Date: Fri, 14 Aug 2009 15:54:43 GMT From: Ilias Marinos <marinosi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 167329 for review Message-ID: <200908141554.n7EFshR9092637@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167329 Change 167329 by marinosi@marinosi_redrum on 2009/08/14 15:54:42 audit.c: - Added device mutex initialization code for all the slices except the base one.(Without it, using a device causes panic). - Removed an unecessary & always true check. (pointed out by rwatson). audit_slice.c: - Added a new write method code. It works fine with strings. - Many comments as it still experimental. Affected files ... .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#22 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#9 edit Differences ... ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#22 (text) ==== @@ -724,32 +724,24 @@ as_ptr = as; - uprintf("audit_slice_create: Calling audit_slice_init()\n"); /* Initialize the base slice */ audit_slice_init(as, name); - uprintf("audit_slice_create: Returned from audit_slice_init()\n"); - /* * XXXRW: Possibly start worker before creating the device? * FIXED. */ /* Start audit worker thread. */ - uprintf("audit_slice_create: Calling audit_worker_start()\n"); audit_worker_start(as); - uprintf("audit_slice_create: Returned from audit_worker_start()\n"); /* Create the special device node */ - uprintf("audit_slice_create: Calling audit_slice_cdev_init()\n"); audit_slice_cdev_init(as); - uprintf("audit_slice_create: Returned from audit_slice_cdev_init()\n"); /* Insert the slice on the list */ TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q); AUDIT_SLICES_UNLOCK(); - } /* @@ -802,6 +794,13 @@ */ mtx_init(&(as->audit_mtx), "audit_mtx", NULL, MTX_DEF); + /* + * For all the != audit_base_slice slices, we should initialize the + * extra needed variables, mutexes etc here. + */ + if ( as != audit_base_slice ) + mtx_init(&(as->as_dev_mtx), "as_dev_mtx", NULL, MTX_DEF); + cv_init(&(as->audit_worker_cv), "audit_worker_cv"); cv_init(&(as->audit_watermark_cv), "audit_watermark_cv"); cv_init(&(as->audit_fail_cv), "audit_fail_cv"); @@ -840,12 +839,12 @@ */ if (as != NULL) { AUDIT_SLICES_LOCK_ASSERT(); - cv_destroy(&(as)->audit_worker_cv); + /*cv_destroy(&(as)->audit_worker_cv); cv_destroy(&(as)->audit_watermark_cv); cv_destroy(&(as)->audit_fail_cv); sx_destroy(&(as)->audit_worker_lock); - mtx_destroy(&(as)->audit_mtx); - mtx_destroy(&(as)->as_dev_mtx); + mtx_destroy(&(as)->audit_mtx);*/ + mtx_destroy(&(as->as_dev_mtx)); destroy_dev(as->as_dev); TAILQ_REMOVE(&audit_slice_q, as, as_q); free(as, M_AUDITSLICE); @@ -894,24 +893,22 @@ * that improperly? * Base slice should never call audit_slice_commit_rec. */ - if (ar == NULL) { - /* - * This is not very efficient; we're required to allocate a - * complete kernel audit record just so the user record can - * tag along. - * - * XXXAUDIT: Maybe AUE_AUDIT in the system call context and - * special pre-select handling? - * - * XXXRW: Not sure we need to use td->td_ar here at all? The - * base slice may already be using it to record the write - * syscall. - */ - ar = audit_new(AUE_NULL, td, as); - if (ar == NULL) - return (1); - } + /* + * This is not very efficient; we're required to allocate a + * complete kernel audit record just so the user record can + * tag along. + * + * XXXAUDIT: Maybe AUE_AUDIT in the system call context and + * special pre-select handling? + * + * XXXRW: Not sure we need to use td->td_ar here at all? The + * base slice may already be using it to record the write + * syscall. + */ + ar = audit_new(AUE_NULL, td, as); + if (ar == NULL) + return (1); /* * Note: it could be that some records initiated while audit was @@ -1408,7 +1405,6 @@ * Use lock to prevent slice creation/removal while iterating through * the queue, listing the slices. */ - uprintf("Slices List:\n"); AUDIT_SLICES_LOCK(); TAILQ_FOREACH(cur, &audit_slice_q, as_q) { uprintf("%s\n", cur->as_name); ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#9 (text+ko) ==== @@ -139,7 +139,7 @@ as = dev->si_drv1; mtx_lock(&(as->as_dev_mtx)); - as->as_dev_isopen = 1; + as->as_dev_isopen = 0; /* Do something here */ mtx_unlock(&(as->as_dev_mtx)); @@ -167,18 +167,33 @@ /* Actual work here */ int c, error = 0; - u_int32_t recsz = 0; - int nbytes = 0; /*Remaining bytes */ - struct bsm_rec_hdr *audit_slice_dev_buf; + //u_int32_t recsz = 0; + //int nbytes = 0; /*Remaining bytes */ + char *audit_slice_dev_buf; struct audit_slice *as; void *as_rec = NULL; as = dev->si_drv1; /* Safe malloc the pagesz of the system.*/ - audit_slice_dev_buf = malloc(sizeof(*audit_slice_dev_buf), - M_TEMP, M_WAITOK); + //audit_slice_dev_buf = malloc(sizeof(*audit_slice_dev_buf), + // M_TEMP, M_WAITOK); + audit_slice_dev_buf = (void *)malloc(PAGE_SIZE, M_TEMP, + M_WAITOK | M_ZERO); + + uprintf("[DEV_WRITE_METHOD] of slice %s.\n", as->as_name); + + /* Copy the string in from user memory to kernel memory */ + c = MIN(uio->uio_iov->iov_len,PAGE_SIZE); + error = copyin(uio->uio_iov->iov_base, audit_slice_dev_buf, c); + + /* Null terminate it */ + *(audit_slice_dev_buf + c) = 0; + if (error != 0) + uprintf("Write failed: bad address!\n"); + else + uprintf ("MESSAGE: %s\n", (char *) audit_slice_dev_buf); /* * XXXRW: This seems to handle multiple records/system call, but not * multiple system calls/record. To handle the latter, we need to @@ -186,39 +201,51 @@ * into until we have a complete record which we can then submit to * audit. */ - while (uio->uio_resid > 0) { - c = MIN((int)uio->uio_resid, sizeof(*audit_slice_dev_buf)); - if ( c == (int)uio->uio_resid ) - break; +// while (uio->uio_resid > 0) { +// c = MIN((int)uio->uio_resid, sizeof(*audit_slice_dev_buf)); +// if ( c == (int)uio->uio_resid ) +// break; +// +// /* Fetch the bsm record's header */ +// error = uiomove(audit_slice_dev_buf, c, uio); +// if (error) +// break; +// +// /* +// * Store the actual record's size. Add some checks before +// * this. +// * +// * XXXRW: for example, perhaps we shouldn't accept records +// * longer than MAX_AUDIT_RECORD_SIZE, or less than +// * sizeof(*audit_slice_dev_buf). +// */ +// recsz = be32toh(audit_slice_dev_buf->rec_byte_count); +// as_rec = (void *)malloc((unsigned long)recsz, M_AUDITBSM, +// M_WAITOK | M_ZERO); +// +// /* Copy the header at the start of record */ +// memmove(as_rec, audit_slice_dev_buf, +// sizeof(audit_slice_dev_buf)); +// +// nbytes = (int)recsz - sizeof(audit_slice_dev_buf); +// error = uiomove(as_rec, nbytes, uio); +// if (error) +// break; + + //audit_slice_commit_rec( as_rec, as); + +// uprintf("Size to be fetched: %d\n", uio->uio_resid); +// c = MIN((int)uio->uio_resid, PAGE_SIZE); +// error = uiomove(audit_slice_dev_buf, c, uio); +// if (error) +// break; + //uprintf("[DEV_WRITE_METHOD] of slice %s: %s\n", + // as->as_name, (char *) audit_slice_dev_buf); - /* Fetch the bsm record's header */ - error = uiomove(audit_slice_dev_buf, c, uio); - if (error) - break; - /* - * Store the actual record's size. Add some checks before - * this. - * - * XXXRW: for example, perhaps we shouldn't accept records - * longer than MAX_AUDIT_RECORD_SIZE, or less than - * sizeof(*audit_slice_dev_buf). - */ - recsz = be32toh(audit_slice_dev_buf->rec_byte_count); - as_rec = (void *)malloc((unsigned long)recsz, M_AUDITBSM, - M_WAITOK | M_ZERO); - /* Copy the header at the start of record */ - memmove(as_rec, audit_slice_dev_buf, - sizeof(audit_slice_dev_buf)); - nbytes = (int)recsz - sizeof(audit_slice_dev_buf); - error = uiomove(as_rec, nbytes, uio); - if (error) - break; - - audit_slice_commit_rec( as_rec, as); - } +// } /* * XXXRW: Only free as_rec if we allocated it. @@ -263,9 +290,12 @@ audit_slice_cdev_init(struct audit_slice *as) { + + as->perms = 0700; + /* Create the special device file. */ as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid, - as->perms, "%s", as->as_name); + as->perms, "auditslice/%s", as->as_name); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908141554.n7EFshR9092637>