From owner-p4-projects@FreeBSD.ORG Sat Feb 25 03:24:56 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A40FB16A423; Sat, 25 Feb 2006 03:24:55 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4213A16A422 for ; Sat, 25 Feb 2006 03:24:55 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE79F43D46 for ; Sat, 25 Feb 2006 03:24:54 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1P3OsTc056037 for ; Sat, 25 Feb 2006 03:24:54 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1P3OsKe056034 for perforce@freebsd.org; Sat, 25 Feb 2006 03:24:54 GMT (envelope-from wsalamon@computer.org) Date: Sat, 25 Feb 2006 03:24:54 GMT Message-Id: <200602250324.k1P3OsKe056034@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 92369 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 03:24:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=92369 Change 92369 by wsalamon@gretsch on 2006/02/25 03:23:59 Cleanups done in preparation for merge into FreeBSD CVS: - Remove unecessary linefeeds - Audit the vnode only when the vnode lock and reference are held - Move some vnode auditing into the actual system call, out of the kern_xxx function in order to avoid duplicated auditing of the vnode: once during namei lookup and once in the kern_xxx function Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 (text+ko) ==== @@ -194,8 +194,7 @@ if (jailed(td->td_ucred) && !prison_quotas) return (EPERM); mtx_lock(&Giant); - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) { mtx_unlock(&Giant); return (error); @@ -329,16 +328,16 @@ if (error) return (error); vp = fp->f_vnode; +#ifdef AUDIT + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, vp, ARG_VNODE1); + VOP_UNLOCK(vp, 0, td); +#endif mp = vp->v_mount; fdrop(fp, td); if (vp->v_iflag & VI_DOOMED) return (EBADF); mtx_lock(&Giant); -#ifdef AUDIT - vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); - VOP_UNLOCK(fp->f_vnode, 0, td); -#endif #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { @@ -2375,7 +2374,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_flags = flags; #ifdef MAC @@ -2476,6 +2474,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfflags(td, fp->f_vnode, uap->flags); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2611,7 +2614,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfmode(td, fp->f_vnode, uap->mode); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2636,7 +2643,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_uid = uid; vattr.va_gid = gid; @@ -2765,6 +2771,11 @@ if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setfown(td, fp->f_vnode, uap->uid, uap->gid); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -2825,7 +2836,6 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, vp, ARG_VNODE1); setbirthtime = 0; if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred, td) == 0 && timespeccmp(&ts[1], &vattr.va_birthtime, < )) @@ -2883,8 +2893,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -2928,8 +2937,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -2976,6 +2984,11 @@ if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0) return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); +#ifdef AUDIT + vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + VOP_UNLOCK(fp->f_vnode, 0, td); +#endif error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); @@ -3017,8 +3030,7 @@ if (length < 0) return(EINVAL); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - td); + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -3090,7 +3102,7 @@ goto drop; VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC @@ -3195,10 +3207,10 @@ return (error); vp = fp->f_vnode; vfslocked = VFS_LOCK_GIANT(vp->v_mount); - AUDIT_ARG(vnode, vp, ARG_VNODE1); if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) goto drop; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + AUDIT_ARG(vnode, vp, ARG_VNODE1); if (vp->v_object != NULL) { VM_OBJECT_LOCK(vp->v_object); vm_object_page_clean(vp->v_object, 0, 0, 0); @@ -3712,7 +3724,6 @@ AUDIT_ARG(fd, uap->fd); if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0) return (error); - if ((fp->f_flag & FREAD) == 0) { fdrop(fp, td); return (EBADF); @@ -3734,7 +3745,7 @@ auio.uio_resid = uap->count; /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); loff = auio.uio_offset = fp->f_offset; #ifdef MAC error = mac_check_vnode_readdir(td->td_ucred, vp);