audit_worker.c (191990) | audit_worker.c (241896) |
---|---|
1/*- 2 * Copyright (c) 1999-2008 Apple Inc. 3 * Copyright (c) 2006-2008 Robert N. M. Watson 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 15 unchanged lines hidden (view full) --- 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2008 Apple Inc. 3 * Copyright (c) 2006-2008 Robert N. M. Watson 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 15 unchanged lines hidden (view full) --- 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> |
32__FBSDID("$FreeBSD: head/sys/security/audit/audit_worker.c 191990 2009-05-11 15:33:26Z attilio $"); | 32__FBSDID("$FreeBSD: head/sys/security/audit/audit_worker.c 241896 2012-10-22 17:50:54Z kib $"); |
33 34#include <sys/param.h> 35#include <sys/condvar.h> 36#include <sys/conf.h> 37#include <sys/file.h> 38#include <sys/filedesc.h> 39#include <sys/fcntl.h> 40#include <sys/ipc.h> --- 67 unchanged lines hidden (view full) --- 108static void 109audit_record_write(struct vnode *vp, struct ucred *cred, void *data, 110 size_t len) 111{ 112 static struct timeval last_lowspace_trigger; 113 static struct timeval last_fail; 114 static int cur_lowspace_trigger; 115 struct statfs *mnt_stat; | 33 34#include <sys/param.h> 35#include <sys/condvar.h> 36#include <sys/conf.h> 37#include <sys/file.h> 38#include <sys/filedesc.h> 39#include <sys/fcntl.h> 40#include <sys/ipc.h> --- 67 unchanged lines hidden (view full) --- 108static void 109audit_record_write(struct vnode *vp, struct ucred *cred, void *data, 110 size_t len) 111{ 112 static struct timeval last_lowspace_trigger; 113 static struct timeval last_fail; 114 static int cur_lowspace_trigger; 115 struct statfs *mnt_stat; |
116 int error, vfslocked; | 116 int error; |
117 static int cur_fail; 118 struct vattr vattr; 119 long temp; 120 121 AUDIT_WORKER_LOCK_ASSERT(); 122 123 if (vp == NULL) 124 return; 125 126 mnt_stat = &vp->v_mount->mnt_stat; | 117 static int cur_fail; 118 struct vattr vattr; 119 long temp; 120 121 AUDIT_WORKER_LOCK_ASSERT(); 122 123 if (vp == NULL) 124 return; 125 126 mnt_stat = &vp->v_mount->mnt_stat; |
127 vfslocked = VFS_LOCK_GIANT(vp->v_mount); | |
128 129 /* 130 * First, gather statistics on the audit log file and file system so 131 * that we know how we're doing on space. Consider failure of these 132 * operations to indicate a future inability to write to the file. 133 */ 134 error = VFS_STATFS(vp->v_mount, mnt_stat); 135 if (error) --- 117 unchanged lines hidden (view full) --- 253 if (audit_q_len == 0 && audit_pre_q_len == 0) { 254 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 255 (void)VOP_FSYNC(vp, MNT_WAIT, curthread); 256 VOP_UNLOCK(vp, 0); 257 panic("Audit store overflow; record queue drained."); 258 } 259 } 260 | 127 128 /* 129 * First, gather statistics on the audit log file and file system so 130 * that we know how we're doing on space. Consider failure of these 131 * operations to indicate a future inability to write to the file. 132 */ 133 error = VFS_STATFS(vp->v_mount, mnt_stat); 134 if (error) --- 117 unchanged lines hidden (view full) --- 252 if (audit_q_len == 0 && audit_pre_q_len == 0) { 253 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 254 (void)VOP_FSYNC(vp, MNT_WAIT, curthread); 255 VOP_UNLOCK(vp, 0); 256 panic("Audit store overflow; record queue drained."); 257 } 258 } 259 |
261 VFS_UNLOCK_GIANT(vfslocked); | |
262 return; 263 264fail_enospc: 265 /* 266 * ENOSPC is considered a special case with respect to failures, as 267 * this can reflect either our preemptive detection of insufficient 268 * space, or ENOSPC returned by the vnode write call. 269 */ --- 14 unchanged lines hidden (view full) --- 284 */ 285 if (audit_panic_on_write_fail) { 286 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 287 (void)VOP_FSYNC(vp, MNT_WAIT, curthread); 288 VOP_UNLOCK(vp, 0); 289 panic("audit_worker: write error %d\n", error); 290 } else if (ppsratecheck(&last_fail, &cur_fail, 1)) 291 printf("audit_worker: write error %d\n", error); | 260 return; 261 262fail_enospc: 263 /* 264 * ENOSPC is considered a special case with respect to failures, as 265 * this can reflect either our preemptive detection of insufficient 266 * space, or ENOSPC returned by the vnode write call. 267 */ --- 14 unchanged lines hidden (view full) --- 282 */ 283 if (audit_panic_on_write_fail) { 284 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 285 (void)VOP_FSYNC(vp, MNT_WAIT, curthread); 286 VOP_UNLOCK(vp, 0); 287 panic("audit_worker: write error %d\n", error); 288 } else if (ppsratecheck(&last_fail, &cur_fail, 1)) 289 printf("audit_worker: write error %d\n", error); |
292 VFS_UNLOCK_GIANT(vfslocked); | |
293} 294 295/* 296 * Given a kernel audit record, process as required. Kernel audit records 297 * are converted to one, or possibly two, BSM records, depending on whether 298 * there is a user audit record present also. Kernel records need be 299 * converted to BSM before they can be written out. Both types will be 300 * written to disk, and audit pipes. --- 145 unchanged lines hidden (view full) --- 446 * disabled. Any previous cred/vnode will be closed and freed. We re-enable 447 * generating rotation requests to auditd. 448 */ 449void 450audit_rotate_vnode(struct ucred *cred, struct vnode *vp) 451{ 452 struct ucred *old_audit_cred; 453 struct vnode *old_audit_vp; | 290} 291 292/* 293 * Given a kernel audit record, process as required. Kernel audit records 294 * are converted to one, or possibly two, BSM records, depending on whether 295 * there is a user audit record present also. Kernel records need be 296 * converted to BSM before they can be written out. Both types will be 297 * written to disk, and audit pipes. --- 145 unchanged lines hidden (view full) --- 443 * disabled. Any previous cred/vnode will be closed and freed. We re-enable 444 * generating rotation requests to auditd. 445 */ 446void 447audit_rotate_vnode(struct ucred *cred, struct vnode *vp) 448{ 449 struct ucred *old_audit_cred; 450 struct vnode *old_audit_vp; |
454 int vfslocked; | |
455 456 KASSERT((cred != NULL && vp != NULL) || (cred == NULL && vp == NULL), 457 ("audit_rotate_vnode: cred %p vp %p", cred, vp)); 458 459 /* 460 * Rotate the vnode/cred, and clear the rotate flag so that we will 461 * send a rotate trigger if the new file fills. 462 */ --- 5 unchanged lines hidden (view full) --- 468 audit_file_rotate_wait = 0; 469 audit_enabled = (audit_vp != NULL); 470 AUDIT_WORKER_UNLOCK(); 471 472 /* 473 * If there was an old vnode/credential, close and free. 474 */ 475 if (old_audit_vp != NULL) { | 451 452 KASSERT((cred != NULL && vp != NULL) || (cred == NULL && vp == NULL), 453 ("audit_rotate_vnode: cred %p vp %p", cred, vp)); 454 455 /* 456 * Rotate the vnode/cred, and clear the rotate flag so that we will 457 * send a rotate trigger if the new file fills. 458 */ --- 5 unchanged lines hidden (view full) --- 464 audit_file_rotate_wait = 0; 465 audit_enabled = (audit_vp != NULL); 466 AUDIT_WORKER_UNLOCK(); 467 468 /* 469 * If there was an old vnode/credential, close and free. 470 */ 471 if (old_audit_vp != NULL) { |
476 vfslocked = VFS_LOCK_GIANT(old_audit_vp->v_mount); | |
477 vn_close(old_audit_vp, AUDIT_CLOSE_FLAGS, old_audit_cred, 478 curthread); | 472 vn_close(old_audit_vp, AUDIT_CLOSE_FLAGS, old_audit_cred, 473 curthread); |
479 VFS_UNLOCK_GIANT(vfslocked); | |
480 crfree(old_audit_cred); 481 } 482} 483 484void 485audit_worker_init(void) 486{ 487 int error; 488 489 AUDIT_WORKER_LOCK_INIT(); 490 error = kproc_create(audit_worker, NULL, &audit_thread, RFHIGHPID, 491 0, "audit"); 492 if (error) 493 panic("audit_worker_init: kproc_create returned %d", error); 494} | 474 crfree(old_audit_cred); 475 } 476} 477 478void 479audit_worker_init(void) 480{ 481 int error; 482 483 AUDIT_WORKER_LOCK_INIT(); 484 error = kproc_create(audit_worker, NULL, &audit_thread, RFHIGHPID, 485 0, "audit"); 486 if (error) 487 panic("audit_worker_init: kproc_create returned %d", error); 488} |