From owner-p4-projects@FreeBSD.ORG  Fri Jan 16 19:49:18 2004
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6631C16A4D0; Fri, 16 Jan 2004 19:49:18 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3D32C16A4CE
	for <perforce@freebsd.org>; Fri, 16 Jan 2004 19:49:18 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3A44C43D1D
	for <perforce@freebsd.org>; Fri, 16 Jan 2004 19:49:16 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0H3nG0B042887
	for <perforce@freebsd.org>; Fri, 16 Jan 2004 19:49:16 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0H3nFjl042884
	for perforce@freebsd.org; Fri, 16 Jan 2004 19:49:15 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Fri, 16 Jan 2004 19:49:15 -0800 (PST)
Message-Id: <200401170349.i0H3nFjl042884@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 45473 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2004 03:49:18 -0000

http://perforce.freebsd.org/chv.cgi?CH=45473

Change 45473 by rwatson@rwatson_tislabs on 2004/01/16 19:48:38

	Separate allocation of per-process audit storage from the
	initialization of that storage, so as to share allocation
	functions between kproc0, init, and future processes, and also
	to avoid allocating while holding process locks.  
	
	Initialize the first kernel process using its own hook,
	audit_proc_kproc0(), and employ the init initialization hook,
	audit_proc_init() on the init process.  
	
	Fix a typo in the MAC fix for freeing process state.
	
	Don't free audit storage until we're ready to free the proc,
	or it's zeroed when we try to audit the exit.
	
	Create the audit_worker thread using RFHIGHPID so that it
	doesn't grab pid 1, breaking init.
	
	KASSERT various sorts of things about p_au during the process
	life cycle, such as that it is null when the process is to be
	created, and otherwise non-NULL.  
	
	Some gratuitous parentheses that we'll remove later, but I put
	in to be safe while trying to debug memory corruption.
	
	Audit framework now properly tracks process audit state,
	and appears to safely gather audit records for process exit.

Affected files ...

.. //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 edit

Differences ...

==== //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 (text+ko) ====

@@ -399,7 +399,7 @@
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
 #ifdef AUDIT
 	audit_proc_alloc(p);
-	audit_proc_init(p);
+	audit_proc_kproc0(p);
 #endif
 #ifdef MAC
 	mac_create_proc0(p->p_ucred);
@@ -697,6 +697,9 @@
 #ifdef MAC
 	mac_create_proc1(newcred);
 #endif
+#ifdef AUDIT
+	audit_proc_init(initproc);
+#endif
 	initproc->p_ucred = newcred;
 	PROC_UNLOCK(initproc);
 	crfree(oldcred);

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 (text+ko) ====

@@ -688,9 +688,6 @@
 			 */
 			crfree(p->p_ucred);
 			p->p_ucred = NULL;
-#ifdef AUDIT
-			audit_proc_free(p);
-#endif
 			pargs_drop(p->p_args);
 			p->p_args = NULL;
 			sigacts_free(p->p_sigacts);
@@ -710,6 +707,9 @@
 #ifdef MAC
 			mac_destroy_proc(p);
 #endif
+#ifdef AUDIT
+			audit_proc_free(p);
+#endif
 			KASSERT(FIRST_THREAD_IN_PROC(p),
 			    ("wait1: no residual thread!"));
 			uma_zfree(proc_zone, p);

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 (text+ko) ====

@@ -747,7 +747,7 @@
 			uid);
 	sx_xunlock(&allproc_lock);
 #ifdef MAC
-	mac_proc_destroy(newproc);
+	mac_destroy_proc(newproc);
 #endif
 #ifdef AUDIT
 	audit_proc_free(newproc);

==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 (text+ko) ====

@@ -41,6 +41,7 @@
 #include <sys/ucred.h>
 #include <sys/uio.h>
 #include <sys/un.h>
+#include <sys/unistd.h>
 #include <sys/vnode.h>
 
 #include <security/audit/audit_private.h>
@@ -416,8 +417,8 @@
 	/* Initialize the BSM audit subsystem. */
 	kau_init();
 
-	error = kthread_create(audit_worker, NULL, &audit_thread, 0, 0,
-	    "audit_worker");
+	error = kthread_create(audit_worker, NULL, &audit_thread, RFHIGHPID,
+	    0, "audit_worker");
 	if (error != 0)
 		panic("audit_init: kthread_create returned %d", error);
 }
@@ -1301,7 +1302,10 @@
 audit_proc_alloc(struct proc *p)
 {
 
-	p->p_au = malloc(sizeof(*p->p_au), M_AUDIT, M_WAITOK);
+	KASSERT(p->p_au == NULL, ("audit_proc_alloc: p->p_au != NULL (%d)",
+	    p->p_pid));
+	p->p_au = malloc(sizeof(*(p->p_au)), M_AUDIT, M_WAITOK);
+	//printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au);
 }
 
 /* 
@@ -1311,10 +1315,23 @@
  * session ID, etc. 
  */
 void
+audit_proc_kproc0(struct proc *p)
+{
+
+	KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)",
+	    p->p_pid));
+	//printf("audit_proc_kproc0: pid %d p_au %p\n", p->p_pid, p->p_au);
+	bzero(p->p_au, sizeof(*(p)->p_au));
+}
+
+void
 audit_proc_init(struct proc *p)
 {
 
-	bzero((void *)p->p_au, sizeof(*p->p_au));
+	KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)",
+	    p->p_pid));
+	//printf("audit_proc_init: pid %d p_au %p\n", p->p_pid, p->p_au);
+	bzero(p->p_au, sizeof(*(p)->p_au));
 }
 
 /* 
@@ -1327,6 +1344,14 @@
 
 	PROC_LOCK_ASSERT(parent, MA_OWNED);
 	PROC_LOCK_ASSERT(child, MA_OWNED);
+	KASSERT(parent->p_au != NULL,
+	    ("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid));
+	KASSERT(child->p_au != NULL,
+	    ("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid));
+	//printf("audit_proc_fork: parent pid %d p_au %p\n", parent->p_pid,
+	//    parent->p_au);
+	//printf("audit_proc_fork: child pid %d p_au %p\n", child->p_pid,
+	//    child->p_au);
 	bcopy(parent->p_au, child->p_au, sizeof(*child->p_au));
 }
 
@@ -1337,6 +1362,8 @@
 audit_proc_free(struct proc *p)
 {
 
+	KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid));
+	//printf("audit_proc_free: pid %d p_au %p\n", p->p_pid, p->p_au);
 	free(p->p_au, M_AUDIT);
 	p->p_au = NULL;
 }

==== //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 (text+ko) ====

@@ -155,10 +155,11 @@
 void			 audit_arg_svipc_addr(void *addr);
 
 void			 audit_proc_alloc(struct proc *p);
-void			 audit_proc_init(struct proc *p);
 void			 audit_proc_fork(struct proc *parent, 
 					 struct proc *child);
 void			 audit_proc_free(struct proc *p);
+void			 audit_proc_init(struct proc *p);
+void			 audit_proc_kproc0(struct proc *p);
 
 /*
  * Define a macro to wrap the audit_arg_* calls by checking the global