aboutsummaryrefslogtreecommitdiff
path: root/sys/security
diff options
context:
space:
mode:
authorDavide Italiano <davide@FreeBSD.org>2014-08-20 16:04:30 +0000
committerDavide Italiano <davide@FreeBSD.org>2014-08-20 16:04:30 +0000
commitb40ea294f9e7d68469bd5d0ed423de2cc59bec3c (patch)
treeac7dbfb7d0e615ed67ba8a40e2f24673f4081cff /sys/security
parentb6130f818958b344d53b94bb603dd3171a2e46d8 (diff)
downloadsrc-b40ea294f9e7d68469bd5d0ed423de2cc59bec3c.tar.gz
src-b40ea294f9e7d68469bd5d0ed423de2cc59bec3c.zip
Notes
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/audit/audit_pipe.c118
1 files changed, 47 insertions, 71 deletions
diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c
index b2919753e076..f9c63d22413b 100644
--- a/sys/security/audit/audit_pipe.c
+++ b/sys/security/audit/audit_pipe.c
@@ -112,7 +112,6 @@ struct audit_pipe_preselect {
#define AUDIT_PIPE_ASYNC 0x00000001
#define AUDIT_PIPE_NBIO 0x00000002
struct audit_pipe {
- int ap_open; /* Device open? */
u_int ap_flags;
struct selinfo ap_selinfo;
@@ -205,6 +204,7 @@ static struct rwlock audit_pipe_lock;
#define AUDIT_PIPE_LIST_LOCK_INIT() rw_init(&audit_pipe_lock, \
"audit_pipe_list_lock")
+#define AUDIT_PIPE_LIST_LOCK_DESTROY() rw_destroy(&audit_pipe_lock)
#define AUDIT_PIPE_LIST_RLOCK() rw_rlock(&audit_pipe_lock)
#define AUDIT_PIPE_LIST_RUNLOCK() rw_runlock(&audit_pipe_lock)
#define AUDIT_PIPE_LIST_WLOCK() rw_wlock(&audit_pipe_lock)
@@ -213,11 +213,11 @@ static struct rwlock audit_pipe_lock;
#define AUDIT_PIPE_LIST_WUNLOCK() rw_wunlock(&audit_pipe_lock)
/*
- * Cloning related variables and constants.
+ * Audit pipe device.
*/
-#define AUDIT_PIPE_NAME "auditpipe"
-static eventhandler_tag audit_pipe_eh_tag;
-static struct clonedevs *audit_pipe_clones;
+static struct cdev *audit_pipe_dev;
+
+#define AUDIT_PIPE_NAME "auditpipe"
/*
* Special device methods and definition.
@@ -231,7 +231,6 @@ static d_kqfilter_t audit_pipe_kqfilter;
static struct cdevsw audit_pipe_cdevsw = {
.d_version = D_VERSION,
- .d_flags = D_NEEDMINOR,
.d_open = audit_pipe_open,
.d_close = audit_pipe_close,
.d_read = audit_pipe_read,
@@ -572,8 +571,6 @@ audit_pipe_alloc(void)
{
struct audit_pipe *ap;
- AUDIT_PIPE_LIST_WLOCK_ASSERT();
-
ap = malloc(sizeof(*ap), M_AUDIT_PIPE, M_NOWAIT | M_ZERO);
if (ap == NULL)
return (NULL);
@@ -599,9 +596,11 @@ audit_pipe_alloc(void)
/*
* Add to global list and update global statistics.
*/
+ AUDIT_PIPE_LIST_WLOCK();
TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list);
audit_pipe_count++;
audit_pipe_ever++;
+ AUDIT_PIPE_LIST_WUNLOCK();
return (ap);
}
@@ -653,28 +652,16 @@ audit_pipe_free(struct audit_pipe *ap)
audit_pipe_count--;
}
-/*
- * Audit pipe clone routine -- provide specific requested audit pipe, or a
- * fresh one if a specific one is not requested.
- */
static void
-audit_pipe_clone(void *arg, struct ucred *cred, char *name, int namelen,
- struct cdev **dev)
+audit_pipe_dtor(void *arg)
{
- int i, u;
-
- if (*dev != NULL)
- return;
-
- if (strcmp(name, AUDIT_PIPE_NAME) == 0)
- u = -1;
- else if (dev_stdclone(name, NULL, AUDIT_PIPE_NAME, &u) != 1)
- return;
+ struct audit_pipe *ap;
- i = clone_create(&audit_pipe_clones, &audit_pipe_cdevsw, &u, dev, 0);
- if (i)
- *dev = make_dev_credf(MAKEDEV_REF, &audit_pipe_cdevsw, u, cred,
- UID_ROOT, GID_WHEEL, 0600, "%s%d", AUDIT_PIPE_NAME, u);
+ ap = arg;
+ AUDIT_PIPE_LIST_WLOCK();
+ AUDIT_PIPE_LOCK(ap);
+ audit_pipe_free(ap);
+ AUDIT_PIPE_LIST_WUNLOCK();
}
/*
@@ -686,24 +673,19 @@ static int
audit_pipe_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
{
struct audit_pipe *ap;
+ int error;
- AUDIT_PIPE_LIST_WLOCK();
- ap = dev->si_drv1;
+ ap = audit_pipe_alloc();
if (ap == NULL) {
- ap = audit_pipe_alloc();
- if (ap == NULL) {
- AUDIT_PIPE_LIST_WUNLOCK();
- return (ENOMEM);
- }
- dev->si_drv1 = ap;
- } else {
- KASSERT(ap->ap_open, ("audit_pipe_open: ap && !ap_open"));
- AUDIT_PIPE_LIST_WUNLOCK();
- return (EBUSY);
+ return (ENOMEM);
}
- ap->ap_open = 1; /* No lock required yet. */
- AUDIT_PIPE_LIST_WUNLOCK();
fsetown(td->td_proc->p_pid, &ap->ap_sigio);
+ error = devfs_set_cdevpriv(ap, audit_pipe_dtor);
+ if (error != 0) {
+ AUDIT_PIPE_LIST_WLOCK();
+ audit_pipe_free(ap);
+ AUDIT_PIPE_LIST_WUNLOCK();
+ }
return (0);
}
@@ -714,18 +696,12 @@ static int
audit_pipe_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
{
struct audit_pipe *ap;
+ int error;
- ap = dev->si_drv1;
- KASSERT(ap != NULL, ("audit_pipe_close: ap == NULL"));
- KASSERT(ap->ap_open, ("audit_pipe_close: !ap_open"));
-
+ error = devfs_get_cdevpriv((void **)&ap);
+ if (error != 0)
+ return (error);
funsetown(&ap->ap_sigio);
- AUDIT_PIPE_LIST_WLOCK();
- AUDIT_PIPE_LOCK(ap);
- ap->ap_open = 0;
- audit_pipe_free(ap);
- dev->si_drv1 = NULL;
- AUDIT_PIPE_LIST_WUNLOCK();
return (0);
}
@@ -743,8 +719,9 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,
int error, mode;
au_id_t auid;
- ap = dev->si_drv1;
- KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL"));
+ error = devfs_get_cdevpriv((void **)&ap);
+ if (error != 0)
+ return (error);
/*
* Audit pipe ioctls: first come standard device node ioctls, then
@@ -948,8 +925,9 @@ audit_pipe_read(struct cdev *dev, struct uio *uio, int flag)
u_int toread;
int error;
- ap = dev->si_drv1;
- KASSERT(ap != NULL, ("audit_pipe_read: ap == NULL"));
+ error = devfs_get_cdevpriv((void **)&ap);
+ if (error != 0)
+ return (error);
/*
* We hold an sx(9) lock over read and flush because we rely on the
@@ -1026,12 +1004,12 @@ static int
audit_pipe_poll(struct cdev *dev, int events, struct thread *td)
{
struct audit_pipe *ap;
- int revents;
+ int error, revents;
revents = 0;
- ap = dev->si_drv1;
- KASSERT(ap != NULL, ("audit_pipe_poll: ap == NULL"));
-
+ error = devfs_get_cdevpriv((void **)&ap);
+ if (error != 0)
+ return (error);
if (events & (POLLIN | POLLRDNORM)) {
AUDIT_PIPE_LOCK(ap);
if (TAILQ_FIRST(&ap->ap_queue) != NULL)
@@ -1050,10 +1028,11 @@ static int
audit_pipe_kqfilter(struct cdev *dev, struct knote *kn)
{
struct audit_pipe *ap;
+ int error;
- ap = dev->si_drv1;
- KASSERT(ap != NULL, ("audit_pipe_kqfilter: ap == NULL"));
-
+ error = devfs_get_cdevpriv((void **)&ap);
+ if (error != 0)
+ return (error);
if (kn->kn_filter != EVFILT_READ)
return (EINVAL);
@@ -1075,7 +1054,6 @@ audit_pipe_kqread(struct knote *kn, long hint)
struct audit_pipe *ap;
ap = (struct audit_pipe *)kn->kn_hook;
- KASSERT(ap != NULL, ("audit_pipe_kqread: ap == NULL"));
AUDIT_PIPE_LOCK_ASSERT(ap);
if (ap->ap_qlen != 0) {
@@ -1096,8 +1074,6 @@ audit_pipe_kqdetach(struct knote *kn)
struct audit_pipe *ap;
ap = (struct audit_pipe *)kn->kn_hook;
- KASSERT(ap != NULL, ("audit_pipe_kqdetach: ap == NULL"));
-
AUDIT_PIPE_LOCK(ap);
knlist_remove(&ap->ap_selinfo.si_note, kn, 1);
AUDIT_PIPE_UNLOCK(ap);
@@ -1112,12 +1088,12 @@ audit_pipe_init(void *unused)
TAILQ_INIT(&audit_pipe_list);
AUDIT_PIPE_LIST_LOCK_INIT();
-
- clone_setup(&audit_pipe_clones);
- audit_pipe_eh_tag = EVENTHANDLER_REGISTER(dev_clone,
- audit_pipe_clone, 0, 1000);
- if (audit_pipe_eh_tag == NULL)
- panic("audit_pipe_init: EVENTHANDLER_REGISTER");
+ audit_pipe_dev = make_dev(&audit_pipe_cdevsw, 0, UID_ROOT,
+ GID_WHEEL, 0600, "%s", AUDIT_PIPE_NAME);
+ if (audit_pipe_dev == NULL) {
+ AUDIT_PIPE_LIST_LOCK_DESTROY();
+ panic("Can't initialize audit pipe subsystem");
+ }
}
SYSINIT(audit_pipe_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, audit_pipe_init,