->td_ucred->cr_groups[0]; - ar->k_ar.ar_subj_auid = td->td_ucred->cr_audit.ai_auid; - ar->k_ar.ar_subj_asid = td->td_ucred->cr_audit.ai_asid; + cred = td->td_ucred; + cru2x(cred, &ar->k_ar.ar_subj_cred); + ar->k_ar.ar_subj_ruid = cred->cr_ruid; + ar->k_ar.ar_subj_rgid = cred->cr_rgid; + ar->k_ar.ar_subj_egid = cred->cr_groups[0]; + ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid; + ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid; ar->k_ar.ar_subj_pid = td->td_proc->p_pid; - ar->k_ar.ar_subj_amask = td->td_ucred->cr_audit.ai_mask; - ar->k_ar.ar_subj_term_addr = td->td_ucred->cr_audit.ai_termid; + ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask; + ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid; return (0); } @@ -631,6 +633,7 @@ audit_proc_coredump(struct thread *td, c { struct kaudit_record *ar; struct au_mask *aumask; + struct ucred *cred; au_class_t class; int ret, sorf; char **pathp; @@ -641,11 +644,12 @@ audit_proc_coredump(struct thread *td, c /* * Make sure we are using the correct preselection mask. */ - auid = td->td_ucred->cr_audit.ai_auid; + cred = td->td_ucred; + auid = cred->cr_audit.ai_auid; if (auid == AU_DEFAUDITID) aumask = &audit_nae_mask; else - aumask = &td->td_ucred->cr_audit.ai_mask; + aumask = &cred->cr_audit.ai_mask; /* * It's possible for coredump(9) generation to fail. Make sure that * we handle this case correctly for preselection. @@ -658,6 +662,7 @@ audit_proc_coredump(struct thread *td, c if (au_preselect(AUE_CORE, class, aumask, sorf) == 0 && audit_pipe_preselect(auid, AUE_CORE, class, sorf, 0) == 0) return; + /* * If we are interested in seeing this audit record, allocate it. * Where possible coredump records should contain a pathname and arg32 Modified: head/sys/security/audit/audit_arg.c ============================================================================== --- head/sys/security/audit/audit_arg.c Fri Nov 14 00:20:24 2008 (r184947) +++ head/sys/security/audit/audit_arg.c Fri Nov 14 01:24:52 2008 (r184948) @@ -356,6 +356,7 @@ void audit_arg_process(struct proc *p) { struct kaudit_record *ar; + struct ucred *cred; KASSERT(p != NULL, ("audit_arg_process: p == NULL")); @@ -365,13 +366,14 @@ audit_arg_process(struct proc *p) if (ar == NULL) return; - ar->k_ar.ar_arg_auid = p->p_ucred->cr_audit.ai_auid; - ar->k_ar.ar_arg_euid = p->p_ucred->cr_uid; - ar->k_ar.ar_arg_egid = p->p_ucred->cr_groups[0]; - ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid; - ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid; - ar->k_ar.ar_arg_asid = p->p_ucred->cr_audit.ai_asid; - ar->k_ar.ar_arg_termid_addr = p->p_ucred->cr_audit.ai_termid; + cred = p->p_ucred; + ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid; + ar->k_ar.ar_arg_euid = cred->cr_uid; + ar->k_ar.ar_arg_egid = cred->cr_groups[0]; + ar->k_ar.ar_arg_ruid = cred->cr_ruid; + ar->k_ar.ar_arg_rgid = cred->cr_rgid; + ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid; + ar->k_ar.ar_arg_termid_addr = cred->cr_audit.ai_termid; ar->k_ar.ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS); Modified: head/sys/security/audit/audit_syscalls.c ============================================================================== --- head/sys/security/audit/audit_syscalls.c Fri Nov 14 00:20:24 2008 (r184947) +++ head/sys/security/audit/audit_syscalls.c Fri Nov 14 01:24:52 2008 (r184948) @@ -157,7 +157,7 @@ free_out: int auditon(struct thread *td, struct auditon_args *uap) { - struct ucred *newcred, *oldcred; + struct ucred *cred, *newcred, *oldcred; int error; union auditon_udata udata; struct proc *tp; @@ -321,22 +321,21 @@ auditon(struct thread *td, struct audito PROC_UNLOCK(tp); return (error); } - if (tp->p_ucred->cr_audit.ai_termid.at_type == AU_IPv6) { + cred = tp->p_ucred; + if (cred->cr_audit.ai_termid.at_type == AU_IPv6) { PROC_UNLOCK(tp); return (EINVAL); } - udata.au_aupinfo.ap_auid = - tp->p_ucred->cr_audit.ai_auid; + udata.au_aupinfo.ap_auid = cred->cr_audit.ai_auid; udata.au_aupinfo.ap_mask.am_success = - tp->p_ucred->cr_audit.ai_mask.am_success; + cred->cr_audit.ai_mask.am_success; udata.au_aupinfo.ap_mask.am_failure = - tp->p_ucred->cr_audit.ai_mask.am_failure; + cred->cr_audit.ai_mask.am_failure; udata.au_aupinfo.ap_termid.machine = - tp->p_ucred->cr_audit.ai_termid.at_addr[0]; + cred->cr_audit.ai_termid.at_addr[0]; udata.au_aupinfo.ap_termid.port = - (dev_t)tp->p_ucred->cr_audit.ai_termid.at_port; - udata.au_aupinfo.ap_asid = - tp->p_ucred->cr_audit.ai_asid; + (dev_t)cred->cr_audit.ai_termid.at_port; + udata.au_aupinfo.ap_asid = cred->cr_audit.ai_asid; PROC_UNLOCK(tp); break; @@ -381,16 +380,14 @@ auditon(struct thread *td, struct audito return (ESRCH); if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL) return (ESRCH); - udata.au_aupinfo_addr.ap_auid = - tp->p_ucred->cr_audit.ai_auid; + cred = tp->p_ucred; + udata.au_aupinfo_addr.ap_auid = cred->cr_audit.ai_auid; udata.au_aupinfo_addr.ap_mask.am_success = - tp->p_ucred->cr_audit.ai_mask.am_success; + cred->cr_audit.ai_mask.am_success; udata.au_aupinfo_addr.ap_mask.am_failure = - tp->p_ucred->cr_audit.ai_mask.am_failure; - udata.au_aupinfo_addr.ap_termid = - tp->p_ucred->cr_audit.ai_termid; - udata.au_aupinfo_addr.ap_asid = - tp->p_ucred->cr_audit.ai_asid; + cred->cr_audit.ai_mask.am_failure; + udata.au_aupinfo_addr.ap_termid = cred->cr_audit.ai_termid; + udata.au_aupinfo_addr.ap_asid = cred->cr_audit.ai_asid; PROC_UNLOCK(tp); break; @@ -503,21 +500,23 @@ int getaudit(struct thread *td, struct getaudit_args *uap) { struct auditinfo ai; + struct ucred *cred; int error; - if (jailed(td->td_ucred)) + cred = td->td_ucred; + if (jailed(cred)) return (ENOSYS); error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); - if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6) + if (cred->cr_audit.ai_termid.at_type == AU_IPv6) return (ERANGE); bzero(&ai, sizeof(ai)); - ai.ai_auid = td->td_ucred->cr_audit.ai_auid; - ai.ai_mask = td->td_ucred->cr_audit.ai_mask; - ai.ai_asid = td->td_ucred->cr_audit.ai_asid; - ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0]; - ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port; + ai.ai_auid = cred->cr_audit.ai_auid; + ai.ai_mask = cred->cr_audit.ai_mask; + ai.ai_asid = cred->cr_audit.ai_asid; + ai.ai_termid.machine = cred->cr_audit.ai_termid.at_addr[0]; + ai.ai_termid.port = cred->cr_audit.ai_termid.at_port; return (copyout(&ai, uap->auditinfo, sizeof(ai))); }