svn commit: r316334 - head/sys/kern
Robert Watson
rwatson at FreeBSD.org
Fri Mar 31 14:17:16 UTC 2017
Author: rwatson
Date: Fri Mar 31 14:17:14 2017
New Revision: 316334
URL: https://svnweb.freebsd.org/changeset/base/316334
Log:
Audit arguments to posix_fallocate(2) and posix_fadvise(2) system calls.
As posix_fadvise() does not lock the vnode argument, don't capture
detailed vnode information for the time being.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Fri Mar 31 14:13:13 2017 (r316333)
+++ head/sys/kern/vfs_syscalls.c Fri Mar 31 14:17:14 2017 (r316334)
@@ -4452,15 +4452,21 @@ kern_posix_fallocate(struct thread *td,
cap_rights_t rights;
off_t olen, ooffset;
int error;
+#ifdef AUDIT
+ int audited_vnode1 = 0;
+#endif
+ AUDIT_ARG_FD(fd);
if (offset < 0 || len <= 0)
return (EINVAL);
/* Check for wrap. */
if (offset > OFF_MAX - len)
return (EFBIG);
+ AUDIT_ARG_FD(fd);
error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
if (error != 0)
return (error);
+ AUDIT_ARG_FILE(td->td_proc, fp);
if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
error = ESPIPE;
goto out;
@@ -4494,6 +4500,12 @@ kern_posix_fallocate(struct thread *td,
vn_finished_write(mp);
break;
}
+#ifdef AUDIT
+ if (!audited_vnode1) {
+ AUDIT_ARG_VNODE1(vp);
+ audited_vnode1 = 1;
+ }
+#endif
#ifdef MAC
error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
if (error == 0)
@@ -4544,6 +4556,7 @@ kern_posix_fadvise(struct thread *td, in
if (offset < 0 || len < 0 || offset > OFF_MAX - len)
return (EINVAL);
+ AUDIT_ARG_VALUE(advice);
switch (advice) {
case POSIX_FADV_SEQUENTIAL:
case POSIX_FADV_RANDOM:
@@ -4559,9 +4572,11 @@ kern_posix_fadvise(struct thread *td, in
return (EINVAL);
}
/* XXX: CAP_POSIX_FADVISE? */
+ AUDIT_ARG_FD(fd);
error = fget(td, fd, cap_rights_init(&rights), &fp);
if (error != 0)
goto out;
+ AUDIT_ARG_FILE(td->td_proc, fp);
if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
error = ESPIPE;
goto out;
More information about the svn-src-head
mailing list