svn commit: r316334 - head/sys/kern

Robert Watson rwatson at FreeBSD.org
Fri Mar 31 14:17:16 UTC 2017 

Author: rwatson
Date: Fri Mar 31 14:17:14 2017
New Revision: 316334
URL: https://svnweb.freebsd.org/changeset/base/316334

Log:
  Audit arguments to posix_fallocate(2) and posix_fadvise(2) system calls.
  
  As posix_fadvise() does not lock the vnode argument, don't capture
  detailed vnode information for the time being.
  
  Obtained from:	TrustedBSD Project
  MFC after:	3 weeks
  Sponsored by:	DARPA, AFRL

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c	Fri Mar 31 14:13:13 2017	(r316333)
+++ head/sys/kern/vfs_syscalls.c	Fri Mar 31 14:17:14 2017	(r316334)
@@ -4452,15 +4452,21 @@ kern_posix_fallocate(struct thread *td, 
 	cap_rights_t rights;
 	off_t olen, ooffset;
 	int error;
+#ifdef AUDIT
+	int audited_vnode1 = 0;
+#endif
 
+	AUDIT_ARG_FD(fd);
 	if (offset < 0 || len <= 0)
 		return (EINVAL);
 	/* Check for wrap. */
 	if (offset > OFF_MAX - len)
 		return (EFBIG);
+	AUDIT_ARG_FD(fd);
 	error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
 	if (error != 0)
 		return (error);
+	AUDIT_ARG_FILE(td->td_proc, fp);
 	if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
 		error = ESPIPE;
 		goto out;
@@ -4494,6 +4500,12 @@ kern_posix_fallocate(struct thread *td, 
 			vn_finished_write(mp);
 			break;
 		}
+#ifdef AUDIT
+		if (!audited_vnode1) {
+			AUDIT_ARG_VNODE1(vp);
+			audited_vnode1 = 1;
+		}
+#endif
 #ifdef MAC
 		error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
 		if (error == 0)
@@ -4544,6 +4556,7 @@ kern_posix_fadvise(struct thread *td, in
 
 	if (offset < 0 || len < 0 || offset > OFF_MAX - len)
 		return (EINVAL);
+	AUDIT_ARG_VALUE(advice);
 	switch (advice) {
 	case POSIX_FADV_SEQUENTIAL:
 	case POSIX_FADV_RANDOM:
@@ -4559,9 +4572,11 @@ kern_posix_fadvise(struct thread *td, in
 		return (EINVAL);
 	}
 	/* XXX: CAP_POSIX_FADVISE? */
+	AUDIT_ARG_FD(fd);
 	error = fget(td, fd, cap_rights_init(&rights), &fp);
 	if (error != 0)
 		goto out;
+	AUDIT_ARG_FILE(td->td_proc, fp);
 	if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
 		error = ESPIPE;
 		goto out;

More information about the svn-src-all mailing list