svn commit: r188224 - in stable/7/sys: . contrib/pf dev/ath/ath_hal
dev/cxgb security/audit
Robert Watson
rwatson at FreeBSD.org
Fri Feb 6 04:10:35 PST 2009
Author: rwatson
Date: Fri Feb 6 12:10:28 2009
New Revision: 188224
URL: http://svn.freebsd.org/changeset/base/188224
Log:
Merge r184948 from head to stable/7:
When repeatedly accessing a thread credential, cache the credential
pointer in a local thread. While this is unlikely to significantly
improve performance given modern compiler behavior, it makes the code
more readable and reduces diffs to the Mac OS X version of the same
code (which stores things in creds in the same way, but where the
cred for a thread is reached quite differently).
Discussed with: sson
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
stable/7/sys/dev/ath/ath_hal/ (props changed)
stable/7/sys/dev/cxgb/ (props changed)
stable/7/sys/security/audit/audit.c
stable/7/sys/security/audit/audit_arg.c
stable/7/sys/security/audit/audit_syscalls.c
Modified: stable/7/sys/security/audit/audit.c
==============================================================================
--- stable/7/sys/security/audit/audit.c Fri Feb 6 12:06:39 2009 (r188223)
+++ stable/7/sys/security/audit/audit.c Fri Feb 6 12:10:28 2009 (r188224)
@@ -165,6 +165,7 @@ audit_record_ctor(void *mem, int size, v
{
struct kaudit_record *ar;
struct thread *td;
+ struct ucred *cred;
KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));
@@ -177,15 +178,16 @@ audit_record_ctor(void *mem, int size, v
/*
* Export the subject credential.
*/
- cru2x(td->td_ucred, &ar->k_ar.ar_subj_cred);
- ar->k_ar.ar_subj_ruid = td->td_ucred->cr_ruid;
- ar->k_ar.ar_subj_rgid = td->td_ucred->cr_rgid;
- ar->k_ar.ar_subj_egid = td->td_ucred->cr_groups[0];
- ar->k_ar.ar_subj_auid = td->td_ucred->cr_audit.ai_auid;
- ar->k_ar.ar_subj_asid = td->td_ucred->cr_audit.ai_asid;
+ cred = td->td_ucred;
+ cru2x(cred, &ar->k_ar.ar_subj_cred);
+ ar->k_ar.ar_subj_ruid = cred->cr_ruid;
+ ar->k_ar.ar_subj_rgid = cred->cr_rgid;
+ ar->k_ar.ar_subj_egid = cred->cr_groups[0];
+ ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
+ ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
- ar->k_ar.ar_subj_amask = td->td_ucred->cr_audit.ai_mask;
- ar->k_ar.ar_subj_term_addr = td->td_ucred->cr_audit.ai_termid;
+ ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
+ ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
return (0);
}
@@ -585,6 +587,7 @@ audit_proc_coredump(struct thread *td, c
{
struct kaudit_record *ar;
struct au_mask *aumask;
+ struct ucred *cred;
au_class_t class;
int ret, sorf;
char **pathp;
@@ -595,11 +598,12 @@ audit_proc_coredump(struct thread *td, c
/*
* Make sure we are using the correct preselection mask.
*/
- auid = td->td_ucred->cr_audit.ai_auid;
+ cred = td->td_ucred;
+ auid = cred->cr_audit.ai_auid;
if (auid == AU_DEFAUDITID)
aumask = &audit_nae_mask;
else
- aumask = &td->td_ucred->cr_audit.ai_mask;
+ aumask = &cred->cr_audit.ai_mask;
/*
* It's possible for coredump(9) generation to fail. Make sure that
* we handle this case correctly for preselection.
@@ -612,6 +616,7 @@ audit_proc_coredump(struct thread *td, c
if (au_preselect(AUE_CORE, class, aumask, sorf) == 0 &&
audit_pipe_preselect(auid, AUE_CORE, class, sorf, 0) == 0)
return;
+
/*
* If we are interested in seeing this audit record, allocate it.
* Where possible coredump records should contain a pathname and arg32
Modified: stable/7/sys/security/audit/audit_arg.c
==============================================================================
--- stable/7/sys/security/audit/audit_arg.c Fri Feb 6 12:06:39 2009 (r188223)
+++ stable/7/sys/security/audit/audit_arg.c Fri Feb 6 12:10:28 2009 (r188224)
@@ -356,6 +356,7 @@ void
audit_arg_process(struct proc *p)
{
struct kaudit_record *ar;
+ struct ucred *cred;
KASSERT(p != NULL, ("audit_arg_process: p == NULL"));
@@ -365,13 +366,14 @@ audit_arg_process(struct proc *p)
if (ar == NULL)
return;
- ar->k_ar.ar_arg_auid = p->p_ucred->cr_audit.ai_auid;
- ar->k_ar.ar_arg_euid = p->p_ucred->cr_uid;
- ar->k_ar.ar_arg_egid = p->p_ucred->cr_groups[0];
- ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid;
- ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
- ar->k_ar.ar_arg_asid = p->p_ucred->cr_audit.ai_asid;
- ar->k_ar.ar_arg_termid_addr = p->p_ucred->cr_audit.ai_termid;
+ cred = p->p_ucred;
+ ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
+ ar->k_ar.ar_arg_euid = cred->cr_uid;
+ ar->k_ar.ar_arg_egid = cred->cr_groups[0];
+ ar->k_ar.ar_arg_ruid = cred->cr_ruid;
+ ar->k_ar.ar_arg_rgid = cred->cr_rgid;
+ ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
+ ar->k_ar.ar_arg_termid_addr = cred->cr_audit.ai_termid;
ar->k_ar.ar_arg_pid = p->p_pid;
ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS);
Modified: stable/7/sys/security/audit/audit_syscalls.c
==============================================================================
--- stable/7/sys/security/audit/audit_syscalls.c Fri Feb 6 12:06:39 2009 (r188223)
+++ stable/7/sys/security/audit/audit_syscalls.c Fri Feb 6 12:10:28 2009 (r188224)
@@ -157,7 +157,7 @@ free_out:
int
auditon(struct thread *td, struct auditon_args *uap)
{
- struct ucred *newcred, *oldcred;
+ struct ucred *cred, *newcred, *oldcred;
int error;
union auditon_udata udata;
struct proc *tp;
@@ -321,22 +321,21 @@ auditon(struct thread *td, struct audito
PROC_UNLOCK(tp);
return (EINVAL);
}
- if (tp->p_ucred->cr_audit.ai_termid.at_type == AU_IPv6) {
+ cred = tp->p_ucred;
+ if (cred->cr_audit.ai_termid.at_type == AU_IPv6) {
PROC_UNLOCK(tp);
return (EINVAL);
}
- udata.au_aupinfo.ap_auid =
- tp->p_ucred->cr_audit.ai_auid;
+ udata.au_aupinfo.ap_auid = cred->cr_audit.ai_auid;
udata.au_aupinfo.ap_mask.am_success =
- tp->p_ucred->cr_audit.ai_mask.am_success;
+ cred->cr_audit.ai_mask.am_success;
udata.au_aupinfo.ap_mask.am_failure =
- tp->p_ucred->cr_audit.ai_mask.am_failure;
+ cred->cr_audit.ai_mask.am_failure;
udata.au_aupinfo.ap_termid.machine =
- tp->p_ucred->cr_audit.ai_termid.at_addr[0];
+ cred->cr_audit.ai_termid.at_addr[0];
udata.au_aupinfo.ap_termid.port =
- (dev_t)tp->p_ucred->cr_audit.ai_termid.at_port;
- udata.au_aupinfo.ap_asid =
- tp->p_ucred->cr_audit.ai_asid;
+ (dev_t)cred->cr_audit.ai_termid.at_port;
+ udata.au_aupinfo.ap_asid = cred->cr_audit.ai_asid;
PROC_UNLOCK(tp);
break;
@@ -381,16 +380,14 @@ auditon(struct thread *td, struct audito
return (EINVAL);
if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL)
return (EINVAL);
- udata.au_aupinfo_addr.ap_auid =
- tp->p_ucred->cr_audit.ai_auid;
+ cred = tp->p_ucred;
+ udata.au_aupinfo_addr.ap_auid = cred->cr_audit.ai_auid;
udata.au_aupinfo_addr.ap_mask.am_success =
- tp->p_ucred->cr_audit.ai_mask.am_success;
+ cred->cr_audit.ai_mask.am_success;
udata.au_aupinfo_addr.ap_mask.am_failure =
- tp->p_ucred->cr_audit.ai_mask.am_failure;
- udata.au_aupinfo_addr.ap_termid =
- tp->p_ucred->cr_audit.ai_termid;
- udata.au_aupinfo_addr.ap_asid =
- tp->p_ucred->cr_audit.ai_asid;
+ cred->cr_audit.ai_mask.am_failure;
+ udata.au_aupinfo_addr.ap_termid = cred->cr_audit.ai_termid;
+ udata.au_aupinfo_addr.ap_asid = cred->cr_audit.ai_asid;
PROC_UNLOCK(tp);
break;
@@ -500,21 +497,23 @@ int
getaudit(struct thread *td, struct getaudit_args *uap)
{
struct auditinfo ai;
+ struct ucred *cred;
int error;
- if (jailed(td->td_ucred))
+ cred = td->td_ucred;
+ if (jailed(cred))
return (ENOSYS);
error = priv_check(td, PRIV_AUDIT_GETAUDIT);
if (error)
return (error);
- if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6)
+ if (cred->cr_audit.ai_termid.at_type == AU_IPv6)
return (E2BIG);
bzero(&ai, sizeof(ai));
- ai.ai_auid = td->td_ucred->cr_audit.ai_auid;
- ai.ai_mask = td->td_ucred->cr_audit.ai_mask;
- ai.ai_asid = td->td_ucred->cr_audit.ai_asid;
- ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0];
- ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port;
+ ai.ai_auid = cred->cr_audit.ai_auid;
+ ai.ai_mask = cred->cr_audit.ai_mask;
+ ai.ai_asid = cred->cr_audit.ai_asid;
+ ai.ai_termid.machine = cred->cr_audit.ai_termid.at_addr[0];
+ ai.ai_termid.port = cred->cr_audit.ai_termid.at_port;
return (copyout(&ai, uap->auditinfo, sizeof(ai)));
}
More information about the svn-src-stable-7
mailing list