svn commit: r357912 - in head/sys: kern security/audit sys

Fri Feb 14 13:09:42 UTC 2020

Author: mjg
Date: Fri Feb 14 13:09:41 2020
New Revision: 357912
URL: https://svnweb.freebsd.org/changeset/base/357912

Log:
  Merge audit and systrace checks
  
  This further shortens the syscall routine by not having to re-check after
  the system call.

Modified:
  head/sys/kern/subr_syscall.c
  head/sys/security/audit/audit.h
  head/sys/sys/sysent.h

Modified: head/sys/kern/subr_syscall.c
==============================================================================

--- head/sys/kern/subr_syscall.c	Fri Feb 14 13:08:46 2020	(r357911)
+++ head/sys/kern/subr_syscall.c	Fri Feb 14 13:09:41 2020	(r357912)
@@ -131,15 +131,6 @@ syscallenter(struct thread *td)
 		goto retval;
 	}
 
-#ifdef KDTRACE_HOOKS
-	/* Give the syscall:::entry DTrace probe a chance to fire. */
-	if (__predict_false(systrace_enabled && sa->callp->sy_entry != 0))
-		(*systrace_probe_func)(sa, SYSTRACE_ENTRY, 0);
-#endif
-
-	/* Let system calls set td_errno directly. */
-	td->td_pflags &= ~TDP_NERRNO;
-
 	/*
 	 * Fetch fast sigblock value at the time of syscall
 	 * entry because sleepqueue primitives might call
@@ -147,20 +138,32 @@ syscallenter(struct thread *td)
 	 */
 	fetch_sigfastblock(td);
 
-	AUDIT_SYSCALL_ENTER(sa->code, td);
-	error = (sa->callp->sy_call)(td, sa->args);
-	AUDIT_SYSCALL_EXIT(error, td);
+	/* Let system calls set td_errno directly. */
+	td->td_pflags &= ~TDP_NERRNO;
 
-	/* Save the latest error return value. */
-	if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
-		td->td_errno = error;
-
+	if (__predict_false(systrace_enabled || AUDIT_SYSCALL_ENTER(sa->code, td))) {
 #ifdef KDTRACE_HOOKS
-	/* Give the syscall:::return DTrace probe a chance to fire. */
-	if (__predict_false(systrace_enabled && sa->callp->sy_return != 0))
-		(*systrace_probe_func)(sa, SYSTRACE_RETURN,
-		    error ? -1 : td->td_retval[0]);
+		/* Give the syscall:::entry DTrace probe a chance to fire. */
+		if (__predict_false(sa->callp->sy_entry != 0))
+			(*systrace_probe_func)(sa, SYSTRACE_ENTRY, 0);
 #endif
+		error = (sa->callp->sy_call)(td, sa->args);
+		/* Save the latest error return value. */
+		if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
+			td->td_errno = error;
+		AUDIT_SYSCALL_EXIT(error, td);
+#ifdef KDTRACE_HOOKS
+		/* Give the syscall:::return DTrace probe a chance to fire. */
+		if (__predict_false(sa->callp->sy_return != 0))
+			(*systrace_probe_func)(sa, SYSTRACE_RETURN,
+			    error ? -1 : td->td_retval[0]);
+#endif
+	} else {
+		error = (sa->callp->sy_call)(td, sa->args);
+		/* Save the latest error return value. */
+		if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
+			td->td_errno = error;
+	}
 	syscall_thread_exit(td, sa->callp);
 
  retval:

Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h	Fri Feb 14 13:08:46 2020	(r357911)
+++ head/sys/security/audit/audit.h	Fri Feb 14 13:09:41 2020	(r357912)
@@ -377,11 +377,14 @@ void	 audit_thread_free(struct thread *td);
 		audit_arg_vnode2((vp));					\
 } while (0)
 
-#define	AUDIT_SYSCALL_ENTER(code, td)	do {				\
+#define	AUDIT_SYSCALL_ENTER(code, td)	({				\
+	bool _audit_entered = false;					\
 	if (__predict_false(audit_syscalls_enabled)) {			\
 		audit_syscall_enter(code, td);				\
+		_audit_entered = true;					\
 	}								\
-} while (0)
+	_audit_entered;							\
+})
 
 /*
  * Wrap the audit_syscall_exit() function so that it is called only when
@@ -449,7 +452,7 @@ void	 audit_thread_free(struct thread *td);
 #define	AUDIT_ARG_VNODE1(vp)
 #define	AUDIT_ARG_VNODE2(vp)
 
-#define	AUDIT_SYSCALL_ENTER(code, td)
+#define	AUDIT_SYSCALL_ENTER(code, td)	0
 #define	AUDIT_SYSCALL_EXIT(error, td)
 
 #define	AUDIT_SYSCLOSE(p, fd)

Modified: head/sys/sys/sysent.h
==============================================================================
--- head/sys/sys/sysent.h	Fri Feb 14 13:08:46 2020	(r357911)
+++ head/sys/sys/sysent.h	Fri Feb 14 13:09:41 2020	(r357912)
@@ -54,7 +54,11 @@ typedef	void	(*systrace_probe_func_t)(struct syscall_a
 typedef	void	(*systrace_args_func_t)(int, void *, uint64_t *, int *);
 
 #ifdef _KERNEL
+#ifdef KDTRACE_HOOKS
 extern bool			systrace_enabled;
+#else
+#define systrace_enabled	0
+#endif
 #endif
 extern systrace_probe_func_t	systrace_probe_func;
 
