PERFORCE change 146676 for review

Tue Aug 5 01:42:36 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=146676

Change 146676 by diego at diego_black on 2008/08/05 01:41:38

	Improve preallocation of audit records.

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#6 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#14 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#6 (text) ====

@@ -483,25 +483,25 @@
 	mtx_unlock(&audit_mtx);
 }
 
+/*
+ * Check if there's already a record being constructed. If true, save it 
+ * into thread's record queue.
+ */
 static void
 audit_enter(struct thread *td)
 {
-	/*
-	 * Check if there's already a record being constructed. If true, move 
-	 * it temporarily into our record queue. currecord() will now point to
-	 * the new record.
-	 */
 	if (td->td_ar != NULL)
 		TAILQ_INSERT_TAIL(td->td_arq, td->td_ar, k_q);
+	td->td_ar = NULL;
 }
 
+/*
+ * Check if there were a previous record being constructed. If true, make it
+ * the current record and remove it from thread's record queue.
+ */
 static void
 audit_exit(struct thread *td)
 {
-	/*
-	 * If there were a previous record begin constructed, return it to
-	 * currecord() and remove it from record queue.
-	 */
 	td->td_ar = TAILQ_LAST(td->td_arq, kaudit_queue);
 	if (td->td_ar != NULL)
 		TAILQ_REMOVE(td->td_arq, td->td_ar, k_q);
@@ -516,6 +516,7 @@
 void
 audit_syscall_enter(unsigned short code, struct thread *td)
 {
+	struct	kaudit_record *ar;
 	au_event_t event;
 
 	/*
@@ -533,8 +534,16 @@
 	if (event == AUE_NULL)
 		return;
 
-	audit_enter(td);
-	td->td_ar = audit_begin(event, td);
+	ar = audit_begin(event, td);
+	if (ar != NULL) {
+		/*
+	 	* Save the current record into thread's record queue and
+		* create a new record.
+	 	*/
+
+		audit_enter(td);
+		td->td_ar = ar;
+	}
 }
 
 /*
@@ -559,6 +568,45 @@
 	else
 		retval = td->td_retval[0];
 
+	/*
+	 * Commit the current record. Turn the previous saved record into the
+	 * current one.
+	 */
+	audit_commit(td->td_ar, error, retval);
+	audit_exit(td);
+}
+
+void
+audit_pfil_enter(unsigned short event, struct thread *td)
+{
+	struct	kaudit_record *ar;
+
+	ar = audit_begin(event, td);
+	if (ar != NULL) {
+		/*
+	 	* Save the current record into thread's record queue and
+		* create a new record.
+	 	*/
+
+		audit_enter(td);
+		td->td_ar = ar;
+	}
+}
+
+void
+audit_pfil_exit(int error, struct thread *td)
+{
+	int retval;
+
+	if (error)
+		retval = -1;
+	else
+		retval = 0;
+
+	/*
+	 * Commit the current record. Turn the previous saved record into the
+	 * current one.
+	 */
 	audit_commit(td->td_ar, error, retval);
 	audit_exit(td);
 }

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#14 (text) ====

@@ -127,6 +127,9 @@
 /*
  * Functions for auditing packet filter events.
  */
+void	 audit_pfil_enter(unsigned short event, struct thread *td);
+void	 audit_pfil_exit(int error, struct thread *td);
+
 void	 audit_ipfw_enable(int error);
 void	 audit_ipfw_disable(int error);
 void	 audit_ipfw_addrule(int set, int rulenum, int error);
