From 1279fdafced5e30c46f5c63dbae4a5c159cbc25e Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 22 Nov 2016 00:41:24 +0000
Subject: [PATCH] Audit 'fd' and 'cmd' arguments to fcntl(2), and when
 generating BSM, always audit the file-descriptor number and vnode information
 for all fnctl(2) commands, not just locking-related ones.  This was likely an
 oversight in the original adaptation of this code from XNU.

MFC after:	3 days
Sponsored by:	DARPA, AFRL
---
 sys/kern/kern_descrip.c        | 2 ++
 sys/security/audit/audit_bsm.c | 5 +----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 3312b8876df0..78cc6824ae4b 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -495,6 +495,8 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
 	p = td->td_proc;
 	fdp = p->p_fd;
 
+	AUDIT_ARG_FD(cmd);
+	AUDIT_ARG_CMD(cmd);
 	switch (cmd) {
 	case F_DUPFD:
 		tmp = arg;
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index b4b1c67a3aec..62f4d8527b61 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -979,10 +979,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 			    au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
 			kau_write(rec, tok);
 		}
-		if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
-		    ar->ar_arg_cmd == F_SETLKW) {
-			FD_VNODE1_TOKENS;
-		}
+		FD_VNODE1_TOKENS;
 		break;
 
 	case AUE_FCHFLAGS: