From owner-p4-projects@FreeBSD.ORG Sat Jun 5 17:17:17 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3A8C81065687; Sat, 5 Jun 2010 17:17:17 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0EEE1065679 for ; Sat, 5 Jun 2010 17:17:16 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from repoman.freebsd.org (unknown [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id DDD698FC15 for ; Sat, 5 Jun 2010 17:17:16 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o55HHGj2014795 for ; Sat, 5 Jun 2010 17:17:16 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o55HHGAP014793 for perforce@freebsd.org; Sat, 5 Jun 2010 17:17:16 GMT (envelope-from gpf@FreeBSD.org) Date: Sat, 5 Jun 2010 17:17:16 GMT Message-Id: <201006051717.o55HHGAP014793@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 179225 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jun 2010 17:17:17 -0000 http://p4web.freebsd.org/@@179225?ac=10 Change 179225 by gpf@gpf_desktop on 2010/06/05 17:17:12 - experimental nfs server: made all changes so that vnode information will be gathered in all of nfsv2&3 operations. Also keeping track of 'ioflags' arg for vop_read/write and 'file mode' arg for vops that create new files. - smp stuff: AUDIT_ARG_VNODE1 requires a locked vfs and a locked vnode. In current nfsserver, I haven't paid attention to either. In the experimental nfsserver, vfs is locked before a v2 or 3 rpc is serviced and vp is always locked, except for some cases where the file is being created by the vop. Also, in current nfsserver my implementation is a little racy as I don't hold any references to the vnode that I'm auditing at the time of the rpc; there's a slight chance that after the rpc is serviced, but before audit code, the vnode will be destroyed by some other kernel call. Come tommorow, I'll work on making my changes smp safe. - removed a silly useless line in dir_ilookup() Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdport.c#4 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/ufs/ffs/ffs_vnops.c#6 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdport.c#4 (text+ko) ==== @@ -44,6 +44,7 @@ #include #include #include +#include extern u_int32_t newnfs_true, newnfs_false, newnfs_xdrneg1; extern int nfsv4root_set; @@ -636,6 +637,7 @@ uiop->uio_resid = len; uiop->uio_rw = UIO_READ; uiop->uio_segflg = UIO_SYSSPACE; + AUDIT_ARG_FFLAGS(IO_NODELOCKED | ioflag); error = VOP_READ(vp, uiop, IO_NODELOCKED | ioflag, cred); FREE((caddr_t)iv2, M_TEMP); if (error) { @@ -701,6 +703,7 @@ uiop->uio_segflg = UIO_SYSSPACE; NFSUIOPROC(uiop, p); uiop->uio_offset = off; + AUDIT_ARG_FFLAGS(ioflags); error = VOP_WRITE(vp, uiop, ioflags, cred); FREE((caddr_t)iv, M_TEMP); return (error); @@ -721,6 +724,7 @@ if (!error && ndp->ni_vp == NULL) { if (nvap->na_type == VREG || nvap->na_type == VSOCK) { vrele(ndp->ni_startdir); + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -752,6 +756,7 @@ return (error); } nvap->na_rdev = rdev; + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_MKNOD(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -828,6 +833,7 @@ } if (vtyp == VSOCK) { vrele(ndp->ni_startdir); + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -840,6 +846,7 @@ vput(ndp->ni_dvp); return (error); } + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_MKNOD(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -872,6 +879,7 @@ nfsvno_relpathbuf(ndp); return (EEXIST); } + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_MKDIR(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -900,6 +908,7 @@ return (EEXIST); } + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); error = VOP_SYMLINK(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr, pathcp); vput(ndp->ni_dvp); @@ -1292,6 +1301,7 @@ if (!nd->nd_repstat) { if (ndp->ni_vp == NULL) { vrele(ndp->ni_startdir); + AUDIT_ARG_MODE(nvap->na_vattr.va_mode); nd->nd_repstat = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, &nvap->na_vattr); vput(ndp->ni_dvp); @@ -1432,6 +1442,9 @@ struct uio io; struct iovec iv; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); + if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); return (0); @@ -1678,6 +1691,9 @@ struct iovec iv; struct componentname cn; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); + if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); return (0); ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#3 (text+ko) ==== @@ -53,6 +53,7 @@ extern struct timeval nfsboottime; extern int nfs_rootfhset, nfsv4root_set; #endif /* !APPLEKEXT */ +#include /* * This list defines the GSS mechanisms supported. @@ -90,6 +91,8 @@ u_int32_t testmode, nfsmode, supported = 0; accmode_t deletebit; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, 1, &nva); return (0); @@ -173,6 +176,8 @@ struct nfsreferral *refp; nfsattrbit_t attrbits; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) return (0); if (nd->nd_flag & ND_NFSV4) { @@ -237,6 +242,8 @@ nfsv4stateid_t stateid; NFSACL_T *aclp = NULL; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_wcc(nd, preat_ret, &nva2, postat_ret, &nva); return (0); @@ -467,6 +474,8 @@ vrele(named.ni_startdir); nfsvno_relpathbuf(&named); vp = named.ni_vp; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); nd->nd_repstat = nfsvno_getfh(vp, fhp, p, named.ni_dvp); if (named.ni_dvp) vrele(named.ni_dvp); @@ -512,6 +521,8 @@ int getret = 1, len; struct nfsvattr nva; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &nva); return (0); @@ -557,6 +568,8 @@ nfsv4stateid_t stateid; nfsquad_t clientid; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &nva); return (0); @@ -712,6 +725,8 @@ nfsv4stateid_t stateid; nfsquad_t clientid; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_wcc(nd, forat_ret, &forat, aftat_ret, &nva); return (0); @@ -992,6 +1007,8 @@ &exclusive_flag, cverf, rdev, p, exp); if (!nd->nd_repstat) { + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); nd->nd_repstat = nfsvno_getfh(vp, &fh, p, named.ni_dvp); if (!nd->nd_repstat) nd->nd_repstat = nfsvno_getattr(vp, &nva, nd->nd_cred, @@ -1213,8 +1230,10 @@ } nd->nd_repstat = nfsvno_mknod(&named, &nva, nd->nd_cred, p); - if (!nd->nd_repstat) { + if (!nd->nd_repstat) { vp = named.ni_vp; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); nfsrv_fixattr(nd, vp, &nva, aclp, p, &attrbits, exp); nd->nd_repstat = nfsvno_getfh(vp, fhp, p, named.ni_dvp); if ((nd->nd_flag & ND_NFSV3) && !nd->nd_repstat) @@ -1440,6 +1459,8 @@ /* * Done parsing, now down to business. */ + if (fromnd.ni_vp != NULL) + AUDIT_ARG_VNODE1(fromnd.ni_vp); nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { @@ -1512,6 +1533,8 @@ char *bufp; u_long *hashp; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); nfsrv_wcc(nd, dirfor_ret, &dirfor, diraft_ret, &diraft); @@ -1661,10 +1684,12 @@ if (!nd->nd_repstat) { if (dirp != NULL) dirfor_ret = nfsvno_getattr(dirp, &dirfor, nd->nd_cred, - p); + p); nfsrvd_symlinksub(nd, &named, &nva, fhp, vpp, dirp, &dirfor, &diraft, &diraft_ret, NULL, NULL, p, exp, pathcp, pathlen); + if (named.ni_vp != NULL) + AUDIT_ARG_VNODE1(named.ni_vp); } else if (dirp != NULL) { dirfor_ret = nfsvno_getattr(dirp, &dirfor, nd->nd_cred, p); vrele(dirp); @@ -1798,7 +1823,8 @@ */ nfsrvd_mkdirsub(nd, &named, &nva, fhp, vpp, dirp, &dirfor, &diraft, &diraft_ret, NULL, NULL, p, exp); - + if (named.ni_vp != NULL) + AUDIT_ARG_VNODE1(named.ni_vp); if (nd->nd_flag & ND_NFSV3) { if (!nd->nd_repstat) { (void) nfsm_fhtom(nd, (u_int8_t *)fhp, 0, 1); @@ -1872,6 +1898,8 @@ int error = 0, for_ret = 1, aft_ret = 1, cnt; u_int64_t off; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_wcc(nd, for_ret, &bfor, aft_ret, &aft); return (0); @@ -1917,6 +1945,8 @@ struct statfs sfs; u_quad_t tval; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); return (0); @@ -1970,6 +2000,8 @@ int getret = 1; struct nfsvattr at; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); return (0); @@ -2006,6 +2038,8 @@ register_t linkmax, namemax, chownres, notrunc; struct nfsvattr at; + if (vp != NULL) + AUDIT_ARG_VNODE1(vp); if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); return (0); ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/ufs/ffs/ffs_vnops.c#6 (text+ko) ==== @@ -1920,7 +1920,6 @@ if (!error) { foundit = 1; - error = 0; break; } }