PERFORCE change 92369 for review
Wayne Salamon
wsalamon at FreeBSD.org
Fri Feb 24 19:24:59 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=92369
Change 92369 by wsalamon at gretsch on 2006/02/25 03:23:59
Cleanups done in preparation for merge into FreeBSD CVS:
- Remove unecessary linefeeds
- Audit the vnode only when the vnode lock and reference are held
- Move some vnode auditing into the actual system call, out of the
kern_xxx function in order to avoid duplicated auditing of the
vnode: once during namei lookup and once in the kern_xxx function
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#28 (text+ko) ====
@@ -194,8 +194,7 @@
if (jailed(td->td_ucred) && !prison_quotas)
return (EPERM);
mtx_lock(&Giant);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path,
- td);
+ NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td);
if ((error = namei(&nd)) != 0) {
mtx_unlock(&Giant);
return (error);
@@ -329,16 +328,16 @@
if (error)
return (error);
vp = fp->f_vnode;
+#ifdef AUDIT
+ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+ AUDIT_ARG(vnode, vp, ARG_VNODE1);
+ VOP_UNLOCK(vp, 0, td);
+#endif
mp = vp->v_mount;
fdrop(fp, td);
if (vp->v_iflag & VI_DOOMED)
return (EBADF);
mtx_lock(&Giant);
-#ifdef AUDIT
- vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
- VOP_UNLOCK(fp->f_vnode, 0, td);
-#endif
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, mp);
if (error) {
@@ -2375,7 +2374,6 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
VATTR_NULL(&vattr);
vattr.va_flags = flags;
#ifdef MAC
@@ -2476,6 +2474,11 @@
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
+#ifdef AUDIT
+ vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
+ AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ VOP_UNLOCK(fp->f_vnode, 0, td);
+#endif
error = setfflags(td, fp->f_vnode, uap->flags);
VFS_UNLOCK_GIANT(vfslocked);
fdrop(fp, td);
@@ -2611,7 +2614,11 @@
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
+#ifdef AUDIT
+ vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ VOP_UNLOCK(fp->f_vnode, 0, td);
+#endif
error = setfmode(td, fp->f_vnode, uap->mode);
VFS_UNLOCK_GIANT(vfslocked);
fdrop(fp, td);
@@ -2636,7 +2643,6 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
VATTR_NULL(&vattr);
vattr.va_uid = uid;
vattr.va_gid = gid;
@@ -2765,6 +2771,11 @@
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
+#ifdef AUDIT
+ vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
+ AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ VOP_UNLOCK(fp->f_vnode, 0, td);
+#endif
error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
VFS_UNLOCK_GIANT(vfslocked);
fdrop(fp, td);
@@ -2825,7 +2836,6 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
setbirthtime = 0;
if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred, td) == 0 &&
timespeccmp(&ts[1], &vattr.va_birthtime, < ))
@@ -2883,8 +2893,7 @@
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
- td);
+ NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -2928,8 +2937,7 @@
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
- td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -2976,6 +2984,11 @@
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
return (error);
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
+#ifdef AUDIT
+ vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
+ AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ VOP_UNLOCK(fp->f_vnode, 0, td);
+#endif
error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
VFS_UNLOCK_GIANT(vfslocked);
fdrop(fp, td);
@@ -3017,8 +3030,7 @@
if (length < 0)
return(EINVAL);
- NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
- td);
+ NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3090,7 +3102,7 @@
goto drop;
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG(vnode, vp, ARG_VNODE1);
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
@@ -3195,10 +3207,10 @@
return (error);
vp = fp->f_vnode;
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
- AUDIT_ARG(vnode, vp, ARG_VNODE1);
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
goto drop;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+ AUDIT_ARG(vnode, vp, ARG_VNODE1);
if (vp->v_object != NULL) {
VM_OBJECT_LOCK(vp->v_object);
vm_object_page_clean(vp->v_object, 0, 0, 0);
@@ -3712,7 +3724,6 @@
AUDIT_ARG(fd, uap->fd);
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
return (error);
-
if ((fp->f_flag & FREAD) == 0) {
fdrop(fp, td);
return (EBADF);
@@ -3734,7 +3745,7 @@
auio.uio_resid = uap->count;
/* vn_lock(vp, LK_SHARED | LK_RETRY, td); */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
+ AUDIT_ARG(vnode, vp, ARG_VNODE1);
loff = auio.uio_offset = fp->f_offset;
#ifdef MAC
error = mac_check_vnode_readdir(td->td_ucred, vp);
More information about the trustedbsd-cvs
mailing list