Date: Sat, 25 Feb 2006 03:24:54 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92369 for review Message-ID: <200602250324.k1P3OsKe056034@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92369 Change 92369 by wsalamon@gretsch on 2006/02/25 03:23:59 Cleanups done in preparation for merge into FreeBSD CVS: - Remove unecessary linefeeds - Audit the vnode only when the vnode lock and reference are held - Move some vnode auditing into the actual system call, out of the kern_xxx function in order to avoid duplicated auditing of the vnode: once during namei lookup and once in the kern_xxx function Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 (text+ko) ==== @@ -194,8 +194,7 @@ if (jailed(td->td_ucred) && !prison_quotas) return (EPERM); mtx_lock(&Giant); - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) { mtx_unlock(&Giant); return (error); @@ -329,16 +328,16 @@ if (error) return (error); vp = fp->f_vnode; +#ifdef AUDIT + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, vp, ARG_VNODE1); + VOP_UNLOCK(vp, 0, td); +#endif mp = vp->v_mount; fdrop(fp, td); if (vp->v_iflag & VI_DOOMED) return (EBADF); mtx_lock(&Giant); -#ifdef AUDIT - vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); - VOP_UNLOCK(fp->f_vnode, 0, td); -#endif #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { @@ -2375,7 +2374,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_flags = flags; #ifdef MAC @@ -2476,6 +2474,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfflags(td, fp->f_vnode, uap->flags); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2611,7 +2614,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfmode(td, fp->f_vnode, uap->mode); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2636,7 +2643,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_uid = uid; vattr.va_gid = gid; @@ -2765,6 +2771,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfown(td, fp->f_vnode, uap->uid, uap->gid); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2825,7 +2836,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); setbirthtime = 0; if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred, td) == 0 && timespeccmp(&ts[1], &vattr.va_birthtime, < )) @@ -2883,8 +2893,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -2928,8 +2937,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -2976,6 +2984,11 @@ if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -3017,8 +3030,7 @@ if (length < 0) return(EINVAL); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -3090,7 +3102,7 @@ goto drop; VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC @@ -3195,10 +3207,10 @@ return (error); vp = fp->f_vnode; vfslocked = VFS_LOCK_GIANT(vp->v_mount); - AUDIT_ARG(vnode, vp, ARG_VNODE1); if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) goto drop; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, vp, ARG_VNODE1); if (vp->v_object != NULL) { VM_OBJECT_LOCK(vp->v_object); vm_object_page_clean(vp->v_object, 0, 0, 0); @@ -3712,7 +3724,6 @@ AUDIT_ARG(fd, uap->fd); if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); - if ((fp->f_flag & FREAD) == 0) { fdrop(fp, td); return (EBADF); @@ -3734,7 +3745,7 @@ auio.uio_resid = uap->count; /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); loff = auio.uio_offset = fp->f_offset; #ifdef MAC error = mac_check_vnode_readdir(td->td_ucred, vp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602250324.k1P3OsKe056034>