svn commit: r368731 - in head/sys: kern security/audit

Mateusz Guzik mjg at FreeBSD.org
Thu Dec 17 18:52:06 UTC 2020


Author: mjg
Date: Thu Dec 17 18:52:04 2020
New Revision: 368731
URL: https://svnweb.freebsd.org/changeset/base/368731

Log:
  audit: rework AUDIT_SYSCLOSE
  
  This in particular avoids spurious lookups on close.

Modified:
  head/sys/kern/kern_descrip.c
  head/sys/security/audit/audit.h
  head/sys/security/audit/audit_arg.c

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Thu Dec 17 18:51:09 2020	(r368730)
+++ head/sys/kern/kern_descrip.c	Thu Dec 17 18:52:04 2020	(r368731)
@@ -107,7 +107,7 @@ __read_mostly uma_zone_t pwd_zone;
 VFS_SMR_DECLARE;
 
 static int	closefp(struct filedesc *fdp, int fd, struct file *fp,
-		    struct thread *td, bool holdleaders);
+		    struct thread *td, bool holdleaders, bool audit);
 static int	fd_first_free(struct filedesc *fdp, int low, int size);
 static void	fdgrowtable(struct filedesc *fdp, int nfd);
 static void	fdgrowtable_exp(struct filedesc *fdp, int nfd);
@@ -998,7 +998,7 @@ kern_dup(struct thread *td, u_int mode, int flags, int
 	error = 0;
 
 	if (delfp != NULL) {
-		(void) closefp(fdp, new, delfp, td, true);
+		(void) closefp(fdp, new, delfp, td, true, false);
 		FILEDESC_UNLOCK_ASSERT(fdp);
 	} else {
 unlock:
@@ -1240,7 +1240,8 @@ fgetown(struct sigio **sigiop)
 }
 
 static int
-closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td)
+closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
+    bool audit)
 {
 	int error;
 
@@ -1262,6 +1263,10 @@ closefp_impl(struct filedesc *fdp, int fd, struct file
 		mq_fdclose(td, fd, fp);
 	FILEDESC_XUNLOCK(fdp);
 
+#ifdef AUDIT
+	if (AUDITING_TD(td) && audit)
+		audit_sysclose(td, fd, fp);
+#endif
 	error = closef(fp, td);
 
 	/*
@@ -1277,7 +1282,7 @@ closefp_impl(struct filedesc *fdp, int fd, struct file
 
 static int
 closefp_hl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
-    bool holdleaders)
+    bool holdleaders, bool audit)
 {
 	int error;
 
@@ -1295,7 +1300,7 @@ closefp_hl(struct filedesc *fdp, int fd, struct file *
 		}
 	}
 
-	error = closefp_impl(fdp, fd, fp, td);
+	error = closefp_impl(fdp, fd, fp, td, audit);
 	if (holdleaders) {
 		FILEDESC_XLOCK(fdp);
 		fdp->fd_holdleaderscount--;
@@ -1311,15 +1316,15 @@ closefp_hl(struct filedesc *fdp, int fd, struct file *
 
 static int
 closefp(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
-    bool holdleaders)
+    bool holdleaders, bool audit)
 {
 
 	FILEDESC_XLOCK_ASSERT(fdp);
 
 	if (__predict_false(td->td_proc->p_fdtol != NULL)) {
-		return (closefp_hl(fdp, fd, fp, td, holdleaders));
+		return (closefp_hl(fdp, fd, fp, td, holdleaders, audit));
 	} else {
-		return (closefp_impl(fdp, fd, fp, td));
+		return (closefp_impl(fdp, fd, fp, td, audit));
 	}
 }
 
@@ -1347,8 +1352,6 @@ kern_close(struct thread *td, int fd)
 
 	fdp = td->td_proc->p_fd;
 
-	AUDIT_SYSCLOSE(td, fd);
-
 	FILEDESC_XLOCK(fdp);
 	if ((fp = fget_locked(fdp, fd)) == NULL) {
 		FILEDESC_XUNLOCK(fdp);
@@ -1357,7 +1360,7 @@ kern_close(struct thread *td, int fd)
 	fdfree(fdp, fd);
 
 	/* closefp() drops the FILEDESC lock for us. */
-	return (closefp(fdp, fd, fp, td, true));
+	return (closefp(fdp, fd, fp, td, true, true));
 }
 
 int
@@ -2671,7 +2674,7 @@ fdcloseexec(struct thread *td)
 		    (fde->fde_flags & UF_EXCLOSE))) {
 			FILEDESC_XLOCK(fdp);
 			fdfree(fdp, i);
-			(void) closefp(fdp, i, fp, td, false);
+			(void) closefp(fdp, i, fp, td, false, false);
 			FILEDESC_UNLOCK_ASSERT(fdp);
 		}
 	}

Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h	Thu Dec 17 18:51:09 2020	(r368730)
+++ head/sys/security/audit/audit.h	Thu Dec 17 18:52:04 2020	(r368731)
@@ -140,7 +140,7 @@ void	 audit_arg_argv(char *argv, int argc, int length)
 void	 audit_arg_envv(char *envv, int envc, int length);
 void	 audit_arg_rights(cap_rights_t *rightsp);
 void	 audit_arg_fcntl_rights(uint32_t fcntlrights);
-void	 audit_sysclose(struct thread *td, int fd);
+void	 audit_sysclose(struct thread *td, int fd, struct file *fp);
 void	 audit_cred_copy(struct ucred *src, struct ucred *dest);
 void	 audit_cred_destroy(struct ucred *cred);
 void	 audit_cred_init(struct ucred *cred);

Modified: head/sys/security/audit/audit_arg.c
==============================================================================
--- head/sys/security/audit/audit_arg.c	Thu Dec 17 18:51:09 2020	(r368730)
+++ head/sys/security/audit/audit_arg.c	Thu Dec 17 18:52:04 2020	(r368731)
@@ -995,12 +995,10 @@ audit_arg_fcntl_rights(uint32_t fcntlrights)
  * call itself.
  */
 void
-audit_sysclose(struct thread *td, int fd)
+audit_sysclose(struct thread *td, int fd, struct file *fp)
 {
-	cap_rights_t rights;
 	struct kaudit_record *ar;
 	struct vnode *vp;
-	struct file *fp;
 
 	KASSERT(td != NULL, ("audit_sysclose: td == NULL"));
 
@@ -1010,12 +1008,10 @@ audit_sysclose(struct thread *td, int fd)
 
 	audit_arg_fd(fd);
 
-	if (getvnode(td, fd, cap_rights_init(&rights), &fp) != 0)
-		return;
-
 	vp = fp->f_vnode;
+	if (vp == NULL)
+		return;
 	vn_lock(vp, LK_SHARED | LK_RETRY);
 	audit_arg_vnode1(vp);
 	VOP_UNLOCK(vp);
-	fdrop(fp, td);
 }


More information about the svn-src-head mailing list