From owner-p4-projects@FreeBSD.ORG  Wed Aug  5 21:16:58 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 33F8B1065675; Wed,  5 Aug 2009 21:16:58 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E4B8E1065674
	for <perforce@freebsd.org>; Wed,  5 Aug 2009 21:16:57 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id CA8248FC23
	for <perforce@freebsd.org>; Wed,  5 Aug 2009 21:16:57 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n75LGvrZ013106
	for <perforce@freebsd.org>; Wed, 5 Aug 2009 21:16:57 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n75LGv2Q013104
	for perforce@freebsd.org; Wed, 5 Aug 2009 21:16:57 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Wed, 5 Aug 2009 21:16:57 GMT
Message-Id: <200908052116.n75LGv2Q013104@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 167052 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2009 21:16:59 -0000

http://perforce.freebsd.org/chv.cgi?CH=167052

Change 167052 by rwatson@rwatson_cinnamon on 2009/08/05 21:15:57

	For now, rather than exposing audit_slice throughout the kernel,
	cache audit_base_slice's enabled/suspended flags in the previously
	used globals.  Possibly not just "for now" since this also makes
	the per-syscall check more performant.

Affected files ...

.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#11 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.h#4 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#7 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#5 edit

Differences ...

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#11 (text) ====

@@ -84,6 +84,19 @@
 SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
     "TrustedBSD audit controls");
 
+/*
+ * Audit control settings that are set/read by system calls and are hence
+ * non-static.
+ *
+ * Define the audit control flags.
+ *
+ * XXXRW: Cache audit_base_slice->audit_enabled and
+ * audit_base_slice->audit_suspended in globals so that we can avoid
+ * dereferencing audit_base_slice for every system call entry.
+ */
+int			audit_enabled;
+int			audit_suspended;
+
 /* 
  * The base audit slice statically declared.
  */

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.h#4 (text) ====

@@ -52,8 +52,6 @@
  * observed but should not be directly manipulated.  The audit suspension
  * flag permits audit to be temporarily disabled without reconfiguring the
  * audit target.
- *
- * XXXRW: These are no longer needed if they're per-slice.
  */
 extern int	audit_enabled;
 extern int	audit_suspended;
@@ -193,12 +191,8 @@
 } while (0)
 
 
-/*
- * XXXRW: Perhaps we should have audit_base_enabled or such as a global to
- * avoid an extra pointer deref for every syscall?
- */
 #define	AUDIT_SYSCALL_ENTER(code, td)	do {				\
-	if (audit_base_slice->audit_enabled) {				\
+	if (audit_enabled) {						\
 		audit_syscall_enter(code, td);				\
 	}								\
 } while (0)

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#7 (text) ====

@@ -397,6 +397,7 @@
 				audit_base_slice->audit_suspended = 1;
 				audit_shutdown(NULL, 0);
 			}
+			audit_suspended = audit_base_slice->audit_suspended;
 			break;
 		}
 		if (uap->length != sizeof(udata.au_cond))
@@ -409,6 +410,7 @@
 			audit_base_slice->audit_suspended = 1;
 			audit_shutdown(NULL, 0);
 		}
+		audit_suspended = audit_base_slice->audit_suspended;
 		break;
 
 	case A_GETCLASS:
@@ -856,6 +858,7 @@
 	 * audit_worker?
 	 */
 	audit_base_slice->audit_suspended = 0;
+	audit_suspended = audit_base_slice->audit_suspended;
 
 	audit_rotate_vnode(cred, vp);
 

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#5 (text) ====

@@ -265,6 +265,7 @@
 	}
 	(void)audit_send_trigger(AUDIT_TRIGGER_NO_SPACE);
 	as->audit_suspended = 1;
+	audit_suspended = as->audit_suspended;
 
 	/* FALLTHROUGH */
 fail:
@@ -469,6 +470,7 @@
 	as->audit_vp = vp;
 	as->audit_file_rotate_wait = 0;
 	as->audit_enabled = (as->audit_vp != NULL);
+	audit_enabled = as->audit_enabled;
 	AUDIT_WORKER_UNLOCK();
 
 	/*