Author: rwatson
Date: Mon Mar 16 17:25:09 2009
New Revision: 189890
URL: http://svn.freebsd.org/changeset/base/189890

Log:
  Merge r189570 from head to stable/7:
  
    Add a new thread-private flag, TDP_AUDITREC, to indicate whether or
    not there is an audit record hung off of td_ar on the current thread.
    Test this flag instead of td_ar when auditing syscall arguments or
    checking for an audit record to commit on syscall return.  Under
    these circumstances, td_pflags is much more likely to be in the cache
    (especially if there is no auditing of the current system call), so
    this should help reduce cache misses in the system call return path.
  
    Reported by:    kris
    Obtained from:  TrustedBSD Project

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/security/audit/audit.c
  stable/7/sys/security/audit/audit.h
  stable/7/sys/security/audit/audit_syscalls.c
  stable/7/sys/sys/proc.h

Modified: stable/7/sys/security/audit/audit.c
==============================================================================
--- stable/7/sys/security/audit/audit.c Mon Mar 16 17:15:02 2009        
(r189889)
+++ stable/7/sys/security/audit/audit.c Mon Mar 16 17:25:09 2009        
(r189890)
@@ -446,6 +446,8 @@ audit_syscall_enter(unsigned short code,
        au_id_t auid;
 
        KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
+       KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+           ("audit_syscall_enter: TDP_AUDITREC set"));
 
        /*
         * In FreeBSD, each ABI has its own system call table, and hence
@@ -496,9 +498,13 @@ audit_syscall_enter(unsigned short code,
                        panic("audit_failing_stop: thread continued");
                }
                td->td_ar = audit_new(event, td);
-       } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
+               if (td->td_ar != NULL)
+                       td->td_pflags |= TDP_AUDITREC;
+       } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) {
                td->td_ar = audit_new(event, td);
-       else
+               if (td->td_ar != NULL)
+                       td->td_pflags |= TDP_AUDITREC;
+       } else
                td->td_ar = NULL;
 }
 
@@ -526,6 +532,7 @@ audit_syscall_exit(int error, struct thr
 
        audit_commit(td->td_ar, error, retval);
        td->td_ar = NULL;
+       td->td_pflags &= ~TDP_AUDITREC;
 }
 
 void
@@ -580,6 +587,8 @@ audit_thread_free(struct thread *td)
 {
 
        KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
+       KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+           ("audit_thread_free: TDP_AUDITREC set"));
 }
 
 void

Modified: stable/7/sys/security/audit/audit.h
==============================================================================
--- stable/7/sys/security/audit/audit.h Mon Mar 16 17:15:02 2009        
(r189889)
+++ stable/7/sys/security/audit/audit.h Mon Mar 16 17:25:09 2009        
(r189890)
@@ -186,7 +186,7 @@ void         audit_thread_free(struct thread *t
  * audit_enabled flag before performing the actual call.
  */
 #define        AUDIT_ARG(op, args...)  do {                                    
\
-       if (td->td_ar != NULL)                                          \
+       if (td->td_pflags & TDP_AUDITREC)                               \
                audit_arg_ ## op (args);                                \
 } while (0)
 
@@ -202,7 +202,7 @@ void         audit_thread_free(struct thread *t
  * auditing is disabled, so we don't just check audit_enabled here.
  */
 #define        AUDIT_SYSCALL_EXIT(error, td)   do {                            
\
-       if (td->td_ar != NULL)                                          \
+       if (td->td_pflags & TDP_AUDITREC)                               \
                audit_syscall_exit(error, td);                          \
 } while (0)
 
@@ -210,7 +210,7 @@ void         audit_thread_free(struct thread *t
  * A Macro to wrap the audit_sysclose() function.
  */
 #define        AUDIT_SYSCLOSE(td, fd)  do {                                    
\
-       if (audit_enabled)                                              \
+       if (td->td_pflags & TDP_AUDITREC)                               \
                audit_sysclose(td, fd);                                 \
 } while (0)
 

Modified: stable/7/sys/security/audit/audit_syscalls.c
==============================================================================
--- stable/7/sys/security/audit/audit_syscalls.c        Mon Mar 16 17:15:02 
2009        (r189889)
+++ stable/7/sys/security/audit/audit_syscalls.c        Mon Mar 16 17:25:09 
2009        (r189890)
@@ -96,6 +96,7 @@ audit(struct thread *td, struct audit_ar
                td->td_ar = audit_new(AUE_NULL, td);
                if (td->td_ar == NULL)
                        return (ENOTSUP);
+               td->td_pflags |= TDP_AUDITREC;
                ar = td->td_ar;
        }
 

Modified: stable/7/sys/sys/proc.h
==============================================================================
--- stable/7/sys/sys/proc.h     Mon Mar 16 17:15:02 2009        (r189889)
+++ stable/7/sys/sys/proc.h     Mon Mar 16 17:25:09 2009        (r189890)
@@ -379,6 +379,7 @@ do {                                                        
                \
 #define        TDP_WAKEUP      0x00080000 /* Don't sleep in umtx cond_wait */
 #define        TDP_INBDFLUSH   0x00100000 /* Already in BO_BDFLUSH, do not 
recurse */
 #define        TDP_IGNSUSP     0x00800000 /* Permission to ignore the 
MNTK_SUSPEND* */
+#define        TDP_AUDITREC    0x01000000 /* Audit record pending on thread */
 
 /*
  * Reasons that the current thread can not be run yet.
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to