PERFORCE change 167329 for review
Ilias Marinos
marinosi at FreeBSD.org
Fri Aug 14 15:54:43 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=167329
Change 167329 by marinosi at marinosi_redrum on 2009/08/14 15:54:42
audit.c:
- Added device mutex initialization code for all the slices except
the base one.(Without it, using a device causes panic).
- Removed an unecessary & always true check. (pointed out by rwatson).
audit_slice.c:
- Added a new write method code. It works fine with strings.
- Many comments as it still experimental.
Affected files ...
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#22 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#9 edit
Differences ...
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#22 (text) ====
@@ -724,32 +724,24 @@
as_ptr = as;
- uprintf("audit_slice_create: Calling audit_slice_init()\n");
/* Initialize the base slice */
audit_slice_init(as, name);
- uprintf("audit_slice_create: Returned from audit_slice_init()\n");
-
/*
* XXXRW: Possibly start worker before creating the device?
* FIXED.
*/
/* Start audit worker thread. */
- uprintf("audit_slice_create: Calling audit_worker_start()\n");
audit_worker_start(as);
- uprintf("audit_slice_create: Returned from audit_worker_start()\n");
/* Create the special device node */
- uprintf("audit_slice_create: Calling audit_slice_cdev_init()\n");
audit_slice_cdev_init(as);
- uprintf("audit_slice_create: Returned from audit_slice_cdev_init()\n");
/* Insert the slice on the list */
TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q);
AUDIT_SLICES_UNLOCK();
-
}
/*
@@ -802,6 +794,13 @@
*/
mtx_init(&(as->audit_mtx), "audit_mtx", NULL, MTX_DEF);
+ /*
+ * For all the != audit_base_slice slices, we should initialize the
+ * extra needed variables, mutexes etc here.
+ */
+ if ( as != audit_base_slice )
+ mtx_init(&(as->as_dev_mtx), "as_dev_mtx", NULL, MTX_DEF);
+
cv_init(&(as->audit_worker_cv), "audit_worker_cv");
cv_init(&(as->audit_watermark_cv), "audit_watermark_cv");
cv_init(&(as->audit_fail_cv), "audit_fail_cv");
@@ -840,12 +839,12 @@
*/
if (as != NULL) {
AUDIT_SLICES_LOCK_ASSERT();
- cv_destroy(&(as)->audit_worker_cv);
+ /*cv_destroy(&(as)->audit_worker_cv);
cv_destroy(&(as)->audit_watermark_cv);
cv_destroy(&(as)->audit_fail_cv);
sx_destroy(&(as)->audit_worker_lock);
- mtx_destroy(&(as)->audit_mtx);
- mtx_destroy(&(as)->as_dev_mtx);
+ mtx_destroy(&(as)->audit_mtx);*/
+ mtx_destroy(&(as->as_dev_mtx));
destroy_dev(as->as_dev);
TAILQ_REMOVE(&audit_slice_q, as, as_q);
free(as, M_AUDITSLICE);
@@ -894,24 +893,22 @@
* that improperly?
* Base slice should never call audit_slice_commit_rec.
*/
- if (ar == NULL) {
- /*
- * This is not very efficient; we're required to allocate a
- * complete kernel audit record just so the user record can
- * tag along.
- *
- * XXXAUDIT: Maybe AUE_AUDIT in the system call context and
- * special pre-select handling?
- *
- * XXXRW: Not sure we need to use td->td_ar here at all? The
- * base slice may already be using it to record the write
- * syscall.
- */
- ar = audit_new(AUE_NULL, td, as);
- if (ar == NULL)
- return (1);
- }
+ /*
+ * This is not very efficient; we're required to allocate a
+ * complete kernel audit record just so the user record can
+ * tag along.
+ *
+ * XXXAUDIT: Maybe AUE_AUDIT in the system call context and
+ * special pre-select handling?
+ *
+ * XXXRW: Not sure we need to use td->td_ar here at all? The
+ * base slice may already be using it to record the write
+ * syscall.
+ */
+ ar = audit_new(AUE_NULL, td, as);
+ if (ar == NULL)
+ return (1);
/*
* Note: it could be that some records initiated while audit was
@@ -1408,7 +1405,6 @@
* Use lock to prevent slice creation/removal while iterating through
* the queue, listing the slices.
*/
- uprintf("Slices List:\n");
AUDIT_SLICES_LOCK();
TAILQ_FOREACH(cur, &audit_slice_q, as_q) {
uprintf("%s\n", cur->as_name);
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#9 (text+ko) ====
@@ -139,7 +139,7 @@
as = dev->si_drv1;
mtx_lock(&(as->as_dev_mtx));
- as->as_dev_isopen = 1;
+ as->as_dev_isopen = 0;
/* Do something here */
mtx_unlock(&(as->as_dev_mtx));
@@ -167,18 +167,33 @@
/* Actual work here */
int c, error = 0;
- u_int32_t recsz = 0;
- int nbytes = 0; /*Remaining bytes */
- struct bsm_rec_hdr *audit_slice_dev_buf;
+ //u_int32_t recsz = 0;
+ //int nbytes = 0; /*Remaining bytes */
+ char *audit_slice_dev_buf;
struct audit_slice *as;
void *as_rec = NULL;
as = dev->si_drv1;
/* Safe malloc the pagesz of the system.*/
- audit_slice_dev_buf = malloc(sizeof(*audit_slice_dev_buf),
- M_TEMP, M_WAITOK);
+ //audit_slice_dev_buf = malloc(sizeof(*audit_slice_dev_buf),
+ // M_TEMP, M_WAITOK);
+ audit_slice_dev_buf = (void *)malloc(PAGE_SIZE, M_TEMP,
+ M_WAITOK | M_ZERO);
+
+ uprintf("[DEV_WRITE_METHOD] of slice %s.\n", as->as_name);
+
+ /* Copy the string in from user memory to kernel memory */
+ c = MIN(uio->uio_iov->iov_len,PAGE_SIZE);
+ error = copyin(uio->uio_iov->iov_base, audit_slice_dev_buf, c);
+
+ /* Null terminate it */
+ *(audit_slice_dev_buf + c) = 0;
+ if (error != 0)
+ uprintf("Write failed: bad address!\n");
+ else
+ uprintf ("MESSAGE: %s\n", (char *) audit_slice_dev_buf);
/*
* XXXRW: This seems to handle multiple records/system call, but not
* multiple system calls/record. To handle the latter, we need to
@@ -186,39 +201,51 @@
* into until we have a complete record which we can then submit to
* audit.
*/
- while (uio->uio_resid > 0) {
- c = MIN((int)uio->uio_resid, sizeof(*audit_slice_dev_buf));
- if ( c == (int)uio->uio_resid )
- break;
+// while (uio->uio_resid > 0) {
+// c = MIN((int)uio->uio_resid, sizeof(*audit_slice_dev_buf));
+// if ( c == (int)uio->uio_resid )
+// break;
+//
+// /* Fetch the bsm record's header */
+// error = uiomove(audit_slice_dev_buf, c, uio);
+// if (error)
+// break;
+//
+// /*
+// * Store the actual record's size. Add some checks before
+// * this.
+// *
+// * XXXRW: for example, perhaps we shouldn't accept records
+// * longer than MAX_AUDIT_RECORD_SIZE, or less than
+// * sizeof(*audit_slice_dev_buf).
+// */
+// recsz = be32toh(audit_slice_dev_buf->rec_byte_count);
+// as_rec = (void *)malloc((unsigned long)recsz, M_AUDITBSM,
+// M_WAITOK | M_ZERO);
+//
+// /* Copy the header at the start of record */
+// memmove(as_rec, audit_slice_dev_buf,
+// sizeof(audit_slice_dev_buf));
+//
+// nbytes = (int)recsz - sizeof(audit_slice_dev_buf);
+// error = uiomove(as_rec, nbytes, uio);
+// if (error)
+// break;
+
+ //audit_slice_commit_rec( as_rec, as);
+
+// uprintf("Size to be fetched: %d\n", uio->uio_resid);
+// c = MIN((int)uio->uio_resid, PAGE_SIZE);
+// error = uiomove(audit_slice_dev_buf, c, uio);
+// if (error)
+// break;
+ //uprintf("[DEV_WRITE_METHOD] of slice %s: %s\n",
+ // as->as_name, (char *) audit_slice_dev_buf);
- /* Fetch the bsm record's header */
- error = uiomove(audit_slice_dev_buf, c, uio);
- if (error)
- break;
- /*
- * Store the actual record's size. Add some checks before
- * this.
- *
- * XXXRW: for example, perhaps we shouldn't accept records
- * longer than MAX_AUDIT_RECORD_SIZE, or less than
- * sizeof(*audit_slice_dev_buf).
- */
- recsz = be32toh(audit_slice_dev_buf->rec_byte_count);
- as_rec = (void *)malloc((unsigned long)recsz, M_AUDITBSM,
- M_WAITOK | M_ZERO);
- /* Copy the header at the start of record */
- memmove(as_rec, audit_slice_dev_buf,
- sizeof(audit_slice_dev_buf));
- nbytes = (int)recsz - sizeof(audit_slice_dev_buf);
- error = uiomove(as_rec, nbytes, uio);
- if (error)
- break;
-
- audit_slice_commit_rec( as_rec, as);
- }
+// }
/*
* XXXRW: Only free as_rec if we allocated it.
@@ -263,9 +290,12 @@
audit_slice_cdev_init(struct audit_slice *as)
{
+
+ as->perms = 0700;
+
/* Create the special device file. */
as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid,
- as->perms, "%s", as->as_name);
+ as->perms, "auditslice/%s", as->as_name);
}
/*
More information about the p4-projects
mailing list