mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-20 11:11:24 +00:00
Add a new thread-private flag, TDP_AUDITREC, to indicate whether or
not there is an audit record hung off of td_ar on the current thread. Test this flag instead of td_ar when auditing syscall arguments or checking for an audit record to commit on syscall return. Under these circumstances, td_pflags is much more likely to be in the cache (especially if there is no auditing of the current system call), so this should help reduce cache misses in the system call return path. MFC after: 1 week Reported by: kris Obtained from: TrustedBSD Project
This commit is contained in:
parent
8fc8651306
commit
b3f468e253
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=189570
@ -492,6 +492,8 @@ audit_syscall_enter(unsigned short code, struct thread *td)
|
||||
au_id_t auid;
|
||||
|
||||
KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
|
||||
KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
|
||||
("audit_syscall_enter: TDP_AUDITREC set"));
|
||||
|
||||
/*
|
||||
* In FreeBSD, each ABI has its own system call table, and hence
|
||||
@ -542,9 +544,13 @@ audit_syscall_enter(unsigned short code, struct thread *td)
|
||||
panic("audit_failing_stop: thread continued");
|
||||
}
|
||||
td->td_ar = audit_new(event, td);
|
||||
} else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
|
||||
if (td->td_ar != NULL)
|
||||
td->td_pflags |= TDP_AUDITREC;
|
||||
} else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) {
|
||||
td->td_ar = audit_new(event, td);
|
||||
else
|
||||
if (td->td_ar != NULL)
|
||||
td->td_pflags |= TDP_AUDITREC;
|
||||
} else
|
||||
td->td_ar = NULL;
|
||||
}
|
||||
|
||||
@ -572,6 +578,7 @@ audit_syscall_exit(int error, struct thread *td)
|
||||
|
||||
audit_commit(td->td_ar, error, retval);
|
||||
td->td_ar = NULL;
|
||||
td->td_pflags &= ~TDP_AUDITREC;
|
||||
}
|
||||
|
||||
void
|
||||
@ -626,6 +633,8 @@ audit_thread_free(struct thread *td)
|
||||
{
|
||||
|
||||
KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
|
||||
KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
|
||||
("audit_thread_free: TDP_AUDITREC set"));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -186,7 +186,7 @@ void audit_thread_free(struct thread *td);
|
||||
* audit_enabled flag before performing the actual call.
|
||||
*/
|
||||
#define AUDIT_ARG(op, args...) do { \
|
||||
if (td->td_ar != NULL) \
|
||||
if (td->td_pflags & TDP_AUDITREC) \
|
||||
audit_arg_ ## op (args); \
|
||||
} while (0)
|
||||
|
||||
@ -202,7 +202,7 @@ void audit_thread_free(struct thread *td);
|
||||
* auditing is disabled, so we don't just check audit_enabled here.
|
||||
*/
|
||||
#define AUDIT_SYSCALL_EXIT(error, td) do { \
|
||||
if (td->td_ar != NULL) \
|
||||
if (td->td_pflags & TDP_AUDITREC) \
|
||||
audit_syscall_exit(error, td); \
|
||||
} while (0)
|
||||
|
||||
@ -210,7 +210,7 @@ void audit_thread_free(struct thread *td);
|
||||
* A Macro to wrap the audit_sysclose() function.
|
||||
*/
|
||||
#define AUDIT_SYSCLOSE(td, fd) do { \
|
||||
if (audit_enabled) \
|
||||
if (td->td_pflags & TDP_AUDITREC) \
|
||||
audit_sysclose(td, fd); \
|
||||
} while (0)
|
||||
|
||||
|
@ -96,6 +96,7 @@ audit(struct thread *td, struct audit_args *uap)
|
||||
td->td_ar = audit_new(AUE_NULL, td);
|
||||
if (td->td_ar == NULL)
|
||||
return (ENOTSUP);
|
||||
td->td_pflags |= TDP_AUDITREC;
|
||||
ar = td->td_ar;
|
||||
}
|
||||
|
||||
|
@ -368,6 +368,7 @@ do { \
|
||||
#define TDP_KTHREAD 0x00200000 /* This is an official kernel thread */
|
||||
#define TDP_CALLCHAIN 0x00400000 /* Capture thread's callchain */
|
||||
#define TDP_IGNSUSP 0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
|
||||
#define TDP_AUDITREC 0x01000000 /* Audit record pending on thread */
|
||||
|
||||
/*
|
||||
* Reasons that the current thread can not be run yet.
|
||||
|
Loading…
Reference in New Issue
Block a user