PERFORCE change 187034 for review
Efstratios Karatzas
gpf at FreeBSD.org
Sat Dec 18 17:01:35 UTC 2010
http://p4web.freebsd.org/@@187034?ac=10
Change 187034 by gpf at gpf_desktop on 2010/12/18 17:01:26
bugfix: some of the functions in audit_arg.c were being called
directly and not through the appropriate macros that check
if we are auditing atm. e.g. This caused audit_arg_auditinfo()
to pagefault because of a missing audit_record in case we
were not auditing naflags:ad (for the setaudit syscall).
Remember that now we *do* have an kaudit_record even if we are
not auditing an event because we need to keep some state.
The audit_record on the other hand is allocated on demand.
I also added macros for other audit_arg_* functions that were
missing.
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 (text) ====
@@ -167,11 +167,26 @@
audit_arg_atfd2((atfd)); \
} while (0)
+#define AUDIT_ARG_AUDITINFO(au_info) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_auditinfo((au_info)); \
+} while (0)
+
+#define AUDIT_ARG_AUDITINFO_ADDR(au_info) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_auditinfo_addr((au_info)); \
+} while (0)
+
#define AUDIT_ARG_AUDITON(udata) do { \
if (AUDITING_TD(curthread)) \
audit_arg_auditon((udata)); \
} while (0)
+#define AUDIT_ARG_AUID(auid) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_auid((auid)); \
+} while (0)
+
#define AUDIT_ARG_CLIENTID(clientid) do { \
if (AUDITING_TD(curthread)) \
audit_arg_clientid((clientid)); \
@@ -187,6 +202,11 @@
audit_arg_cmd((cmd)); \
} while (0)
+#define AUDIT_ARG_CTLNAME(name, namelen) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_ctlname((name), (namelen)); \
+} while (0)
+
#define AUDIT_ARG_DEV(dev) do { \
if (AUDITING_TD(curthread)) \
audit_arg_dev((dev)); \
@@ -237,6 +257,11 @@
audit_arg_groupset((gidset), (gidset_size)); \
} while (0)
+#define AUDIT_ARG_LEN(len) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_len((len)); \
+} while (0)
+
#define AUDIT_ARG_LOCKOWNER(lockowner, size) do { \
if (AUDITING_TD(curthread)) \
audit_arg_lockowner((lockowner), (size)); \
@@ -247,6 +272,16 @@
audit_arg_locktype((locktype)); \
} while (0)
+#define AUDIT_ARG_LOGIN(login) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_login((login)); \
+} while (0)
+
+#define AUDIT_ARG_MASK(mask) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_mask((mask)); \
+} while (0)
+
#define AUDIT_ARG_MODE(mode) do { \
if (AUDITING_TD(curthread)) \
audit_arg_mode((mode)); \
@@ -307,6 +342,31 @@
audit_arg_suid((suid)); \
} while (0)
+#define AUDIT_ARG_SVIPC_CMD(cmd) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_cmd((cmd)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_PERM(perm) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_perm((perm)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_ID(id) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_id((id)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_ADDR(addr) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_addr((addr)); \
+} while (0)
+
+#define AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode) do { \
+ if (AUDITING_TD(curthread)) \
+ audit_arg_svipc_ipc_perm((uid), (gid), (mode)); \
+} while (0)
+
#define AUDIT_ARG_TEXT(text) do { \
if (AUDITING_TD(curthread)) \
audit_arg_text((text)); \
@@ -415,9 +475,13 @@
#define AUDIT_ARG_ARGV(argv, argc, length)
#define AUDIT_ARG_ATFD1(atfd)
#define AUDIT_ARG_ATFD2(atfd)
+#define AUDIT_ARG_AUDITINFO(au_info)
+#define AUDIT_ARG_AUDITINFO_ADDR(au_info)
#define AUDIT_ARG_AUDITON(udata)
+#define AUDIT_ARG_AUID(auid)
#define AUDIT_ARG_CLIENTID(clientid)
#define AUDIT_ARG_CLIENTNAME(clientname, size)
+#define AUDIT_ARG_CTLNAME(name, namelen)
#define AUDIT_ARG_CMD(cmd)
#define AUDIT_ARG_DEV(dev)
#define AUDIT_ARG_EGID(egid)
@@ -429,8 +493,11 @@
#define AUDIT_ARG_FFLAGS(fflags)
#define AUDIT_ARG_GID(gid)
#define AUDIT_ARG_GROUPSET(gidset, gidset_size)
+#define AUDIT_ARG_LEN(len)
#define AUDIT_ARG_LOCKOWNER(lockowner, size)
#define AUDIT_ARG_LOCKTYPE(locktype)
+#define AUDIT_ARG_LOGIN(login)
+#define AUDIT_ARG_MASK(mask)
#define AUDIT_ARG_MODE(mode)
#define AUDIT_ARG_OWNER(uid, gid)
#define AUDIT_ARG_PID(pid)
@@ -443,6 +510,11 @@
#define AUDIT_ARG_SOCKADDR_IN(sin)
#define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
#define AUDIT_ARG_SUID(suid)
+#define AUDIT_ARG_SVIPC_CMD(cmd)
+#define AUDIT_ARG_SVIPC_PERM(perm)
+#define AUDIT_ARG_SVIPC_ID(id)
+#define AUDIT_ARG_SVIPC_ADDR(addr)
+#define AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode)
#define AUDIT_ARG_TEXT(text)
#define AUDIT_ARG_UID(uid)
#define AUDIT_ARG_UPATH1(td, upath)
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 (text) ====
@@ -52,7 +52,7 @@
/*
* Calls to manipulate elements of the audit record structure from system
- * call code. Macro wrappers will prevent this functions from being entered
+ * call code. Macro wrappers will prevent these functions from being entered
* if auditing is disabled, avoiding the function call cost. We check the
* thread audit record pointer anyway, as the audit condition could change,
* and pre-selection may not have allocated an audit record for this event.
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 (text) ====
@@ -586,7 +586,7 @@
error = copyin(uap->auid, &id, sizeof(id));
if (error)
return (error);
- audit_arg_auid(id);
+ AUDIT_ARG_AUID(id);
newcred = crget();
PROC_LOCK(td->td_proc);
oldcred = td->td_proc->p_ucred;
@@ -651,7 +651,7 @@
error = copyin(uap->auditinfo, &ai, sizeof(ai));
if (error)
return (error);
- audit_arg_auditinfo(&ai);
+ AUDIT_ARG_AUDITINFO(&ai);
newcred = crget();
PROC_LOCK(td->td_proc);
oldcred = td->td_proc->p_ucred;
@@ -711,7 +711,7 @@
error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
if (error)
return (error);
- audit_arg_auditinfo_addr(&aia);
+ AUDIT_ARG_AUDITINFO_ADDR(&aia);
if (aia.ai_termid.at_type != AU_IPv6 &&
aia.ai_termid.at_type != AU_IPv4)
return (EINVAL);
More information about the p4-projects
mailing list