From owner-p4-projects Tue Apr 9 15:15:15 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 11EE637B405; Tue, 9 Apr 2002 15:14:48 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2817E37B404 for ; Tue, 9 Apr 2002 15:14:47 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g39MEkF62380 for perforce@freebsd.org; Tue, 9 Apr 2002 15:14:46 -0700 (PDT) (envelope-from arr@freebsd.org) Date: Tue, 9 Apr 2002 15:14:46 -0700 (PDT) Message-Id: <200204092214.g39MEkF62380@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to arr@freebsd.org using -f From: "Andrew R. Reiter" Subject: PERFORCE change 9472 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9472 Change 9472 by arr@arr_shibby on 2002/04/09 15:14:08 - Various cleanups/cleandowns/changes to facilitate changing design. Affected files ... ... //depot/projects/trustedbsd/audit/sys/kern/kern_audit.c#21 edit Differences ... ==== //depot/projects/trustedbsd/audit/sys/kern/kern_audit.c#21 (text+ko) ==== @@ -45,148 +45,96 @@ #include #include -#include +#include #define AUDLOG "/var/log/audit" -void audit_write_thread(void *); -static __inline audit_record_t *audit_record_alloc(vm_zone_t, u_long *); -static __inline void audit_record_free(audit_record_t *, vm_zone_t, u_long *); -static __inline audit_id_t audit_record_generate_id(audit_id_t *); +static __inline audit_record_t *audit_record_alloc(uma_zone_t, u_long *); +static __inline void audit_record_free(audit_record_t *, uma_zone_t, u_long *); -static struct audit_info ainfo; +static struct mtx audit_mtx; static struct audit_record_list record_queue; -static struct mtx record_queue_mtx; - +static uma_zone_t record_zone; +static u_long record_leased; static int audit_shutdown_flag = 0; -static size_t pool_size = 32; +static int audit_id = 0; +static size_t pool_size = 32; -SYSCTL_DECL(_security); -SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0, ""); - static __inline audit_record_t * -audit_record_alloc(vm_zone_t aizone, u_long *lease) +audit_record_alloc(uma_zone_t zone, u_long *lease) { *(u_long *)lease++; - return(zalloc(aizone)); + return(uma_zalloc(zone)); } static __inline void -audit_record_free(audit_record_t *ar, vm_zone_t aizone, u_long *lease) +audit_record_free(audit_record_t *ar, uma_zone_t zone, u_long *lease) { *(u_long *)lease--; - zfree(aizone, ar); -} - -static __inline -audit_id_t -audit_record_generate_id(audit_id_t *id) -{ - - return(*++id); + uma_zfree(zone, ar); } audit_record_t * -audit_record_init(int type, size_t evsz, struct audit_info *ai) +audit_record_init(int type, size_t evsz) { audit_record_t *rec; audit_header_t *h; - vm_zone_t z; + uma_zone_t z; audit_id_t *id; u_long *lease; - AINFO_LOCK(ai); - lease = &ai->ai_leased; - z = ai->ai_zone; - id = &ai->ai_id; - AINFO_UNLOCK(ai); + mtx_lock(&audit_mtx) + z = record_zone; + mtx_unlock(&audit_mtx) rec = audit_record_alloc(z, lease); bzero(rec, sizeof(*rec)); h = &rec->ar_hdr; h->ah_v = AUDIT_VERSION; - h->ah_id = audit_record_generate_id(id); + h->ah_id = id++; // prolly should be locked. h->ah_len = AUDIT_RECORD_SZ + evsz; h->ah_type = type; nanotime(&h->ah_evtime); return (rec); } - -/* - * Executed when the audit system is turned on. - */ void audit_init(void) { - struct vnode *vp; - struct audit_info *ai; - vm_zone_t zone; - char *sptr; - int err = 0; + uma_zone_t zone; - ai = &ainfo; - - bzero(ai, sizeof(*ai)); - mtx_init(&ai->ai_mtx, "audit info lock", 0, MTX_DEF); - - sptr = malloc(strlen(AUDLOG), M_TEMP, M_WAITOK|M_ZERO); - strcpy(sptr, AUDLOG); - - vp = audit_write_init(sptr, curthread, curthread->td_ucred); - if (vp == NULL) - panic("Unable to init audit system.\n"); - - zone = zinit("AUDIT", sizeof(audit_record_t), pool_size, 0, 4); + zone = uma_zinit("AUDIT", sizeof(audit_record_t), pool_size, 0, 4); if (zone == NULL) panic("audit_init: unable to init audit record zone"); - AINFO_LOCK(ai); - ai->ai_cred = curthread->td_ucred; - ai->ai_vp = vp; - ai->ai_zone = zone; - ai->ai_lname = sptr; - AINFO_UNLOCK(ai); + mtx_init(&audit_mtx, "audit lock", 0, MTX_DEF); + mtx_lock(&audit_mtx); + record_zone = zone; + TAILQ_INIT(&record_queue); + audit_shutdown_flag = 0; + mtx_unlock(&audit_mtx); - mtx_init(&record_queue_mtx, "audit record queue lock", MTX_DEF); - mtx_lock(&record_queue_mtx); - TAILQ_INIT(&record_queue); - mtx_unlock(&record_queue_mtx); + (void)kthread_create(&audit_write_thread, ai, NULL, RFNOWAIT, + "TrustedBSD audit write thread"); - audit_shutdown_flag = 0; - err = kthread_create(&audit_write_thread, ai, NULL, RFNOWAIT, - "TrustedBSD audit write thread"); } SYSINIT(tbsd_audit, SI_ORDER_ANY, SI_SUB_MAC, &audit_init, NULL); void audit_shutdown(void) { - struct vnode *vp; - struct audit_info *ai; - struct ucred *cred; - vm_zone_t zone = NULL; - char *ptr; + uma_zone_t zone; + mtx_lock(&audit_mtx); audit_shutdown_flag = 1; - ai = &ainfo; - - AINFO_LOCK(ai); - cred = ai->ai_cred; - vp = ai->ai_vp; - zone = ai->ai_zone; - ptr = ai->ai_lname; - AINFO_UNLOCK(ai); - mtx_destroy(&ai->ai_mtx); - free(ptr, M_TEMP); - bzero(ai, sizeof(*ai)); - audit_write_shutdown(vp, curthread, cred); /* curthread ok? */ - crfree(cred); - zdestroy(zone); + zone = record_zone; + mtx_unlock(&audit_mtx); + mtx_destroy(&audit_mtx); + uma_zdestroy(zone); } SYSUNINIT(tbsd_audit, SI_ORDER_ANY, SI_SUB_MAC, &audit_shutdown, NULL); @@ -194,122 +142,39 @@ audit_record_enqueue(audit_record_t *ar) { - mtx_lock(&record_queue_mtx); + mtx_lock(&audit_mtx); TAILQ_INSERT_TAIL(&record_queue, ar, ar_next); - mtx_unlock(&record_queue_mtx); - wakeup((caddr_t)&record_queue); + mtx_unlock(&audit_mtx); } -struct vnode * -audit_write_init(const char *path, struct thread *td, struct ucred **cred) -{ - struct nameidata ni; - struct ucred *cred = td->td_proc->p_ucred; - struct vnode *vp; - int err = 0, flag = O_CREAT | FWRITE | O_TRUNC | O_NOFOLLOW; - - *cred = crhold(cred); - bzero(&ni, sizeof(ni)); - NDINIT(&ni, LOOKUP, NOFOLLOW, UIO_SYSSPACE, path, td); - err = namei(&ni); - if (err != 0) - return (NULL); - err = vn_open(&ni, &flag, S_IRUSR | S_IWUSR); - if (err != 0) - return (NULL); - NDFREE(&ni, NDF_ONLY_PNBUF); - vp = ni.ni_vp; - VOP_UNLOCK(vp, 0, td); - return (vp); -} - -void -audit_write_shutdown(struct vnode *vp, struct thread *td, struct ucred *cred) -{ - - vn_close(vp, 0, cred, td); - crfree(cred); -} - int -audit_record_write(audit_record_t *ar, struct audit_info *ai, - struct thread *td) +audit_record_write(audit_record_t *ar) { - struct flock lf; - struct mount *mp; - struct ucred *cred; - struct uio u; - struct vnode *vp; - size_t len; - int err = 0; - KASSERT(ar != NULL, ("audit_record_write: audit record null")); - - AINFO_LOCK(ai); - cred = ai->ai_cred; - vp = ai->ai_vp; - AINFO_UNLOCK(ai); - - /* XXX */ - lf.l_whence = SEEK_SET; - lf.l_start = 0; - lf.l_len = 0; - lf.l_type = F_WRLCK; - err = VOP_ADVLOCK(vp, (caddr_t)td->td_proc, F_SETLK, &lf, F_FLOCK); - if (err != 0) - return (err); - - err = vn_start_write(vp, &mp, V_NOWAIT); - if (err != 0) - /* - * If we can't write to the audit file from kernel - * land, then something is wrong. In the future, - * this will be handled more cleanly and thorougly, - * but for now, we panic. - */ - panic("unable to write to audit log."); - - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); - uiomove((caddr_t)&ar, AUDIT_RECORD_SZ, &u); - len = ar->ar_hdr.ah_len - AUDIT_RECORD_SZ; - KASSERT(len != 0, ("audit_record_write: Bad audit record")); - VOP_WRITE(vp, &u, IO_APPEND|IO_UNIT|IO_NODELOCKED, - td->td_proc->p_ucred); - uiomove((caddr_t)&ar->ar_evinfo, len, &u); - VOP_WRITE(vp, &u, IO_APPEND|IO_UNIT|IO_NODELOCKED, - td->td_proc->p_ucred); - VOP_UNLOCK(vp, 0, td); - vn_finished_write(mp); - return (ar->ar_hdr.ah_len); + return (-1); } void audit_write_thread(void *arg) { audit_record_t *ar; - struct audit_info *ai = arg; u_long *lease; - vm_zone_t z; + uma_zone_t z; + /* + * XXX No locking strategy at the moment.. + */ for (;;) { ar = NULL; - mtx_lock(&record_queue_mtx); TAILQ_REMOVE(&record_queue, ar, ar_next); - mtx_unlock(&record_queue_mtx); - /* XXX Check flag here and hope it doesnt change. */ - if (audit_shutdown_flag) { - mtx_destroy(&record_queue_mtx); + /* Check flag here and hope it doesnt change. */ + if (audit_shutdown_flag) kthread_exit(0); - } - + if (ar) { - (void)audit_record_write(ar, NULL, NULL); - AINFO_LOCK(ai); - z = ai->ai_zone; - lease = &ai->ai_leased; - AINFO_UNLOCK(ai); + z = record_zone; + lease = &record_leased; audit_record_free(ar, z, lease); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message