diff options
author | Davide Italiano <davide@FreeBSD.org> | 2014-08-20 16:04:30 +0000 |
---|---|---|
committer | Davide Italiano <davide@FreeBSD.org> | 2014-08-20 16:04:30 +0000 |
commit | b40ea294f9e7d68469bd5d0ed423de2cc59bec3c (patch) | |
tree | ac7dbfb7d0e615ed67ba8a40e2f24673f4081cff /sys/security | |
parent | b6130f818958b344d53b94bb603dd3171a2e46d8 (diff) | |
download | src-b40ea294f9e7d68469bd5d0ed423de2cc59bec3c.tar.gz src-b40ea294f9e7d68469bd5d0ed423de2cc59bec3c.zip |
Notes
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_pipe.c | 118 |
1 files changed, 47 insertions, 71 deletions
diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c index b2919753e076..f9c63d22413b 100644 --- a/sys/security/audit/audit_pipe.c +++ b/sys/security/audit/audit_pipe.c @@ -112,7 +112,6 @@ struct audit_pipe_preselect { #define AUDIT_PIPE_ASYNC 0x00000001 #define AUDIT_PIPE_NBIO 0x00000002 struct audit_pipe { - int ap_open; /* Device open? */ u_int ap_flags; struct selinfo ap_selinfo; @@ -205,6 +204,7 @@ static struct rwlock audit_pipe_lock; #define AUDIT_PIPE_LIST_LOCK_INIT() rw_init(&audit_pipe_lock, \ "audit_pipe_list_lock") +#define AUDIT_PIPE_LIST_LOCK_DESTROY() rw_destroy(&audit_pipe_lock) #define AUDIT_PIPE_LIST_RLOCK() rw_rlock(&audit_pipe_lock) #define AUDIT_PIPE_LIST_RUNLOCK() rw_runlock(&audit_pipe_lock) #define AUDIT_PIPE_LIST_WLOCK() rw_wlock(&audit_pipe_lock) @@ -213,11 +213,11 @@ static struct rwlock audit_pipe_lock; #define AUDIT_PIPE_LIST_WUNLOCK() rw_wunlock(&audit_pipe_lock) /* - * Cloning related variables and constants. + * Audit pipe device. */ -#define AUDIT_PIPE_NAME "auditpipe" -static eventhandler_tag audit_pipe_eh_tag; -static struct clonedevs *audit_pipe_clones; +static struct cdev *audit_pipe_dev; + +#define AUDIT_PIPE_NAME "auditpipe" /* * Special device methods and definition. @@ -231,7 +231,6 @@ static d_kqfilter_t audit_pipe_kqfilter; static struct cdevsw audit_pipe_cdevsw = { .d_version = D_VERSION, - .d_flags = D_NEEDMINOR, .d_open = audit_pipe_open, .d_close = audit_pipe_close, .d_read = audit_pipe_read, @@ -572,8 +571,6 @@ audit_pipe_alloc(void) { struct audit_pipe *ap; - AUDIT_PIPE_LIST_WLOCK_ASSERT(); - ap = malloc(sizeof(*ap), M_AUDIT_PIPE, M_NOWAIT | M_ZERO); if (ap == NULL) return (NULL); @@ -599,9 +596,11 @@ audit_pipe_alloc(void) /* * Add to global list and update global statistics. */ + AUDIT_PIPE_LIST_WLOCK(); TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list); audit_pipe_count++; audit_pipe_ever++; + AUDIT_PIPE_LIST_WUNLOCK(); return (ap); } @@ -653,28 +652,16 @@ audit_pipe_free(struct audit_pipe *ap) audit_pipe_count--; } -/* - * Audit pipe clone routine -- provide specific requested audit pipe, or a - * fresh one if a specific one is not requested. - */ static void -audit_pipe_clone(void *arg, struct ucred *cred, char *name, int namelen, - struct cdev **dev) +audit_pipe_dtor(void *arg) { - int i, u; - - if (*dev != NULL) - return; - - if (strcmp(name, AUDIT_PIPE_NAME) == 0) - u = -1; - else if (dev_stdclone(name, NULL, AUDIT_PIPE_NAME, &u) != 1) - return; + struct audit_pipe *ap; - i = clone_create(&audit_pipe_clones, &audit_pipe_cdevsw, &u, dev, 0); - if (i) - *dev = make_dev_credf(MAKEDEV_REF, &audit_pipe_cdevsw, u, cred, - UID_ROOT, GID_WHEEL, 0600, "%s%d", AUDIT_PIPE_NAME, u); + ap = arg; + AUDIT_PIPE_LIST_WLOCK(); + AUDIT_PIPE_LOCK(ap); + audit_pipe_free(ap); + AUDIT_PIPE_LIST_WUNLOCK(); } /* @@ -686,24 +673,19 @@ static int audit_pipe_open(struct cdev *dev, int oflags, int devtype, struct thread *td) { struct audit_pipe *ap; + int error; - AUDIT_PIPE_LIST_WLOCK(); - ap = dev->si_drv1; + ap = audit_pipe_alloc(); if (ap == NULL) { - ap = audit_pipe_alloc(); - if (ap == NULL) { - AUDIT_PIPE_LIST_WUNLOCK(); - return (ENOMEM); - } - dev->si_drv1 = ap; - } else { - KASSERT(ap->ap_open, ("audit_pipe_open: ap && !ap_open")); - AUDIT_PIPE_LIST_WUNLOCK(); - return (EBUSY); + return (ENOMEM); } - ap->ap_open = 1; /* No lock required yet. */ - AUDIT_PIPE_LIST_WUNLOCK(); fsetown(td->td_proc->p_pid, &ap->ap_sigio); + error = devfs_set_cdevpriv(ap, audit_pipe_dtor); + if (error != 0) { + AUDIT_PIPE_LIST_WLOCK(); + audit_pipe_free(ap); + AUDIT_PIPE_LIST_WUNLOCK(); + } return (0); } @@ -714,18 +696,12 @@ static int audit_pipe_close(struct cdev *dev, int fflag, int devtype, struct thread *td) { struct audit_pipe *ap; + int error; - ap = dev->si_drv1; - KASSERT(ap != NULL, ("audit_pipe_close: ap == NULL")); - KASSERT(ap->ap_open, ("audit_pipe_close: !ap_open")); - + error = devfs_get_cdevpriv((void **)&ap); + if (error != 0) + return (error); funsetown(&ap->ap_sigio); - AUDIT_PIPE_LIST_WLOCK(); - AUDIT_PIPE_LOCK(ap); - ap->ap_open = 0; - audit_pipe_free(ap); - dev->si_drv1 = NULL; - AUDIT_PIPE_LIST_WUNLOCK(); return (0); } @@ -743,8 +719,9 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, int error, mode; au_id_t auid; - ap = dev->si_drv1; - KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL")); + error = devfs_get_cdevpriv((void **)&ap); + if (error != 0) + return (error); /* * Audit pipe ioctls: first come standard device node ioctls, then @@ -948,8 +925,9 @@ audit_pipe_read(struct cdev *dev, struct uio *uio, int flag) u_int toread; int error; - ap = dev->si_drv1; - KASSERT(ap != NULL, ("audit_pipe_read: ap == NULL")); + error = devfs_get_cdevpriv((void **)&ap); + if (error != 0) + return (error); /* * We hold an sx(9) lock over read and flush because we rely on the @@ -1026,12 +1004,12 @@ static int audit_pipe_poll(struct cdev *dev, int events, struct thread *td) { struct audit_pipe *ap; - int revents; + int error, revents; revents = 0; - ap = dev->si_drv1; - KASSERT(ap != NULL, ("audit_pipe_poll: ap == NULL")); - + error = devfs_get_cdevpriv((void **)&ap); + if (error != 0) + return (error); if (events & (POLLIN | POLLRDNORM)) { AUDIT_PIPE_LOCK(ap); if (TAILQ_FIRST(&ap->ap_queue) != NULL) @@ -1050,10 +1028,11 @@ static int audit_pipe_kqfilter(struct cdev *dev, struct knote *kn) { struct audit_pipe *ap; + int error; - ap = dev->si_drv1; - KASSERT(ap != NULL, ("audit_pipe_kqfilter: ap == NULL")); - + error = devfs_get_cdevpriv((void **)&ap); + if (error != 0) + return (error); if (kn->kn_filter != EVFILT_READ) return (EINVAL); @@ -1075,7 +1054,6 @@ audit_pipe_kqread(struct knote *kn, long hint) struct audit_pipe *ap; ap = (struct audit_pipe *)kn->kn_hook; - KASSERT(ap != NULL, ("audit_pipe_kqread: ap == NULL")); AUDIT_PIPE_LOCK_ASSERT(ap); if (ap->ap_qlen != 0) { @@ -1096,8 +1074,6 @@ audit_pipe_kqdetach(struct knote *kn) struct audit_pipe *ap; ap = (struct audit_pipe *)kn->kn_hook; - KASSERT(ap != NULL, ("audit_pipe_kqdetach: ap == NULL")); - AUDIT_PIPE_LOCK(ap); knlist_remove(&ap->ap_selinfo.si_note, kn, 1); AUDIT_PIPE_UNLOCK(ap); @@ -1112,12 +1088,12 @@ audit_pipe_init(void *unused) TAILQ_INIT(&audit_pipe_list); AUDIT_PIPE_LIST_LOCK_INIT(); - - clone_setup(&audit_pipe_clones); - audit_pipe_eh_tag = EVENTHANDLER_REGISTER(dev_clone, - audit_pipe_clone, 0, 1000); - if (audit_pipe_eh_tag == NULL) - panic("audit_pipe_init: EVENTHANDLER_REGISTER"); + audit_pipe_dev = make_dev(&audit_pipe_cdevsw, 0, UID_ROOT, + GID_WHEEL, 0600, "%s", AUDIT_PIPE_NAME); + if (audit_pipe_dev == NULL) { + AUDIT_PIPE_LIST_LOCK_DESTROY(); + panic("Can't initialize audit pipe subsystem"); + } } SYSINIT(audit_pipe_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, audit_pipe_init, |