Date: Fri, 16 Jan 2004 19:49:15 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 45473 for review Message-ID: <200401170349.i0H3nFjl042884@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=45473 Change 45473 by rwatson@rwatson_tislabs on 2004/01/16 19:48:38 Separate allocation of per-process audit storage from the initialization of that storage, so as to share allocation functions between kproc0, init, and future processes, and also to avoid allocating while holding process locks. Initialize the first kernel process using its own hook, audit_proc_kproc0(), and employ the init initialization hook, audit_proc_init() on the init process. Fix a typo in the MAC fix for freeing process state. Don't free audit storage until we're ready to free the proc, or it's zeroed when we try to audit the exit. Create the audit_worker thread using RFHIGHPID so that it doesn't grab pid 1, breaking init. KASSERT various sorts of things about p_au during the process life cycle, such as that it is null when the process is to be created, and otherwise non-NULL. Some gratuitous parentheses that we'll remove later, but I put in to be safe while trying to debug memory corruption. Audit framework now properly tracks process audit state, and appears to safely gather audit records for process exit. Affected files ... .. //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 edit .. //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 edit .. //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 edit .. //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 edit .. //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 edit Differences ... ==== //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 (text+ko) ==== @@ -399,7 +399,7 @@ p->p_ucred->cr_prison = NULL; /* Don't jail it. */ #ifdef AUDIT audit_proc_alloc(p); - audit_proc_init(p); + audit_proc_kproc0(p); #endif #ifdef MAC mac_create_proc0(p->p_ucred); @@ -697,6 +697,9 @@ #ifdef MAC mac_create_proc1(newcred); #endif +#ifdef AUDIT + audit_proc_init(initproc); +#endif initproc->p_ucred = newcred; PROC_UNLOCK(initproc); crfree(oldcred); ==== //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 (text+ko) ==== @@ -688,9 +688,6 @@ */ crfree(p->p_ucred); p->p_ucred = NULL; -#ifdef AUDIT - audit_proc_free(p); -#endif pargs_drop(p->p_args); p->p_args = NULL; sigacts_free(p->p_sigacts); @@ -710,6 +707,9 @@ #ifdef MAC mac_destroy_proc(p); #endif +#ifdef AUDIT + audit_proc_free(p); +#endif KASSERT(FIRST_THREAD_IN_PROC(p), ("wait1: no residual thread!")); uma_zfree(proc_zone, p); ==== //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 (text+ko) ==== @@ -747,7 +747,7 @@ uid); sx_xunlock(&allproc_lock); #ifdef MAC - mac_proc_destroy(newproc); + mac_destroy_proc(newproc); #endif #ifdef AUDIT audit_proc_free(newproc); ==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 (text+ko) ==== @@ -41,6 +41,7 @@ #include <sys/ucred.h> #include <sys/uio.h> #include <sys/un.h> +#include <sys/unistd.h> #include <sys/vnode.h> #include <security/audit/audit_private.h> @@ -416,8 +417,8 @@ /* Initialize the BSM audit subsystem. */ kau_init(); - error = kthread_create(audit_worker, NULL, &audit_thread, 0, 0, - "audit_worker"); + error = kthread_create(audit_worker, NULL, &audit_thread, RFHIGHPID, + 0, "audit_worker"); if (error != 0) panic("audit_init: kthread_create returned %d", error); } @@ -1301,7 +1302,10 @@ audit_proc_alloc(struct proc *p) { - p->p_au = malloc(sizeof(*p->p_au), M_AUDIT, M_WAITOK); + KASSERT(p->p_au == NULL, ("audit_proc_alloc: p->p_au != NULL (%d)", + p->p_pid)); + p->p_au = malloc(sizeof(*(p->p_au)), M_AUDIT, M_WAITOK); + //printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au); } /* @@ -1311,10 +1315,23 @@ * session ID, etc. */ void +audit_proc_kproc0(struct proc *p) +{ + + KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)", + p->p_pid)); + //printf("audit_proc_kproc0: pid %d p_au %p\n", p->p_pid, p->p_au); + bzero(p->p_au, sizeof(*(p)->p_au)); +} + +void audit_proc_init(struct proc *p) { - bzero((void *)p->p_au, sizeof(*p->p_au)); + KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)", + p->p_pid)); + //printf("audit_proc_init: pid %d p_au %p\n", p->p_pid, p->p_au); + bzero(p->p_au, sizeof(*(p)->p_au)); } /* @@ -1327,6 +1344,14 @@ PROC_LOCK_ASSERT(parent, MA_OWNED); PROC_LOCK_ASSERT(child, MA_OWNED); + KASSERT(parent->p_au != NULL, + ("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid)); + KASSERT(child->p_au != NULL, + ("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid)); + //printf("audit_proc_fork: parent pid %d p_au %p\n", parent->p_pid, + // parent->p_au); + //printf("audit_proc_fork: child pid %d p_au %p\n", child->p_pid, + // child->p_au); bcopy(parent->p_au, child->p_au, sizeof(*child->p_au)); } @@ -1337,6 +1362,8 @@ audit_proc_free(struct proc *p) { + KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid)); + //printf("audit_proc_free: pid %d p_au %p\n", p->p_pid, p->p_au); free(p->p_au, M_AUDIT); p->p_au = NULL; } ==== //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 (text+ko) ==== @@ -155,10 +155,11 @@ void audit_arg_svipc_addr(void *addr); void audit_proc_alloc(struct proc *p); -void audit_proc_init(struct proc *p); void audit_proc_fork(struct proc *parent, struct proc *child); void audit_proc_free(struct proc *p); +void audit_proc_init(struct proc *p); +void audit_proc_kproc0(struct proc *p); /* * Define a macro to wrap the audit_arg_* calls by checking the global
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401170349.i0H3nFjl042884>