Author: rwatson
Date: Mon Mar 16 17:25:09 2009
New Revision: 189890
URL: http://svn.freebsd.org/changeset/base/189890
Log:
Merge r189570 from head to stable/7:
Add a new thread-private flag, TDP_AUDITREC, to indicate whether or
not there is an audit record hung off of td_ar on the current thread.
Test this flag instead of td_ar when auditing syscall arguments or
checking for an audit record to commit on syscall return. Under
these circumstances, td_pflags is much more likely to be in the cache
(especially if there is no auditing of the current system call), so
this should help reduce cache misses in the system call return path.
Reported by: kris
Obtained from: TrustedBSD Project
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
stable/7/sys/dev/ath/ath_hal/ (props changed)
stable/7/sys/dev/cxgb/ (props changed)
stable/7/sys/security/audit/audit.c
stable/7/sys/security/audit/audit.h
stable/7/sys/security/audit/audit_syscalls.c
stable/7/sys/sys/proc.h
Modified: stable/7/sys/security/audit/audit.c
==============================================================================
--- stable/7/sys/security/audit/audit.c Mon Mar 16 17:15:02 2009
(r189889)
+++ stable/7/sys/security/audit/audit.c Mon Mar 16 17:25:09 2009
(r189890)
@@ -446,6 +446,8 @@ audit_syscall_enter(unsigned short code,
au_id_t auid;
KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
+ KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+ ("audit_syscall_enter: TDP_AUDITREC set"));
/*
* In FreeBSD, each ABI has its own system call table, and hence
@@ -496,9 +498,13 @@ audit_syscall_enter(unsigned short code,
panic("audit_failing_stop: thread continued");
}
td->td_ar = audit_new(event, td);
- } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
+ if (td->td_ar != NULL)
+ td->td_pflags |= TDP_AUDITREC;
+ } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) {
td->td_ar = audit_new(event, td);
- else
+ if (td->td_ar != NULL)
+ td->td_pflags |= TDP_AUDITREC;
+ } else
td->td_ar = NULL;
}
@@ -526,6 +532,7 @@ audit_syscall_exit(int error, struct thr
audit_commit(td->td_ar, error, retval);
td->td_ar = NULL;
+ td->td_pflags &= ~TDP_AUDITREC;
}
void
@@ -580,6 +587,8 @@ audit_thread_free(struct thread *td)
{
KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
+ KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+ ("audit_thread_free: TDP_AUDITREC set"));
}
void
Modified: stable/7/sys/security/audit/audit.h
==============================================================================
--- stable/7/sys/security/audit/audit.h Mon Mar 16 17:15:02 2009
(r189889)
+++ stable/7/sys/security/audit/audit.h Mon Mar 16 17:25:09 2009
(r189890)
@@ -186,7 +186,7 @@ void audit_thread_free(struct thread *t
* audit_enabled flag before performing the actual call.
*/
#define AUDIT_ARG(op, args...) do {
\
- if (td->td_ar != NULL) \
+ if (td->td_pflags & TDP_AUDITREC) \
audit_arg_ ## op (args); \
} while (0)
@@ -202,7 +202,7 @@ void audit_thread_free(struct thread *t
* auditing is disabled, so we don't just check audit_enabled here.
*/
#define AUDIT_SYSCALL_EXIT(error, td) do {
\
- if (td->td_ar != NULL) \
+ if (td->td_pflags & TDP_AUDITREC) \
audit_syscall_exit(error, td); \
} while (0)
@@ -210,7 +210,7 @@ void audit_thread_free(struct thread *t
* A Macro to wrap the audit_sysclose() function.
*/
#define AUDIT_SYSCLOSE(td, fd) do {
\
- if (audit_enabled) \
+ if (td->td_pflags & TDP_AUDITREC) \
audit_sysclose(td, fd); \
} while (0)
Modified: stable/7/sys/security/audit/audit_syscalls.c
==============================================================================
--- stable/7/sys/security/audit/audit_syscalls.c Mon Mar 16 17:15:02
2009 (r189889)
+++ stable/7/sys/security/audit/audit_syscalls.c Mon Mar 16 17:25:09
2009 (r189890)
@@ -96,6 +96,7 @@ audit(struct thread *td, struct audit_ar
td->td_ar = audit_new(AUE_NULL, td);
if (td->td_ar == NULL)
return (ENOTSUP);
+ td->td_pflags |= TDP_AUDITREC;
ar = td->td_ar;
}
Modified: stable/7/sys/sys/proc.h
==============================================================================
--- stable/7/sys/sys/proc.h Mon Mar 16 17:15:02 2009 (r189889)
+++ stable/7/sys/sys/proc.h Mon Mar 16 17:25:09 2009 (r189890)
@@ -379,6 +379,7 @@ do {
\
#define TDP_WAKEUP 0x00080000 /* Don't sleep in umtx cond_wait */
#define TDP_INBDFLUSH 0x00100000 /* Already in BO_BDFLUSH, do not
recurse */
#define TDP_IGNSUSP 0x00800000 /* Permission to ignore the
MNTK_SUSPEND* */
+#define TDP_AUDITREC 0x01000000 /* Audit record pending on thread */
/*
* Reasons that the current thread can not be run yet.
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
