svn commit: r188224 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb security/audit

[Robert Watson]

Author: rwatson
Date: Fri Feb  6 12:10:28 2009
New Revision: 188224
URL: http://svn.freebsd.org/changeset/base/188224

Log:
  Merge r184948 from head to stable/7:
  
    When repeatedly accessing a thread credential, cache the credential
    pointer in a local thread.  While this is unlikely to significantly
    improve performance given modern compiler behavior, it makes the code
    more readable and reduces diffs to the Mac OS X version of the same
    code (which stores things in creds in the same way, but where the
    cred for a thread is reached quite differently).
  
    Discussed with: sson
    Sponsored by:   Apple Inc.
    Obtained from:        TrustedBSD Project

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/security/audit/audit.c
  stable/7/sys/security/audit/audit_arg.c
  stable/7/sys/security/audit/audit_syscalls.c

Modified: stable/7/sys/security/audit/audit.c
==============================================================================
--- stable/7/sys/security/audit/audit.c Fri Feb  6 12:06:39 2009        
(r188223)
+++ stable/7/sys/security/audit/audit.c Fri Feb  6 12:10:28 2009        
(r188224)
@@ -165,6 +165,7 @@ audit_record_ctor(void *mem, int size, v
 {
        struct kaudit_record *ar;
        struct thread *td;
+       struct ucred *cred;
 
        KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));
 
@@ -177,15 +178,16 @@ audit_record_ctor(void *mem, int size, v
        /*
         * Export the subject credential.
         */
-       cru2x(td->td_ucred, &ar->k_ar.ar_subj_cred);
-       ar->k_ar.ar_subj_ruid = td->td_ucred->cr_ruid;
-       ar->k_ar.ar_subj_rgid = td->td_ucred->cr_rgid;
-       ar->k_ar.ar_subj_egid = td->td_ucred->cr_groups[0];
-       ar->k_ar.ar_subj_auid = td->td_ucred->cr_audit.ai_auid;
-       ar->k_ar.ar_subj_asid = td->td_ucred->cr_audit.ai_asid;
+       cred = td->td_ucred;
+       cru2x(cred, &ar->k_ar.ar_subj_cred);
+       ar->k_ar.ar_subj_ruid = cred->cr_ruid;
+       ar->k_ar.ar_subj_rgid = cred->cr_rgid;
+       ar->k_ar.ar_subj_egid = cred->cr_groups[0];
+       ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
+       ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
        ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
-       ar->k_ar.ar_subj_amask = td->td_ucred->cr_audit.ai_mask;
-       ar->k_ar.ar_subj_term_addr = td->td_ucred->cr_audit.ai_termid;
+       ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
+       ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
        return (0);
 }
 
@@ -585,6 +587,7 @@ audit_proc_coredump(struct thread *td, c
 {
        struct kaudit_record *ar;
        struct au_mask *aumask;
+       struct ucred *cred;
        au_class_t class;
        int ret, sorf;
        char **pathp;
@@ -595,11 +598,12 @@ audit_proc_coredump(struct thread *td, c
        /*
         * Make sure we are using the correct preselection mask.
         */
-       auid = td->td_ucred->cr_audit.ai_auid;
+       cred = td->td_ucred;
+       auid = cred->cr_audit.ai_auid;
        if (auid == AU_DEFAUDITID)
                aumask = &audit_nae_mask;
        else
-               aumask = &td->td_ucred->cr_audit.ai_mask;
+               aumask = &cred->cr_audit.ai_mask;
        /*
         * It's possible for coredump(9) generation to fail.  Make sure that
         * we handle this case correctly for preselection.
@@ -612,6 +616,7 @@ audit_proc_coredump(struct thread *td, c
        if (au_preselect(AUE_CORE, class, aumask, sorf) == 0 &&
            audit_pipe_preselect(auid, AUE_CORE, class, sorf, 0) == 0)
                return;
+
        /*
         * If we are interested in seeing this audit record, allocate it.
         * Where possible coredump records should contain a pathname and arg32

Modified: stable/7/sys/security/audit/audit_arg.c
==============================================================================
--- stable/7/sys/security/audit/audit_arg.c     Fri Feb  6 12:06:39 2009        
(r188223)
+++ stable/7/sys/security/audit/audit_arg.c     Fri Feb  6 12:10:28 2009        
(r188224)
@@ -356,6 +356,7 @@ void
 audit_arg_process(struct proc *p)
 {
        struct kaudit_record *ar;
+       struct ucred *cred;
 
        KASSERT(p != NULL, ("audit_arg_process: p == NULL"));
 
@@ -365,13 +366,14 @@ audit_arg_process(struct proc *p)
        if (ar == NULL)
                return;
 
-       ar->k_ar.ar_arg_auid = p->p_ucred->cr_audit.ai_auid;
-       ar->k_ar.ar_arg_euid = p->p_ucred->cr_uid;
-       ar->k_ar.ar_arg_egid = p->p_ucred->cr_groups[0];
-       ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid;
-       ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
-       ar->k_ar.ar_arg_asid = p->p_ucred->cr_audit.ai_asid;
-       ar->k_ar.ar_arg_termid_addr = p->p_ucred->cr_audit.ai_termid;
+       cred = p->p_ucred;
+       ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
+       ar->k_ar.ar_arg_euid = cred->cr_uid;
+       ar->k_ar.ar_arg_egid = cred->cr_groups[0];
+       ar->k_ar.ar_arg_ruid = cred->cr_ruid;
+       ar->k_ar.ar_arg_rgid = cred->cr_rgid;
+       ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
+       ar->k_ar.ar_arg_termid_addr = cred->cr_audit.ai_termid;
        ar->k_ar.ar_arg_pid = p->p_pid;
        ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
            ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS);

Modified: stable/7/sys/security/audit/audit_syscalls.c
==============================================================================
--- stable/7/sys/security/audit/audit_syscalls.c        Fri Feb  6 12:06:39 
2009        (r188223)
+++ stable/7/sys/security/audit/audit_syscalls.c        Fri Feb  6 12:10:28 
2009        (r188224)
@@ -157,7 +157,7 @@ free_out:
 int
 auditon(struct thread *td, struct auditon_args *uap)
 {
-       struct ucred *newcred, *oldcred;
+       struct ucred *cred, *newcred, *oldcred;
        int error;
        union auditon_udata udata;
        struct proc *tp;
@@ -321,22 +321,21 @@ auditon(struct thread *td, struct audito
                        PROC_UNLOCK(tp);
                        return (EINVAL);
                }
-               if (tp->p_ucred->cr_audit.ai_termid.at_type == AU_IPv6) {
+               cred = tp->p_ucred;
+               if (cred->cr_audit.ai_termid.at_type == AU_IPv6) {
                        PROC_UNLOCK(tp);
                        return (EINVAL);
                }
-               udata.au_aupinfo.ap_auid =
-                   tp->p_ucred->cr_audit.ai_auid;
+               udata.au_aupinfo.ap_auid = cred->cr_audit.ai_auid;
                udata.au_aupinfo.ap_mask.am_success =
-                   tp->p_ucred->cr_audit.ai_mask.am_success;
+                   cred->cr_audit.ai_mask.am_success;
                udata.au_aupinfo.ap_mask.am_failure =
-                   tp->p_ucred->cr_audit.ai_mask.am_failure;
+                   cred->cr_audit.ai_mask.am_failure;
                udata.au_aupinfo.ap_termid.machine =
-                   tp->p_ucred->cr_audit.ai_termid.at_addr[0];
+                   cred->cr_audit.ai_termid.at_addr[0];
                udata.au_aupinfo.ap_termid.port =
-                   (dev_t)tp->p_ucred->cr_audit.ai_termid.at_port;
-               udata.au_aupinfo.ap_asid =
-                   tp->p_ucred->cr_audit.ai_asid;
+                   (dev_t)cred->cr_audit.ai_termid.at_port;
+               udata.au_aupinfo.ap_asid = cred->cr_audit.ai_asid;
                PROC_UNLOCK(tp);
                break;
 
@@ -381,16 +380,14 @@ auditon(struct thread *td, struct audito
                        return (EINVAL);
                if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL)
                        return (EINVAL);
-               udata.au_aupinfo_addr.ap_auid =
-                   tp->p_ucred->cr_audit.ai_auid;
+               cred = tp->p_ucred;
+               udata.au_aupinfo_addr.ap_auid = cred->cr_audit.ai_auid;
                udata.au_aupinfo_addr.ap_mask.am_success =
-                   tp->p_ucred->cr_audit.ai_mask.am_success;
+                   cred->cr_audit.ai_mask.am_success;
                udata.au_aupinfo_addr.ap_mask.am_failure =
-                   tp->p_ucred->cr_audit.ai_mask.am_failure;
-               udata.au_aupinfo_addr.ap_termid =
-                   tp->p_ucred->cr_audit.ai_termid;
-               udata.au_aupinfo_addr.ap_asid =
-                   tp->p_ucred->cr_audit.ai_asid;
+                   cred->cr_audit.ai_mask.am_failure;
+               udata.au_aupinfo_addr.ap_termid = cred->cr_audit.ai_termid;
+               udata.au_aupinfo_addr.ap_asid = cred->cr_audit.ai_asid;
                PROC_UNLOCK(tp);
                break;
 
@@ -500,21 +497,23 @@ int
 getaudit(struct thread *td, struct getaudit_args *uap)
 {
        struct auditinfo ai;
+       struct ucred *cred;
        int error;
 
-       if (jailed(td->td_ucred))
+       cred = td->td_ucred;
+       if (jailed(cred))
                return (ENOSYS);
        error = priv_check(td, PRIV_AUDIT_GETAUDIT);
        if (error)
                return (error);
-       if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6)
+       if (cred->cr_audit.ai_termid.at_type == AU_IPv6)
                return (E2BIG);
        bzero(&ai, sizeof(ai));
-       ai.ai_auid = td->td_ucred->cr_audit.ai_auid;
-       ai.ai_mask = td->td_ucred->cr_audit.ai_mask;
-       ai.ai_asid = td->td_ucred->cr_audit.ai_asid;
-       ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0];
-       ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port;
+       ai.ai_auid = cred->cr_audit.ai_auid;
+       ai.ai_mask = cred->cr_audit.ai_mask;
+       ai.ai_asid = cred->cr_audit.ai_asid;
+       ai.ai_termid.machine = cred->cr_audit.ai_termid.at_addr[0];
+       ai.ai_termid.port = cred->cr_audit.ai_termid.at_port;
        return (copyout(&ai, uap->auditinfo, sizeof(ai)));
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"