audit: rework AUDIT_SYSCLOSE

This in particular avoids spurious lookups on close.
This commit is contained in:
Mateusz Guzik 2020-12-17 18:52:04 +00:00
parent 1e71e7c4f6
commit 08a5615cfe
3 changed files with 19 additions and 20 deletions

View File

@ -107,7 +107,7 @@ __read_mostly uma_zone_t pwd_zone;
VFS_SMR_DECLARE;
static int closefp(struct filedesc *fdp, int fd, struct file *fp,
struct thread *td, bool holdleaders);
struct thread *td, bool holdleaders, bool audit);
static int fd_first_free(struct filedesc *fdp, int low, int size);
static void fdgrowtable(struct filedesc *fdp, int nfd);
static void fdgrowtable_exp(struct filedesc *fdp, int nfd);
@ -998,7 +998,7 @@ kern_dup(struct thread *td, u_int mode, int flags, int old, int new)
error = 0;
if (delfp != NULL) {
(void) closefp(fdp, new, delfp, td, true);
(void) closefp(fdp, new, delfp, td, true, false);
FILEDESC_UNLOCK_ASSERT(fdp);
} else {
unlock:
@ -1240,7 +1240,8 @@ fgetown(struct sigio **sigiop)
}
static int
closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td)
closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
bool audit)
{
int error;
@ -1262,6 +1263,10 @@ closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td)
mq_fdclose(td, fd, fp);
FILEDESC_XUNLOCK(fdp);
#ifdef AUDIT
if (AUDITING_TD(td) && audit)
audit_sysclose(td, fd, fp);
#endif
error = closef(fp, td);
/*
@ -1277,7 +1282,7 @@ closefp_impl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td)
static int
closefp_hl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
bool holdleaders)
bool holdleaders, bool audit)
{
int error;
@ -1295,7 +1300,7 @@ closefp_hl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
}
}
error = closefp_impl(fdp, fd, fp, td);
error = closefp_impl(fdp, fd, fp, td, audit);
if (holdleaders) {
FILEDESC_XLOCK(fdp);
fdp->fd_holdleaderscount--;
@ -1311,15 +1316,15 @@ closefp_hl(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
static int
closefp(struct filedesc *fdp, int fd, struct file *fp, struct thread *td,
bool holdleaders)
bool holdleaders, bool audit)
{
FILEDESC_XLOCK_ASSERT(fdp);
if (__predict_false(td->td_proc->p_fdtol != NULL)) {
return (closefp_hl(fdp, fd, fp, td, holdleaders));
return (closefp_hl(fdp, fd, fp, td, holdleaders, audit));
} else {
return (closefp_impl(fdp, fd, fp, td));
return (closefp_impl(fdp, fd, fp, td, audit));
}
}
@ -1347,8 +1352,6 @@ kern_close(struct thread *td, int fd)
fdp = td->td_proc->p_fd;
AUDIT_SYSCLOSE(td, fd);
FILEDESC_XLOCK(fdp);
if ((fp = fget_locked(fdp, fd)) == NULL) {
FILEDESC_XUNLOCK(fdp);
@ -1357,7 +1360,7 @@ kern_close(struct thread *td, int fd)
fdfree(fdp, fd);
/* closefp() drops the FILEDESC lock for us. */
return (closefp(fdp, fd, fp, td, true));
return (closefp(fdp, fd, fp, td, true, true));
}
int
@ -2671,7 +2674,7 @@ fdcloseexec(struct thread *td)
(fde->fde_flags & UF_EXCLOSE))) {
FILEDESC_XLOCK(fdp);
fdfree(fdp, i);
(void) closefp(fdp, i, fp, td, false);
(void) closefp(fdp, i, fp, td, false, false);
FILEDESC_UNLOCK_ASSERT(fdp);
}
}

View File

@ -140,7 +140,7 @@ void audit_arg_argv(char *argv, int argc, int length);
void audit_arg_envv(char *envv, int envc, int length);
void audit_arg_rights(cap_rights_t *rightsp);
void audit_arg_fcntl_rights(uint32_t fcntlrights);
void audit_sysclose(struct thread *td, int fd);
void audit_sysclose(struct thread *td, int fd, struct file *fp);
void audit_cred_copy(struct ucred *src, struct ucred *dest);
void audit_cred_destroy(struct ucred *cred);
void audit_cred_init(struct ucred *cred);

View File

@ -995,12 +995,10 @@ audit_arg_fcntl_rights(uint32_t fcntlrights)
* call itself.
*/
void
audit_sysclose(struct thread *td, int fd)
audit_sysclose(struct thread *td, int fd, struct file *fp)
{
cap_rights_t rights;
struct kaudit_record *ar;
struct vnode *vp;
struct file *fp;
KASSERT(td != NULL, ("audit_sysclose: td == NULL"));
@ -1010,12 +1008,10 @@ audit_sysclose(struct thread *td, int fd)
audit_arg_fd(fd);
if (getvnode(td, fd, cap_rights_init(&rights), &fp) != 0)
return;
vp = fp->f_vnode;
if (vp == NULL)
return;
vn_lock(vp, LK_SHARED | LK_RETRY);
audit_arg_vnode1(vp);
VOP_UNLOCK(vp);
fdrop(fp, td);
}