Date: Sat, 15 Aug 2009 13:40:45 GMT From: Ilias Marinos <marinosi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 167362 for review Message-ID: <200908151340.n7FDejIA071666@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167362 Change 167362 by marinosi@marinosi_redrum on 2009/08/15 13:40:29 - Addded the appropriate mask for the audit_records to be committed directly to the filesystem. - Added some debugging code. Record processing is working fine from the appropriate workers. Records are not committed to the filesystem yet, because audit_vp is not set up. A new syscall to handle this will be added. Affected files ... .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#24 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#10 edit Differences ... ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#24 (text) ==== @@ -794,16 +794,19 @@ */ mtx_init(&(as->audit_mtx), "audit_mtx", NULL, MTX_DEF); + cv_init(&(as->audit_worker_cv), "audit_worker_cv"); + cv_init(&(as->audit_watermark_cv), "audit_watermark_cv"); + cv_init(&(as->audit_fail_cv), "audit_fail_cv"); + /* * For all the != audit_base_slice slices, we should initialize the * extra needed variables, mutexes etc here. */ - if ( as != audit_base_slice ) + if ( as != audit_base_slice ) { + as->audit_enabled = 1; mtx_init(&(as->as_dev_mtx), "as_dev_mtx", NULL, MTX_DEF); + } - cv_init(&(as->audit_worker_cv), "audit_worker_cv"); - cv_init(&(as->audit_watermark_cv), "audit_watermark_cv"); - cv_init(&(as->audit_fail_cv), "audit_fail_cv"); } @@ -866,7 +869,6 @@ struct kaudit_record *ar = NULL; int error; - uprintf("IN audit_slice_commit_rec()\n"); /* * XXXRW: This error value seems never to be used? Possibly we * should validate the record before calling audit_new, and return @@ -907,13 +909,19 @@ * base slice may already be using it to record the write * syscall. */ - uprintf("Calling audit_new().\n"); ar = audit_new(AUE_NULL, td, as); if (ar == NULL) return (1); - uprintf("audit_new() returned a non-NULL ar.\n"); /* + * Set the appropriate mask in order to directly commit the BSM rec to + * the filesystem. + */ + ar->k_ar_commit = 0u; + ar->k_ar_commit |= AR_COMMIT_USER; + ar->k_ar_commit |= AR_PRESELECT_USER_TRAIL; + + /* * Note: it could be that some records initiated while audit was * enabled should still be committed? */ ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#10 (text) ==== @@ -223,7 +223,6 @@ } } - uprintf("Ready to write record!\n"); error = vn_rdwr(UIO_WRITE, as->audit_vp, data, len, (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, as->audit_cred, NULL, NULL, curthread); if (error == ENOSPC) @@ -321,6 +320,7 @@ if ((ar->k_ar_commit & AR_COMMIT_USER) && (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) { AUDIT_WORKER_LOCK_ASSERT(as); + printf("audit_worker_process_record(): Ready to call audit_record_write().\n"); audit_record_write(as, ar->k_udata, ar->k_ulen); } @@ -407,7 +407,7 @@ while (TAILQ_EMPTY(&(as->audit_q))) cv_wait(&(as->audit_worker_cv), &(as->audit_mtx)); - uprintf("audit_worker(): Record in the queue!\n"); + printf("audit_worker(): Record in the queue!\n"); /* * If there are records in the global audit record queue, * transfer them to a thread-local queue and process them @@ -429,8 +429,9 @@ mtx_unlock(&(as->audit_mtx)); while ((ar = TAILQ_FIRST(&ar_worklist))) { TAILQ_REMOVE(&ar_worklist, ar, k_q); - uprintf("audit_worker(): Calling audit_worker_process_record()!\n"); + printf("audit_worker(): Calling audit_worker_process_record()!\n"); audit_worker_process_record(ar, as); + printf("audit_worker(): Returned from audit_worker_process_record()!\n"); audit_free(ar); } mtx_lock(&(as->audit_mtx));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908151340.n7FDejIA071666>