svn commit: r357912 - in head/sys: kern security/audit sys
Mateusz Guzik
mjg at FreeBSD.org
Fri Feb 14 13:09:42 UTC 2020
Author: mjg
Date: Fri Feb 14 13:09:41 2020
New Revision: 357912
URL: https://svnweb.freebsd.org/changeset/base/357912
Log:
Merge audit and systrace checks
This further shortens the syscall routine by not having to re-check after
the system call.
Modified:
head/sys/kern/subr_syscall.c
head/sys/security/audit/audit.h
head/sys/sys/sysent.h
Modified: head/sys/kern/subr_syscall.c
==============================================================================
--- head/sys/kern/subr_syscall.c Fri Feb 14 13:08:46 2020 (r357911)
+++ head/sys/kern/subr_syscall.c Fri Feb 14 13:09:41 2020 (r357912)
@@ -131,15 +131,6 @@ syscallenter(struct thread *td)
goto retval;
}
-#ifdef KDTRACE_HOOKS
- /* Give the syscall:::entry DTrace probe a chance to fire. */
- if (__predict_false(systrace_enabled && sa->callp->sy_entry != 0))
- (*systrace_probe_func)(sa, SYSTRACE_ENTRY, 0);
-#endif
-
- /* Let system calls set td_errno directly. */
- td->td_pflags &= ~TDP_NERRNO;
-
/*
* Fetch fast sigblock value at the time of syscall
* entry because sleepqueue primitives might call
@@ -147,20 +138,32 @@ syscallenter(struct thread *td)
*/
fetch_sigfastblock(td);
- AUDIT_SYSCALL_ENTER(sa->code, td);
- error = (sa->callp->sy_call)(td, sa->args);
- AUDIT_SYSCALL_EXIT(error, td);
+ /* Let system calls set td_errno directly. */
+ td->td_pflags &= ~TDP_NERRNO;
- /* Save the latest error return value. */
- if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
- td->td_errno = error;
-
+ if (__predict_false(systrace_enabled || AUDIT_SYSCALL_ENTER(sa->code, td))) {
#ifdef KDTRACE_HOOKS
- /* Give the syscall:::return DTrace probe a chance to fire. */
- if (__predict_false(systrace_enabled && sa->callp->sy_return != 0))
- (*systrace_probe_func)(sa, SYSTRACE_RETURN,
- error ? -1 : td->td_retval[0]);
+ /* Give the syscall:::entry DTrace probe a chance to fire. */
+ if (__predict_false(sa->callp->sy_entry != 0))
+ (*systrace_probe_func)(sa, SYSTRACE_ENTRY, 0);
#endif
+ error = (sa->callp->sy_call)(td, sa->args);
+ /* Save the latest error return value. */
+ if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
+ td->td_errno = error;
+ AUDIT_SYSCALL_EXIT(error, td);
+#ifdef KDTRACE_HOOKS
+ /* Give the syscall:::return DTrace probe a chance to fire. */
+ if (__predict_false(sa->callp->sy_return != 0))
+ (*systrace_probe_func)(sa, SYSTRACE_RETURN,
+ error ? -1 : td->td_retval[0]);
+#endif
+ } else {
+ error = (sa->callp->sy_call)(td, sa->args);
+ /* Save the latest error return value. */
+ if (__predict_false((td->td_pflags & TDP_NERRNO) == 0))
+ td->td_errno = error;
+ }
syscall_thread_exit(td, sa->callp);
retval:
Modified: head/sys/security/audit/audit.h
==============================================================================
--- head/sys/security/audit/audit.h Fri Feb 14 13:08:46 2020 (r357911)
+++ head/sys/security/audit/audit.h Fri Feb 14 13:09:41 2020 (r357912)
@@ -377,11 +377,14 @@ void audit_thread_free(struct thread *td);
audit_arg_vnode2((vp)); \
} while (0)
-#define AUDIT_SYSCALL_ENTER(code, td) do { \
+#define AUDIT_SYSCALL_ENTER(code, td) ({ \
+ bool _audit_entered = false; \
if (__predict_false(audit_syscalls_enabled)) { \
audit_syscall_enter(code, td); \
+ _audit_entered = true; \
} \
-} while (0)
+ _audit_entered; \
+})
/*
* Wrap the audit_syscall_exit() function so that it is called only when
@@ -449,7 +452,7 @@ void audit_thread_free(struct thread *td);
#define AUDIT_ARG_VNODE1(vp)
#define AUDIT_ARG_VNODE2(vp)
-#define AUDIT_SYSCALL_ENTER(code, td)
+#define AUDIT_SYSCALL_ENTER(code, td) 0
#define AUDIT_SYSCALL_EXIT(error, td)
#define AUDIT_SYSCLOSE(p, fd)
Modified: head/sys/sys/sysent.h
==============================================================================
--- head/sys/sys/sysent.h Fri Feb 14 13:08:46 2020 (r357911)
+++ head/sys/sys/sysent.h Fri Feb 14 13:09:41 2020 (r357912)
@@ -54,7 +54,11 @@ typedef void (*systrace_probe_func_t)(struct syscall_a
typedef void (*systrace_args_func_t)(int, void *, uint64_t *, int *);
#ifdef _KERNEL
+#ifdef KDTRACE_HOOKS
extern bool systrace_enabled;
+#else
+#define systrace_enabled 0
+#endif
#endif
extern systrace_probe_func_t systrace_probe_func;
More information about the svn-src-head
mailing list