PERFORCE change 146360 for review
Diego Giagio
diego at FreeBSD.org
Fri Aug 1 02:46:26 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146360
Change 146360 by diego at diego_black on 2008/08/01 02:45:34
Use a queue of records instead of a single record. That would let us:
- Pre-allocate records outside without locks held.
- Make it possible to have more than one record being constructed by
a given thread.
Affected files ...
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/sys/proc.h#5 edit
Differences ...
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#5 (text) ====
@@ -73,10 +73,10 @@
#include <vm/uma.h>
static uma_zone_t audit_record_zone;
-static MALLOC_DEFINE(M_AUDITCRED, "audit_cred", "Audit cred storage");
MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage");
MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
+MALLOC_DEFINE(M_AUDITRECQ, "audit_recq", "Audit record queue storage");
SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
"TrustedBSD audit controls");
@@ -483,6 +483,30 @@
mtx_unlock(&audit_mtx);
}
+static void
+audit_enter(struct thread *td)
+{
+ /*
+ * Check if there's already a record being constructed. If true, move
+ * it temporarily into our record queue. currecord() will now point to
+ * the new record.
+ */
+ if (td->td_ar != NULL)
+ TAILQ_INSERT_TAIL(td->td_arq, td->td_ar, k_q);
+}
+
+static void
+audit_exit(struct thread *td)
+{
+ /*
+ * If there were a previous record begin constructed, return it to
+ * currecord() and remove it from record queue.
+ */
+ td->td_ar = TAILQ_LAST(td->td_arq, kaudit_queue);
+ if (td->td_ar != NULL)
+ TAILQ_REMOVE(td->td_arq, td->td_ar, k_q);
+}
+
/*
* audit_syscall_enter() is called on entry to each system call. It is
* responsible for deciding whether or not to audit the call (preselection),
@@ -494,8 +518,6 @@
{
au_event_t event;
- KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
-
/*
* In FreeBSD, each ABI has its own system call table, and hence
* mapping of system call codes to audit events. Convert the code to
@@ -511,6 +533,7 @@
if (event == AUE_NULL)
return;
+ audit_enter(td);
td->td_ar = audit_begin(event, td);
}
@@ -537,7 +560,7 @@
retval = td->td_retval[0];
audit_commit(td->td_ar, error, retval);
- td->td_ar = NULL;
+ audit_exit(td);
}
void
@@ -585,6 +608,8 @@
{
td->td_ar = NULL;
+ td->td_arq = malloc(sizeof(struct kaudit_queue), M_AUDITRECQ, M_WAITOK);
+ TAILQ_INIT(td->td_arq);
}
void
@@ -592,6 +617,9 @@
{
KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
+ KASSERT(TAILQ_EMPTY(td->td_arq),
+ ("audit_thread_free: td_arq not empty"));
+ free(td->td_arq, M_AUDITRECQ);
}
void
==== //depot/projects/soc2008/diego-audit/src/sys/sys/proc.h#5 (text+ko) ====
@@ -153,6 +153,7 @@
* for write access.
*/
struct kaudit_record;
+struct kaudit_queue;
struct td_sched;
struct nlminfo;
struct kaioinfo;
@@ -269,6 +270,7 @@
struct mdthread td_md; /* (k) Any machine-dependent fields. */
struct td_sched *td_sched; /* (*) Scheduler-specific data. */
struct kaudit_record *td_ar; /* (k) Active audit record, if any. */
+ struct kaudit_queue *td_arq; /* (k) Queue of audit records. */
int td_syscalls; /* per-thread syscall count (used by NFS :)) */
struct lpohead td_lprof[2]; /* (a) lock profiling objects. */
struct kdtrace_thread *td_dtrace; /* (*) DTrace-specific data. */
More information about the p4-projects
mailing list