PERFORCE change 45473 for review

Robert Watson rwatson at FreeBSD.org
Sat Jan 17 03:49:15 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=45473

Change 45473 by rwatson at rwatson_tislabs on 2004/01/16 19:48:38

	Separate allocation of per-process audit storage from the
	initialization of that storage, so as to share allocation
	functions between kproc0, init, and future processes, and also
	to avoid allocating while holding process locks.  
	
	Initialize the first kernel process using its own hook,
	audit_proc_kproc0(), and employ the init initialization hook,
	audit_proc_init() on the init process.  
	
	Fix a typo in the MAC fix for freeing process state.
	
	Don't free audit storage until we're ready to free the proc,
	or it's zeroed when we try to audit the exit.
	
	Create the audit_worker thread using RFHIGHPID so that it
	doesn't grab pid 1, breaking init.
	
	KASSERT various sorts of things about p_au during the process
	life cycle, such as that it is null when the process is to be
	created, and otherwise non-NULL.  
	
	Some gratuitous parentheses that we'll remove later, but I put
	in to be safe while trying to debug memory corruption.
	
	Audit framework now properly tracks process audit state,
	and appears to safely gather audit records for process exit.

Affected files ...

.. //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 edit
.. //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 edit

Differences ...

==== //depot/projects/trustedbsd/audit2/sys/kern/init_main.c#4 (text+ko) ====

@@ -399,7 +399,7 @@
 	p->p_ucred->cr_prison = NULL;	/* Don't jail it. */
 #ifdef AUDIT
 	audit_proc_alloc(p);
-	audit_proc_init(p);
+	audit_proc_kproc0(p);
 #endif
 #ifdef MAC
 	mac_create_proc0(p->p_ucred);
@@ -697,6 +697,9 @@
 #ifdef MAC
 	mac_create_proc1(newcred);
 #endif
+#ifdef AUDIT
+	audit_proc_init(initproc);
+#endif
 	initproc->p_ucred = newcred;
 	PROC_UNLOCK(initproc);
 	crfree(oldcred);

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_exit.c#3 (text+ko) ====

@@ -688,9 +688,6 @@
 			 */
 			crfree(p->p_ucred);
 			p->p_ucred = NULL;
-#ifdef AUDIT
-			audit_proc_free(p);
-#endif
 			pargs_drop(p->p_args);
 			p->p_args = NULL;
 			sigacts_free(p->p_sigacts);
@@ -710,6 +707,9 @@
 #ifdef MAC
 			mac_destroy_proc(p);
 #endif
+#ifdef AUDIT
+			audit_proc_free(p);
+#endif
 			KASSERT(FIRST_THREAD_IN_PROC(p),
 			    ("wait1: no residual thread!"));
 			uma_zfree(proc_zone, p);

==== //depot/projects/trustedbsd/audit2/sys/kern/kern_fork.c#5 (text+ko) ====

@@ -747,7 +747,7 @@
 			uid);
 	sx_xunlock(&allproc_lock);
 #ifdef MAC
-	mac_proc_destroy(newproc);
+	mac_destroy_proc(newproc);
 #endif
 #ifdef AUDIT
 	audit_proc_free(newproc);

==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#14 (text+ko) ====

@@ -41,6 +41,7 @@
 #include <sys/ucred.h>
 #include <sys/uio.h>
 #include <sys/un.h>
+#include <sys/unistd.h>
 #include <sys/vnode.h>
 
 #include <security/audit/audit_private.h>
@@ -416,8 +417,8 @@
 	/* Initialize the BSM audit subsystem. */
 	kau_init();
 
-	error = kthread_create(audit_worker, NULL, &audit_thread, 0, 0,
-	    "audit_worker");
+	error = kthread_create(audit_worker, NULL, &audit_thread, RFHIGHPID,
+	    0, "audit_worker");
 	if (error != 0)
 		panic("audit_init: kthread_create returned %d", error);
 }
@@ -1301,7 +1302,10 @@
 audit_proc_alloc(struct proc *p)
 {
 
-	p->p_au = malloc(sizeof(*p->p_au), M_AUDIT, M_WAITOK);
+	KASSERT(p->p_au == NULL, ("audit_proc_alloc: p->p_au != NULL (%d)",
+	    p->p_pid));
+	p->p_au = malloc(sizeof(*(p->p_au)), M_AUDIT, M_WAITOK);
+	//printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au);
 }
 
 /* 
@@ -1311,10 +1315,23 @@
  * session ID, etc. 
  */
 void
+audit_proc_kproc0(struct proc *p)
+{
+
+	KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)",
+	    p->p_pid));
+	//printf("audit_proc_kproc0: pid %d p_au %p\n", p->p_pid, p->p_au);
+	bzero(p->p_au, sizeof(*(p)->p_au));
+}
+
+void
 audit_proc_init(struct proc *p)
 {
 
-	bzero((void *)p->p_au, sizeof(*p->p_au));
+	KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)",
+	    p->p_pid));
+	//printf("audit_proc_init: pid %d p_au %p\n", p->p_pid, p->p_au);
+	bzero(p->p_au, sizeof(*(p)->p_au));
 }
 
 /* 
@@ -1327,6 +1344,14 @@
 
 	PROC_LOCK_ASSERT(parent, MA_OWNED);
 	PROC_LOCK_ASSERT(child, MA_OWNED);
+	KASSERT(parent->p_au != NULL,
+	    ("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid));
+	KASSERT(child->p_au != NULL,
+	    ("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid));
+	//printf("audit_proc_fork: parent pid %d p_au %p\n", parent->p_pid,
+	//    parent->p_au);
+	//printf("audit_proc_fork: child pid %d p_au %p\n", child->p_pid,
+	//    child->p_au);
 	bcopy(parent->p_au, child->p_au, sizeof(*child->p_au));
 }
 
@@ -1337,6 +1362,8 @@
 audit_proc_free(struct proc *p)
 {
 
+	KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid));
+	//printf("audit_proc_free: pid %d p_au %p\n", p->p_pid, p->p_au);
 	free(p->p_au, M_AUDIT);
 	p->p_au = NULL;
 }

==== //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#12 (text+ko) ====

@@ -155,10 +155,11 @@
 void			 audit_arg_svipc_addr(void *addr);
 
 void			 audit_proc_alloc(struct proc *p);
-void			 audit_proc_init(struct proc *p);
 void			 audit_proc_fork(struct proc *parent, 
 					 struct proc *child);
 void			 audit_proc_free(struct proc *p);
+void			 audit_proc_init(struct proc *p);
+void			 audit_proc_kproc0(struct proc *p);
 
 /*
  * Define a macro to wrap the audit_arg_* calls by checking the global
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list