svn commit: r316334 - head/sys/kern

Fri, 31 Mar 2017 07:17:59 -0700 

Author: rwatson
Date: Fri Mar 31 14:17:14 2017
New Revision: 316334
URL: https://svnweb.freebsd.org/changeset/base/316334

Log:
  Audit arguments to posix_fallocate(2) and posix_fadvise(2) system calls.
  
  As posix_fadvise() does not lock the vnode argument, don't capture
  detailed vnode information for the time being.
  
  Obtained from:        TrustedBSD Project
  MFC after:    3 weeks
  Sponsored by: DARPA, AFRL

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c        Fri Mar 31 14:13:13 2017        
(r316333)
+++ head/sys/kern/vfs_syscalls.c        Fri Mar 31 14:17:14 2017        
(r316334)
@@ -4452,15 +4452,21 @@ kern_posix_fallocate(struct thread *td, 
        cap_rights_t rights;
        off_t olen, ooffset;
        int error;
+#ifdef AUDIT
+       int audited_vnode1 = 0;
+#endif
 
+       AUDIT_ARG_FD(fd);
        if (offset < 0 || len <= 0)
                return (EINVAL);
        /* Check for wrap. */
        if (offset > OFF_MAX - len)
                return (EFBIG);
+       AUDIT_ARG_FD(fd);
        error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
        if (error != 0)
                return (error);
+       AUDIT_ARG_FILE(td->td_proc, fp);
        if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
                error = ESPIPE;
                goto out;
@@ -4494,6 +4500,12 @@ kern_posix_fallocate(struct thread *td, 
                        vn_finished_write(mp);
                        break;
                }
+#ifdef AUDIT
+               if (!audited_vnode1) {
+                       AUDIT_ARG_VNODE1(vp);
+                       audited_vnode1 = 1;
+               }
+#endif
 #ifdef MAC
                error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
                if (error == 0)
@@ -4544,6 +4556,7 @@ kern_posix_fadvise(struct thread *td, in
 
        if (offset < 0 || len < 0 || offset > OFF_MAX - len)
                return (EINVAL);
+       AUDIT_ARG_VALUE(advice);
        switch (advice) {
        case POSIX_FADV_SEQUENTIAL:
        case POSIX_FADV_RANDOM:
@@ -4559,9 +4572,11 @@ kern_posix_fadvise(struct thread *td, in
                return (EINVAL);
        }
        /* XXX: CAP_POSIX_FADVISE? */
+       AUDIT_ARG_FD(fd);
        error = fget(td, fd, cap_rights_init(&rights), &fp);
        if (error != 0)
                goto out;
+       AUDIT_ARG_FILE(td->td_proc, fp);
        if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
                error = ESPIPE;
                goto out;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to