Date: Wed, 5 Aug 2009 21:16:57 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 167052 for review Message-ID: <200908052116.n75LGv2Q013104@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167052 Change 167052 by rwatson@rwatson_cinnamon on 2009/08/05 21:15:57 For now, rather than exposing audit_slice throughout the kernel, cache audit_base_slice's enabled/suspended flags in the previously used globals. Possibly not just "for now" since this also makes the per-syscall check more performant. Affected files ... .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#11 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.h#4 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#7 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#5 edit Differences ... ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#11 (text) ==== @@ -84,6 +84,19 @@ SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0, "TrustedBSD audit controls"); +/* + * Audit control settings that are set/read by system calls and are hence + * non-static. + * + * Define the audit control flags. + * + * XXXRW: Cache audit_base_slice->audit_enabled and + * audit_base_slice->audit_suspended in globals so that we can avoid + * dereferencing audit_base_slice for every system call entry. + */ +int audit_enabled; +int audit_suspended; + /* * The base audit slice statically declared. */ ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.h#4 (text) ==== @@ -52,8 +52,6 @@ * observed but should not be directly manipulated. The audit suspension * flag permits audit to be temporarily disabled without reconfiguring the * audit target. - * - * XXXRW: These are no longer needed if they're per-slice. */ extern int audit_enabled; extern int audit_suspended; @@ -193,12 +191,8 @@ } while (0) -/* - * XXXRW: Perhaps we should have audit_base_enabled or such as a global to - * avoid an extra pointer deref for every syscall? - */ #define AUDIT_SYSCALL_ENTER(code, td) do { \ - if (audit_base_slice->audit_enabled) { \ + if (audit_enabled) { \ audit_syscall_enter(code, td); \ } \ } while (0) ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#7 (text) ==== @@ -397,6 +397,7 @@ audit_base_slice->audit_suspended = 1; audit_shutdown(NULL, 0); } + audit_suspended = audit_base_slice->audit_suspended; break; } if (uap->length != sizeof(udata.au_cond)) @@ -409,6 +410,7 @@ audit_base_slice->audit_suspended = 1; audit_shutdown(NULL, 0); } + audit_suspended = audit_base_slice->audit_suspended; break; case A_GETCLASS: @@ -856,6 +858,7 @@ * audit_worker? */ audit_base_slice->audit_suspended = 0; + audit_suspended = audit_base_slice->audit_suspended; audit_rotate_vnode(cred, vp); ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#5 (text) ==== @@ -265,6 +265,7 @@ } (void)audit_send_trigger(AUDIT_TRIGGER_NO_SPACE); as->audit_suspended = 1; + audit_suspended = as->audit_suspended; /* FALLTHROUGH */ fail: @@ -469,6 +470,7 @@ as->audit_vp = vp; as->audit_file_rotate_wait = 0; as->audit_enabled = (as->audit_vp != NULL); + audit_enabled = as->audit_enabled; AUDIT_WORKER_UNLOCK(); /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908052116.n75LGv2Q013104>