audit_pipe.c revision 184489
1155408Srwatson/*- 2155408Srwatson * Copyright (c) 2006 Robert N. M. Watson 3184488Srwatson * Copyright (c) 2008 Apple, Inc. 4155408Srwatson * All rights reserved. 5155408Srwatson * 6155408Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7155408Srwatson * 8155408Srwatson * Redistribution and use in source and binary forms, with or without 9155408Srwatson * modification, are permitted provided that the following conditions 10155408Srwatson * are met: 11155408Srwatson * 1. Redistributions of source code must retain the above copyright 12155408Srwatson * notice, this list of conditions and the following disclaimer. 13155408Srwatson * 2. Redistributions in binary form must reproduce the above copyright 14155408Srwatson * notice, this list of conditions and the following disclaimer in the 15155408Srwatson * documentation and/or other materials provided with the distribution. 16155408Srwatson * 17155408Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18155408Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19155408Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20155408Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21155408Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22155408Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23155408Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24155408Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25155408Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26155408Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27155408Srwatson * SUCH DAMAGE. 28155408Srwatson */ 29155408Srwatson 30178186Srwatson#include <sys/cdefs.h> 31178186Srwatson__FBSDID("$FreeBSD: head/sys/security/audit/audit_pipe.c 184489 2008-10-30 23:09:19Z rwatson $"); 32178186Srwatson 33155408Srwatson#include <sys/param.h> 34155408Srwatson#include <sys/condvar.h> 35155408Srwatson#include <sys/conf.h> 36155408Srwatson#include <sys/eventhandler.h> 37155408Srwatson#include <sys/filio.h> 38155408Srwatson#include <sys/kernel.h> 39155408Srwatson#include <sys/lock.h> 40155408Srwatson#include <sys/malloc.h> 41155408Srwatson#include <sys/mutex.h> 42155408Srwatson#include <sys/poll.h> 43155408Srwatson#include <sys/proc.h> 44155408Srwatson#include <sys/queue.h> 45184488Srwatson#include <sys/rwlock.h> 46155408Srwatson#include <sys/selinfo.h> 47155408Srwatson#include <sys/sigio.h> 48155408Srwatson#include <sys/signal.h> 49155408Srwatson#include <sys/signalvar.h> 50155408Srwatson#include <sys/systm.h> 51155408Srwatson#include <sys/uio.h> 52155408Srwatson 53155408Srwatson#include <security/audit/audit.h> 54156880Srwatson#include <security/audit/audit_ioctl.h> 55155408Srwatson#include <security/audit/audit_private.h> 56155408Srwatson 57155408Srwatson/* 58155408Srwatson * Implementation of a clonable special device providing a live stream of BSM 59155408Srwatson * audit data. This is a "tee" of the data going to the file. It provides 60155408Srwatson * unreliable but timely access to audit events. Consumers of this interface 61159269Srwatson * should be very careful to avoid introducing event cycles. Consumers may 62159269Srwatson * express interest via a set of preselection ioctls. 63155408Srwatson */ 64155408Srwatson 65155408Srwatson/* 66155408Srwatson * Memory types. 67155408Srwatson */ 68155408Srwatsonstatic MALLOC_DEFINE(M_AUDIT_PIPE, "audit_pipe", "Audit pipes"); 69155408Srwatsonstatic MALLOC_DEFINE(M_AUDIT_PIPE_ENTRY, "audit_pipeent", 70155408Srwatson "Audit pipe entries and buffers"); 71174894Swkoszekstatic MALLOC_DEFINE(M_AUDIT_PIPE_PRESELECT, "audit_pipe_presel", 72159269Srwatson "Audit pipe preselection structure"); 73155408Srwatson 74155408Srwatson/* 75155408Srwatson * Audit pipe buffer parameters. 76155408Srwatson */ 77156883Srwatson#define AUDIT_PIPE_QLIMIT_DEFAULT (128) 78156880Srwatson#define AUDIT_PIPE_QLIMIT_MIN (0) 79155408Srwatson#define AUDIT_PIPE_QLIMIT_MAX (1024) 80155408Srwatson 81155408Srwatson/* 82155408Srwatson * Description of an entry in an audit_pipe. 83155408Srwatson */ 84155408Srwatsonstruct audit_pipe_entry { 85155408Srwatson void *ape_record; 86155408Srwatson u_int ape_record_len; 87155408Srwatson TAILQ_ENTRY(audit_pipe_entry) ape_queue; 88155408Srwatson}; 89155408Srwatson 90155408Srwatson/* 91159269Srwatson * Audit pipes allow processes to express "interest" in the set of records 92159269Srwatson * that are delivered via the pipe. They do this in a similar manner to the 93159269Srwatson * mechanism for audit trail configuration, by expressing two global masks, 94159269Srwatson * and optionally expressing per-auid masks. The following data structure is 95159269Srwatson * the per-auid mask description. The global state is stored in the audit 96159269Srwatson * pipe data structure. 97159269Srwatson * 98159269Srwatson * We may want to consider a more space/time-efficient data structure once 99159269Srwatson * usage patterns for per-auid specifications are clear. 100159269Srwatson */ 101159269Srwatsonstruct audit_pipe_preselect { 102159269Srwatson au_id_t app_auid; 103159269Srwatson au_mask_t app_mask; 104159269Srwatson TAILQ_ENTRY(audit_pipe_preselect) app_list; 105159269Srwatson}; 106159269Srwatson 107159269Srwatson/* 108155408Srwatson * Description of an individual audit_pipe. Consists largely of a bounded 109155408Srwatson * length queue. 110155408Srwatson */ 111155408Srwatson#define AUDIT_PIPE_ASYNC 0x00000001 112155408Srwatson#define AUDIT_PIPE_NBIO 0x00000002 113155408Srwatsonstruct audit_pipe { 114155408Srwatson int ap_open; /* Device open? */ 115155408Srwatson u_int ap_flags; 116155408Srwatson 117155408Srwatson struct selinfo ap_selinfo; 118155408Srwatson struct sigio *ap_sigio; 119155408Srwatson 120184488Srwatson /* 121184488Srwatson * Per-pipe mutex protecting most fields in this data structure. 122184488Srwatson */ 123184488Srwatson struct mtx ap_lock; 124184488Srwatson 125184488Srwatson /* 126184488Srwatson * Condition variable to signal when data has been delivered to a 127184488Srwatson * pipe. 128184488Srwatson */ 129184488Srwatson struct cv ap_cv; 130184488Srwatson 131155408Srwatson u_int ap_qlen; 132155408Srwatson u_int ap_qlimit; 133155408Srwatson 134155408Srwatson u_int64_t ap_inserts; /* Records added. */ 135155408Srwatson u_int64_t ap_reads; /* Records read. */ 136155408Srwatson u_int64_t ap_drops; /* Records dropped. */ 137155408Srwatson u_int64_t ap_truncates; /* Records too long. */ 138155408Srwatson 139159269Srwatson /* 140159269Srwatson * Fields relating to pipe interest: global masks for unmatched 141159269Srwatson * processes (attributable, non-attributable), and a list of specific 142159269Srwatson * interest specifications by auid. 143159269Srwatson */ 144159269Srwatson int ap_preselect_mode; 145159269Srwatson au_mask_t ap_preselect_flags; 146159269Srwatson au_mask_t ap_preselect_naflags; 147159269Srwatson TAILQ_HEAD(, audit_pipe_preselect) ap_preselect_list; 148159269Srwatson 149159269Srwatson /* 150159269Srwatson * Current pending record list. 151159269Srwatson */ 152155408Srwatson TAILQ_HEAD(, audit_pipe_entry) ap_queue; 153155408Srwatson 154159269Srwatson /* 155159269Srwatson * Global pipe list. 156159269Srwatson */ 157155408Srwatson TAILQ_ENTRY(audit_pipe) ap_list; 158155408Srwatson}; 159155408Srwatson 160184488Srwatson#define AUDIT_PIPE_LOCK(ap) mtx_lock(&(ap)->ap_lock) 161184488Srwatson#define AUDIT_PIPE_LOCK_ASSERT(ap) mtx_assert(&(ap)->ap_lock, MA_OWNED) 162184488Srwatson#define AUDIT_PIPE_LOCK_DESTROY(ap) mtx_destroy(&(ap)->ap_lock) 163184488Srwatson#define AUDIT_PIPE_LOCK_INIT(ap) mtx_init(&(ap)->ap_lock, \ 164184488Srwatson "audit_pipe_lock", NULL, MTX_DEF) 165184488Srwatson#define AUDIT_PIPE_UNLOCK(ap) mtx_unlock(&(ap)->ap_lock) 166184488Srwatson#define AUDIT_PIPE_MTX(ap) (&(ap)->ap_lock) 167184488Srwatson 168155408Srwatson/* 169184488Srwatson * Global list of audit pipes, rwlock to protect it. Individual record 170184488Srwatson * queues on pipes are protected by per-pipe locks; these locks synchronize 171184488Srwatson * between threads walking the list to deliver to individual pipes and add/ 172184488Srwatson * remove of pipes, and are mostly acquired for read. 173155408Srwatson */ 174155408Srwatsonstatic TAILQ_HEAD(, audit_pipe) audit_pipe_list; 175184488Srwatsonstatic struct rwlock audit_pipe_lock; 176155408Srwatson 177184488Srwatson#define AUDIT_PIPE_LIST_LOCK_INIT() rw_init(&audit_pipe_lock, \ 178184488Srwatson "audit_pipe_list_lock") 179184488Srwatson#define AUDIT_PIPE_LIST_RLOCK() rw_rlock(&audit_pipe_lock) 180184488Srwatson#define AUDIT_PIPE_LIST_RUNLOCK() rw_runlock(&audit_pipe_lock) 181184488Srwatson#define AUDIT_PIPE_LIST_WLOCK() rw_wlock(&audit_pipe_lock) 182184488Srwatson#define AUDIT_PIPE_LIST_WLOCK_ASSERT() rw_assert(&audit_pipe_lock, \ 183184488Srwatson RA_WLOCKED) 184184488Srwatson#define AUDIT_PIPE_LIST_WUNLOCK() rw_wunlock(&audit_pipe_lock) 185155408Srwatson 186155408Srwatson/* 187155408Srwatson * Cloning related variables and constants. 188155408Srwatson */ 189155408Srwatson#define AUDIT_PIPE_NAME "auditpipe" 190155408Srwatsonstatic eventhandler_tag audit_pipe_eh_tag; 191155408Srwatsonstatic struct clonedevs *audit_pipe_clones; 192155408Srwatson 193155408Srwatson/* 194155408Srwatson * Special device methods and definition. 195155408Srwatson */ 196155408Srwatsonstatic d_open_t audit_pipe_open; 197155408Srwatsonstatic d_close_t audit_pipe_close; 198155408Srwatsonstatic d_read_t audit_pipe_read; 199155408Srwatsonstatic d_ioctl_t audit_pipe_ioctl; 200155408Srwatsonstatic d_poll_t audit_pipe_poll; 201161582Srwatsonstatic d_kqfilter_t audit_pipe_kqfilter; 202155408Srwatson 203155408Srwatsonstatic struct cdevsw audit_pipe_cdevsw = { 204155408Srwatson .d_version = D_VERSION, 205179726Sed .d_flags = D_PSEUDO | D_NEEDGIANT | D_NEEDMINOR, 206155408Srwatson .d_open = audit_pipe_open, 207155408Srwatson .d_close = audit_pipe_close, 208155408Srwatson .d_read = audit_pipe_read, 209155408Srwatson .d_ioctl = audit_pipe_ioctl, 210155408Srwatson .d_poll = audit_pipe_poll, 211161582Srwatson .d_kqfilter = audit_pipe_kqfilter, 212155408Srwatson .d_name = AUDIT_PIPE_NAME, 213155408Srwatson}; 214155408Srwatson 215161582Srwatsonstatic int audit_pipe_kqread(struct knote *note, long hint); 216161582Srwatsonstatic void audit_pipe_kqdetach(struct knote *note); 217161582Srwatson 218161582Srwatsonstatic struct filterops audit_pipe_read_filterops = { 219161582Srwatson .f_isfd = 1, 220161582Srwatson .f_attach = NULL, 221161582Srwatson .f_detach = audit_pipe_kqdetach, 222161582Srwatson .f_event = audit_pipe_kqread, 223161582Srwatson}; 224161582Srwatson 225155408Srwatson/* 226155408Srwatson * Some global statistics on audit pipes. 227155408Srwatson */ 228155408Srwatsonstatic int audit_pipe_count; /* Current number of pipes. */ 229155408Srwatsonstatic u_int64_t audit_pipe_ever; /* Pipes ever allocated. */ 230155408Srwatsonstatic u_int64_t audit_pipe_records; /* Records seen. */ 231155408Srwatsonstatic u_int64_t audit_pipe_drops; /* Global record drop count. */ 232155408Srwatson 233155408Srwatson/* 234155408Srwatson * Free an audit pipe entry. 235155408Srwatson */ 236155408Srwatsonstatic void 237155408Srwatsonaudit_pipe_entry_free(struct audit_pipe_entry *ape) 238155408Srwatson{ 239155408Srwatson 240155408Srwatson free(ape->ape_record, M_AUDIT_PIPE_ENTRY); 241155408Srwatson free(ape, M_AUDIT_PIPE_ENTRY); 242155408Srwatson} 243155408Srwatson 244155408Srwatson/* 245159269Srwatson * Find an audit pipe preselection specification for an auid, if any. 246159269Srwatson */ 247159269Srwatsonstatic struct audit_pipe_preselect * 248159269Srwatsonaudit_pipe_preselect_find(struct audit_pipe *ap, au_id_t auid) 249159269Srwatson{ 250159269Srwatson struct audit_pipe_preselect *app; 251159269Srwatson 252184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 253159269Srwatson 254159269Srwatson TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) { 255159269Srwatson if (app->app_auid == auid) 256159269Srwatson return (app); 257159269Srwatson } 258159269Srwatson return (NULL); 259159269Srwatson} 260159269Srwatson 261159269Srwatson/* 262159269Srwatson * Query the per-pipe mask for a specific auid. 263159269Srwatson */ 264159269Srwatsonstatic int 265159269Srwatsonaudit_pipe_preselect_get(struct audit_pipe *ap, au_id_t auid, 266159269Srwatson au_mask_t *maskp) 267159269Srwatson{ 268159269Srwatson struct audit_pipe_preselect *app; 269159269Srwatson int error; 270159269Srwatson 271184488Srwatson AUDIT_PIPE_LOCK(ap); 272159269Srwatson app = audit_pipe_preselect_find(ap, auid); 273159269Srwatson if (app != NULL) { 274159269Srwatson *maskp = app->app_mask; 275159269Srwatson error = 0; 276159269Srwatson } else 277159269Srwatson error = ENOENT; 278184488Srwatson AUDIT_PIPE_UNLOCK(ap); 279159269Srwatson return (error); 280159269Srwatson} 281159269Srwatson 282159269Srwatson/* 283159269Srwatson * Set the per-pipe mask for a specific auid. Add a new entry if needed; 284159269Srwatson * otherwise, update the current entry. 285159269Srwatson */ 286159269Srwatsonstatic void 287159269Srwatsonaudit_pipe_preselect_set(struct audit_pipe *ap, au_id_t auid, au_mask_t mask) 288159269Srwatson{ 289159269Srwatson struct audit_pipe_preselect *app, *app_new; 290159269Srwatson 291159269Srwatson /* 292159269Srwatson * Pessimistically assume that the auid doesn't already have a mask 293159269Srwatson * set, and allocate. We will free it if it is unneeded. 294159269Srwatson */ 295159269Srwatson app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK); 296184488Srwatson AUDIT_PIPE_LOCK(ap); 297159269Srwatson app = audit_pipe_preselect_find(ap, auid); 298159269Srwatson if (app == NULL) { 299159269Srwatson app = app_new; 300159269Srwatson app_new = NULL; 301159269Srwatson app->app_auid = auid; 302159269Srwatson TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list); 303159269Srwatson } 304159269Srwatson app->app_mask = mask; 305184488Srwatson AUDIT_PIPE_UNLOCK(ap); 306159269Srwatson if (app_new != NULL) 307159269Srwatson free(app_new, M_AUDIT_PIPE_PRESELECT); 308159269Srwatson} 309159269Srwatson 310159269Srwatson/* 311159269Srwatson * Delete a per-auid mask on an audit pipe. 312159269Srwatson */ 313159269Srwatsonstatic int 314159269Srwatsonaudit_pipe_preselect_delete(struct audit_pipe *ap, au_id_t auid) 315159269Srwatson{ 316159269Srwatson struct audit_pipe_preselect *app; 317159269Srwatson int error; 318159269Srwatson 319184488Srwatson AUDIT_PIPE_LOCK(ap); 320159269Srwatson app = audit_pipe_preselect_find(ap, auid); 321159269Srwatson if (app != NULL) { 322159269Srwatson TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list); 323159269Srwatson error = 0; 324159269Srwatson } else 325159269Srwatson error = ENOENT; 326184488Srwatson AUDIT_PIPE_UNLOCK(ap); 327159269Srwatson if (app != NULL) 328159269Srwatson free(app, M_AUDIT_PIPE_PRESELECT); 329159269Srwatson return (error); 330159269Srwatson} 331159269Srwatson 332159269Srwatson/* 333159269Srwatson * Delete all per-auid masks on an audit pipe. 334159269Srwatson */ 335159269Srwatsonstatic void 336159269Srwatsonaudit_pipe_preselect_flush_locked(struct audit_pipe *ap) 337159269Srwatson{ 338159269Srwatson struct audit_pipe_preselect *app; 339159269Srwatson 340184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 341159269Srwatson 342159269Srwatson while ((app = TAILQ_FIRST(&ap->ap_preselect_list)) != NULL) { 343159269Srwatson TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list); 344159269Srwatson free(app, M_AUDIT_PIPE_PRESELECT); 345159269Srwatson } 346159269Srwatson} 347159269Srwatson 348159269Srwatsonstatic void 349159269Srwatsonaudit_pipe_preselect_flush(struct audit_pipe *ap) 350159269Srwatson{ 351159269Srwatson 352184488Srwatson AUDIT_PIPE_LOCK(ap); 353159269Srwatson audit_pipe_preselect_flush_locked(ap); 354184488Srwatson AUDIT_PIPE_UNLOCK(ap); 355159269Srwatson} 356159269Srwatson 357170196Srwatson/*- 358159269Srwatson * Determine whether a specific audit pipe matches a record with these 359159269Srwatson * properties. Algorithm is as follows: 360159269Srwatson * 361159269Srwatson * - If the pipe is configured to track the default trail configuration, then 362159269Srwatson * use the results of global preselection matching. 363159269Srwatson * - If not, search for a specifically configured auid entry matching the 364159269Srwatson * event. If an entry is found, use that. 365159269Srwatson * - Otherwise, use the default flags or naflags configured for the pipe. 366159269Srwatson */ 367159269Srwatsonstatic int 368159269Srwatsonaudit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid, 369159269Srwatson au_event_t event, au_class_t class, int sorf, int trail_preselect) 370159269Srwatson{ 371159269Srwatson struct audit_pipe_preselect *app; 372159269Srwatson 373184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 374159269Srwatson 375159269Srwatson switch (ap->ap_preselect_mode) { 376159269Srwatson case AUDITPIPE_PRESELECT_MODE_TRAIL: 377159269Srwatson return (trail_preselect); 378159269Srwatson 379159269Srwatson case AUDITPIPE_PRESELECT_MODE_LOCAL: 380159269Srwatson app = audit_pipe_preselect_find(ap, auid); 381159269Srwatson if (app == NULL) { 382159269Srwatson if (auid == AU_DEFAUDITID) 383159269Srwatson return (au_preselect(event, class, 384159269Srwatson &ap->ap_preselect_naflags, sorf)); 385159269Srwatson else 386159269Srwatson return (au_preselect(event, class, 387159269Srwatson &ap->ap_preselect_flags, sorf)); 388159269Srwatson } else 389159269Srwatson return (au_preselect(event, class, &app->app_mask, 390159269Srwatson sorf)); 391159269Srwatson 392159269Srwatson default: 393159269Srwatson panic("audit_pipe_preselect_check: mode %d", 394159269Srwatson ap->ap_preselect_mode); 395159269Srwatson } 396159269Srwatson 397159269Srwatson return (0); 398159269Srwatson} 399159269Srwatson 400159269Srwatson/* 401159269Srwatson * Determine whether there exists a pipe interested in a record with specific 402159269Srwatson * properties. 403159269Srwatson */ 404159269Srwatsonint 405159269Srwatsonaudit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, 406159269Srwatson int sorf, int trail_preselect) 407159269Srwatson{ 408159269Srwatson struct audit_pipe *ap; 409159269Srwatson 410184488Srwatson AUDIT_PIPE_LIST_RLOCK(); 411159269Srwatson TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { 412184488Srwatson AUDIT_PIPE_LOCK(ap); 413159269Srwatson if (audit_pipe_preselect_check(ap, auid, event, class, sorf, 414159269Srwatson trail_preselect)) { 415184488Srwatson AUDIT_PIPE_UNLOCK(ap); 416184488Srwatson AUDIT_PIPE_LIST_RUNLOCK(); 417159269Srwatson return (1); 418159269Srwatson } 419184488Srwatson AUDIT_PIPE_UNLOCK(ap); 420159269Srwatson } 421184488Srwatson AUDIT_PIPE_LIST_RUNLOCK(); 422159269Srwatson return (0); 423159269Srwatson} 424159269Srwatson 425159269Srwatson/* 426159269Srwatson * Append individual record to a queue -- allocate queue-local buffer, and 427184489Srwatson * add to the queue. If the queue is full or we can't allocate memory, drop 428184489Srwatson * the newest record. 429155408Srwatson */ 430155408Srwatsonstatic void 431155408Srwatsonaudit_pipe_append(struct audit_pipe *ap, void *record, u_int record_len) 432155408Srwatson{ 433184489Srwatson struct audit_pipe_entry *ape; 434155408Srwatson 435184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 436155408Srwatson 437184489Srwatson if (ap->ap_qlen >= ap->ap_qlimit) { 438184489Srwatson ap->ap_drops++; 439184489Srwatson audit_pipe_drops++; 440184489Srwatson return; 441184489Srwatson } 442184489Srwatson 443155408Srwatson ape = malloc(sizeof(*ape), M_AUDIT_PIPE_ENTRY, M_NOWAIT | M_ZERO); 444155408Srwatson if (ape == NULL) { 445155408Srwatson ap->ap_drops++; 446156292Srwatson audit_pipe_drops++; 447155408Srwatson return; 448155408Srwatson } 449155408Srwatson 450155408Srwatson ape->ape_record = malloc(record_len, M_AUDIT_PIPE_ENTRY, M_NOWAIT); 451155408Srwatson if (ape->ape_record == NULL) { 452155408Srwatson free(ape, M_AUDIT_PIPE_ENTRY); 453155408Srwatson ap->ap_drops++; 454155408Srwatson audit_pipe_drops++; 455155408Srwatson return; 456155408Srwatson } 457155408Srwatson 458155408Srwatson bcopy(record, ape->ape_record, record_len); 459155408Srwatson ape->ape_record_len = record_len; 460155408Srwatson 461155408Srwatson TAILQ_INSERT_TAIL(&ap->ap_queue, ape, ape_queue); 462155408Srwatson ap->ap_inserts++; 463155408Srwatson ap->ap_qlen++; 464155408Srwatson selwakeuppri(&ap->ap_selinfo, PSOCK); 465161582Srwatson KNOTE_LOCKED(&ap->ap_selinfo.si_note, 0); 466155408Srwatson if (ap->ap_flags & AUDIT_PIPE_ASYNC) 467155408Srwatson pgsigio(&ap->ap_sigio, SIGIO, 0); 468184488Srwatson cv_broadcast(&ap->ap_cv); 469155408Srwatson} 470155408Srwatson 471155408Srwatson/* 472155408Srwatson * audit_pipe_submit(): audit_worker submits audit records via this 473155408Srwatson * interface, which arranges for them to be delivered to pipe queues. 474155408Srwatson */ 475155408Srwatsonvoid 476159269Srwatsonaudit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf, 477159269Srwatson int trail_select, void *record, u_int record_len) 478155408Srwatson{ 479155408Srwatson struct audit_pipe *ap; 480155408Srwatson 481155408Srwatson /* 482184488Srwatson * Lockless read to avoid lock overhead if pipes are not in use. 483155408Srwatson */ 484155408Srwatson if (TAILQ_FIRST(&audit_pipe_list) == NULL) 485155408Srwatson return; 486155408Srwatson 487184488Srwatson AUDIT_PIPE_LIST_RLOCK(); 488159269Srwatson TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { 489184488Srwatson AUDIT_PIPE_LOCK(ap); 490159269Srwatson if (audit_pipe_preselect_check(ap, auid, event, class, sorf, 491159269Srwatson trail_select)) 492159269Srwatson audit_pipe_append(ap, record, record_len); 493184488Srwatson AUDIT_PIPE_UNLOCK(ap); 494159269Srwatson } 495184488Srwatson AUDIT_PIPE_LIST_RUNLOCK(); 496184488Srwatson 497184488Srwatson /* Unlocked increment. */ 498159269Srwatson audit_pipe_records++; 499159269Srwatson} 500159269Srwatson 501159269Srwatson/* 502159269Srwatson * audit_pipe_submit_user(): the same as audit_pipe_submit(), except that 503159269Srwatson * since we don't currently have selection information available, it is 504159269Srwatson * delivered to the pipe unconditionally. 505159269Srwatson * 506159269Srwatson * XXXRW: This is a bug. The BSM check routine for submitting a user record 507159269Srwatson * should parse that information and return it. 508159269Srwatson */ 509159269Srwatsonvoid 510159269Srwatsonaudit_pipe_submit_user(void *record, u_int record_len) 511159269Srwatson{ 512159269Srwatson struct audit_pipe *ap; 513159269Srwatson 514159269Srwatson /* 515184488Srwatson * Lockless read to avoid lock overhead if pipes are not in use. 516159269Srwatson */ 517159269Srwatson if (TAILQ_FIRST(&audit_pipe_list) == NULL) 518159269Srwatson return; 519159269Srwatson 520184488Srwatson AUDIT_PIPE_LIST_RLOCK(); 521184488Srwatson TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { 522184488Srwatson AUDIT_PIPE_LOCK(ap); 523155408Srwatson audit_pipe_append(ap, record, record_len); 524184488Srwatson AUDIT_PIPE_UNLOCK(ap); 525184488Srwatson } 526184488Srwatson AUDIT_PIPE_LIST_RUNLOCK(); 527184488Srwatson 528184488Srwatson /* Unlocked increment. */ 529155408Srwatson audit_pipe_records++; 530155408Srwatson} 531155408Srwatson 532155408Srwatson/* 533159269Srwatson * Pop the next record off of an audit pipe. 534155408Srwatson */ 535155408Srwatsonstatic struct audit_pipe_entry * 536155408Srwatsonaudit_pipe_pop(struct audit_pipe *ap) 537155408Srwatson{ 538155408Srwatson struct audit_pipe_entry *ape; 539155408Srwatson 540184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 541155408Srwatson 542155408Srwatson ape = TAILQ_FIRST(&ap->ap_queue); 543155408Srwatson KASSERT((ape == NULL && ap->ap_qlen == 0) || 544155408Srwatson (ape != NULL && ap->ap_qlen != 0), ("audit_pipe_pop: qlen")); 545155408Srwatson if (ape == NULL) 546155408Srwatson return (NULL); 547155408Srwatson TAILQ_REMOVE(&ap->ap_queue, ape, ape_queue); 548155408Srwatson ap->ap_qlen--; 549155408Srwatson return (ape); 550155408Srwatson} 551155408Srwatson 552155408Srwatson/* 553155408Srwatson * Allocate a new audit pipe. Connects the pipe, on success, to the global 554155408Srwatson * list and updates statistics. 555155408Srwatson */ 556155408Srwatsonstatic struct audit_pipe * 557155408Srwatsonaudit_pipe_alloc(void) 558155408Srwatson{ 559155408Srwatson struct audit_pipe *ap; 560155408Srwatson 561184488Srwatson AUDIT_PIPE_LIST_WLOCK_ASSERT(); 562155408Srwatson 563155408Srwatson ap = malloc(sizeof(*ap), M_AUDIT_PIPE, M_NOWAIT | M_ZERO); 564155408Srwatson if (ap == NULL) 565155408Srwatson return (NULL); 566155408Srwatson ap->ap_qlimit = AUDIT_PIPE_QLIMIT_DEFAULT; 567155408Srwatson TAILQ_INIT(&ap->ap_queue); 568184488Srwatson knlist_init(&ap->ap_selinfo.si_note, AUDIT_PIPE_MTX(ap), NULL, NULL, 569161582Srwatson NULL); 570184488Srwatson AUDIT_PIPE_LOCK_INIT(ap); 571184488Srwatson cv_init(&ap->ap_cv, "audit_pipe"); 572159269Srwatson 573159269Srwatson /* 574159269Srwatson * Default flags, naflags, and auid-specific preselection settings to 575159269Srwatson * 0. Initialize the mode to the global trail so that if praudit(1) 576159269Srwatson * is run on /dev/auditpipe, it sees events associated with the 577159269Srwatson * default trail. Pipe-aware application can clear the flag, set 578159269Srwatson * custom masks, and flush the pipe as needed. 579159269Srwatson */ 580159269Srwatson bzero(&ap->ap_preselect_flags, sizeof(ap->ap_preselect_flags)); 581159269Srwatson bzero(&ap->ap_preselect_naflags, sizeof(ap->ap_preselect_naflags)); 582159269Srwatson TAILQ_INIT(&ap->ap_preselect_list); 583159269Srwatson ap->ap_preselect_mode = AUDITPIPE_PRESELECT_MODE_TRAIL; 584159269Srwatson 585161582Srwatson /* 586161582Srwatson * Add to global list and update global statistics. 587161582Srwatson */ 588155408Srwatson TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list); 589155408Srwatson audit_pipe_count++; 590155408Srwatson audit_pipe_ever++; 591159269Srwatson 592155408Srwatson return (ap); 593155408Srwatson} 594155408Srwatson 595155408Srwatson/* 596159269Srwatson * Flush all records currently present in an audit pipe; assume mutex is held. 597155408Srwatson */ 598155408Srwatsonstatic void 599159269Srwatsonaudit_pipe_flush(struct audit_pipe *ap) 600155408Srwatson{ 601155408Srwatson struct audit_pipe_entry *ape; 602155408Srwatson 603184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 604155408Srwatson 605155408Srwatson while ((ape = TAILQ_FIRST(&ap->ap_queue)) != NULL) { 606155408Srwatson TAILQ_REMOVE(&ap->ap_queue, ape, ape_queue); 607155408Srwatson audit_pipe_entry_free(ape); 608155408Srwatson ap->ap_qlen--; 609155408Srwatson } 610155408Srwatson KASSERT(ap->ap_qlen == 0, ("audit_pipe_free: ap_qlen")); 611159269Srwatson} 612159269Srwatson 613159269Srwatson/* 614159269Srwatson * Free an audit pipe; this means freeing all preselection state and all 615184488Srwatson * records in the pipe. Assumes global write lock and pipe mutex are held to 616184488Srwatson * prevent any new records from being inserted during the free, and that the 617184488Srwatson * audit pipe is still on the global list. 618159269Srwatson */ 619159269Srwatsonstatic void 620159269Srwatsonaudit_pipe_free(struct audit_pipe *ap) 621159269Srwatson{ 622159269Srwatson 623184488Srwatson AUDIT_PIPE_LIST_WLOCK_ASSERT(); 624184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 625159269Srwatson 626159269Srwatson audit_pipe_preselect_flush_locked(ap); 627159269Srwatson audit_pipe_flush(ap); 628184488Srwatson cv_destroy(&ap->ap_cv); 629184488Srwatson AUDIT_PIPE_LOCK_DESTROY(ap); 630161582Srwatson knlist_destroy(&ap->ap_selinfo.si_note); 631159269Srwatson TAILQ_REMOVE(&audit_pipe_list, ap, ap_list); 632155408Srwatson free(ap, M_AUDIT_PIPE); 633155408Srwatson audit_pipe_count--; 634155408Srwatson} 635155408Srwatson 636155408Srwatson/* 637155408Srwatson * Audit pipe clone routine -- provide specific requested audit pipe, or a 638155408Srwatson * fresh one if a specific one is not requested. 639155408Srwatson */ 640155408Srwatsonstatic void 641155408Srwatsonaudit_pipe_clone(void *arg, struct ucred *cred, char *name, int namelen, 642155408Srwatson struct cdev **dev) 643155408Srwatson{ 644155408Srwatson int i, u; 645155408Srwatson 646155408Srwatson if (*dev != NULL) 647155408Srwatson return; 648155408Srwatson 649155408Srwatson if (strcmp(name, AUDIT_PIPE_NAME) == 0) 650155408Srwatson u = -1; 651155408Srwatson else if (dev_stdclone(name, NULL, AUDIT_PIPE_NAME, &u) != 1) 652155408Srwatson return; 653155408Srwatson 654155408Srwatson i = clone_create(&audit_pipe_clones, &audit_pipe_cdevsw, &u, dev, 0); 655155408Srwatson if (i) { 656183381Sed *dev = make_dev(&audit_pipe_cdevsw, u, UID_ROOT, 657155408Srwatson GID_WHEEL, 0600, "%s%d", AUDIT_PIPE_NAME, u); 658155408Srwatson if (*dev != NULL) { 659155408Srwatson dev_ref(*dev); 660155408Srwatson (*dev)->si_flags |= SI_CHEAPCLONE; 661155408Srwatson } 662155408Srwatson } 663155408Srwatson} 664155408Srwatson 665155408Srwatson/* 666164033Srwatson * Audit pipe open method. Explicit privilege check isn't used as this 667164033Srwatson * allows file permissions on the special device to be used to grant audit 668164033Srwatson * review access. Those file permissions should be managed carefully. 669155408Srwatson */ 670155408Srwatsonstatic int 671155408Srwatsonaudit_pipe_open(struct cdev *dev, int oflags, int devtype, struct thread *td) 672155408Srwatson{ 673155408Srwatson struct audit_pipe *ap; 674155408Srwatson 675184488Srwatson AUDIT_PIPE_LIST_WLOCK(); 676155408Srwatson ap = dev->si_drv1; 677155408Srwatson if (ap == NULL) { 678155408Srwatson ap = audit_pipe_alloc(); 679155408Srwatson if (ap == NULL) { 680184488Srwatson AUDIT_PIPE_LIST_WUNLOCK(); 681155408Srwatson return (ENOMEM); 682155408Srwatson } 683155408Srwatson dev->si_drv1 = ap; 684155408Srwatson } else { 685155408Srwatson KASSERT(ap->ap_open, ("audit_pipe_open: ap && !ap_open")); 686184488Srwatson AUDIT_PIPE_LIST_WUNLOCK(); 687155408Srwatson return (EBUSY); 688155408Srwatson } 689184488Srwatson ap->ap_open = 1; /* No lock required yet. */ 690184488Srwatson AUDIT_PIPE_LIST_WUNLOCK(); 691155408Srwatson fsetown(td->td_proc->p_pid, &ap->ap_sigio); 692155408Srwatson return (0); 693155408Srwatson} 694155408Srwatson 695155408Srwatson/* 696155408Srwatson * Close audit pipe, tear down all records, etc. 697155408Srwatson */ 698155408Srwatsonstatic int 699155408Srwatsonaudit_pipe_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 700155408Srwatson{ 701155408Srwatson struct audit_pipe *ap; 702155408Srwatson 703155408Srwatson ap = dev->si_drv1; 704155408Srwatson KASSERT(ap != NULL, ("audit_pipe_close: ap == NULL")); 705155408Srwatson KASSERT(ap->ap_open, ("audit_pipe_close: !ap_open")); 706184488Srwatson 707155408Srwatson funsetown(&ap->ap_sigio); 708184488Srwatson AUDIT_PIPE_LIST_WLOCK(); 709184488Srwatson AUDIT_PIPE_LOCK(ap); 710155408Srwatson ap->ap_open = 0; 711155408Srwatson audit_pipe_free(ap); 712155408Srwatson dev->si_drv1 = NULL; 713184488Srwatson AUDIT_PIPE_LIST_WUNLOCK(); 714155408Srwatson return (0); 715155408Srwatson} 716155408Srwatson 717155408Srwatson/* 718156880Srwatson * Audit pipe ioctl() routine. Handle file descriptor and audit pipe layer 719156880Srwatson * commands. 720155408Srwatson * 721155408Srwatson * Would be desirable to support filtering, although perhaps something simple 722155408Srwatson * like an event mask, as opposed to something complicated like BPF. 723155408Srwatson */ 724155408Srwatsonstatic int 725155408Srwatsonaudit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, 726155408Srwatson struct thread *td) 727155408Srwatson{ 728159269Srwatson struct auditpipe_ioctl_preselect *aip; 729155408Srwatson struct audit_pipe *ap; 730159269Srwatson au_mask_t *maskp; 731159269Srwatson int error, mode; 732159269Srwatson au_id_t auid; 733155408Srwatson 734155408Srwatson ap = dev->si_drv1; 735155408Srwatson KASSERT(ap != NULL, ("audit_pipe_ioctl: ap == NULL")); 736159269Srwatson 737159269Srwatson /* 738159269Srwatson * Audit pipe ioctls: first come standard device node ioctls, then 739159269Srwatson * manipulation of pipe settings, and finally, statistics query 740159269Srwatson * ioctls. 741159269Srwatson */ 742155408Srwatson switch (cmd) { 743155408Srwatson case FIONBIO: 744184488Srwatson AUDIT_PIPE_LOCK(ap); 745155408Srwatson if (*(int *)data) 746155408Srwatson ap->ap_flags |= AUDIT_PIPE_NBIO; 747155408Srwatson else 748155408Srwatson ap->ap_flags &= ~AUDIT_PIPE_NBIO; 749184488Srwatson AUDIT_PIPE_UNLOCK(ap); 750155408Srwatson error = 0; 751155408Srwatson break; 752155408Srwatson 753155408Srwatson case FIONREAD: 754184488Srwatson AUDIT_PIPE_LOCK(ap); 755155408Srwatson if (TAILQ_FIRST(&ap->ap_queue) != NULL) 756155408Srwatson *(int *)data = 757155408Srwatson TAILQ_FIRST(&ap->ap_queue)->ape_record_len; 758155408Srwatson else 759155408Srwatson *(int *)data = 0; 760184488Srwatson AUDIT_PIPE_UNLOCK(ap); 761155408Srwatson error = 0; 762155408Srwatson break; 763155408Srwatson 764155408Srwatson case FIOASYNC: 765184488Srwatson AUDIT_PIPE_LOCK(ap); 766155408Srwatson if (*(int *)data) 767155408Srwatson ap->ap_flags |= AUDIT_PIPE_ASYNC; 768155408Srwatson else 769155408Srwatson ap->ap_flags &= ~AUDIT_PIPE_ASYNC; 770184488Srwatson AUDIT_PIPE_UNLOCK(ap); 771155408Srwatson error = 0; 772155408Srwatson break; 773155408Srwatson 774155408Srwatson case FIOSETOWN: 775155408Srwatson error = fsetown(*(int *)data, &ap->ap_sigio); 776155408Srwatson break; 777155408Srwatson 778155408Srwatson case FIOGETOWN: 779155408Srwatson *(int *)data = fgetown(&ap->ap_sigio); 780155408Srwatson error = 0; 781156880Srwatson break; 782155408Srwatson 783156880Srwatson case AUDITPIPE_GET_QLEN: 784156880Srwatson *(u_int *)data = ap->ap_qlen; 785156880Srwatson error = 0; 786156880Srwatson break; 787156880Srwatson 788156880Srwatson case AUDITPIPE_GET_QLIMIT: 789156880Srwatson *(u_int *)data = ap->ap_qlimit; 790156880Srwatson error = 0; 791156880Srwatson break; 792156880Srwatson 793156880Srwatson case AUDITPIPE_SET_QLIMIT: 794156880Srwatson /* Lockless integer write. */ 795156880Srwatson if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN || 796156880Srwatson *(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) { 797156880Srwatson ap->ap_qlimit = *(u_int *)data; 798156880Srwatson error = 0; 799156880Srwatson } else 800156880Srwatson error = EINVAL; 801156880Srwatson break; 802156880Srwatson 803156884Srwatson case AUDITPIPE_GET_QLIMIT_MIN: 804156884Srwatson *(u_int *)data = AUDIT_PIPE_QLIMIT_MIN; 805156884Srwatson error = 0; 806156884Srwatson break; 807156884Srwatson 808156884Srwatson case AUDITPIPE_GET_QLIMIT_MAX: 809156884Srwatson *(u_int *)data = AUDIT_PIPE_QLIMIT_MAX; 810156884Srwatson error = 0; 811156884Srwatson break; 812156884Srwatson 813159269Srwatson case AUDITPIPE_GET_PRESELECT_FLAGS: 814184488Srwatson AUDIT_PIPE_LOCK(ap); 815159269Srwatson maskp = (au_mask_t *)data; 816159269Srwatson *maskp = ap->ap_preselect_flags; 817184488Srwatson AUDIT_PIPE_UNLOCK(ap); 818159269Srwatson error = 0; 819159269Srwatson break; 820159269Srwatson 821159269Srwatson case AUDITPIPE_SET_PRESELECT_FLAGS: 822184488Srwatson AUDIT_PIPE_LOCK(ap); 823159269Srwatson maskp = (au_mask_t *)data; 824159269Srwatson ap->ap_preselect_flags = *maskp; 825184488Srwatson AUDIT_PIPE_UNLOCK(ap); 826159269Srwatson error = 0; 827159269Srwatson break; 828159269Srwatson 829159269Srwatson case AUDITPIPE_GET_PRESELECT_NAFLAGS: 830184488Srwatson AUDIT_PIPE_LOCK(ap); 831159269Srwatson maskp = (au_mask_t *)data; 832159269Srwatson *maskp = ap->ap_preselect_naflags; 833184488Srwatson AUDIT_PIPE_UNLOCK(ap); 834159269Srwatson error = 0; 835159269Srwatson break; 836159269Srwatson 837159269Srwatson case AUDITPIPE_SET_PRESELECT_NAFLAGS: 838184488Srwatson AUDIT_PIPE_LOCK(ap); 839159269Srwatson maskp = (au_mask_t *)data; 840159269Srwatson ap->ap_preselect_naflags = *maskp; 841184488Srwatson AUDIT_PIPE_UNLOCK(ap); 842159269Srwatson error = 0; 843159269Srwatson break; 844159269Srwatson 845159269Srwatson case AUDITPIPE_GET_PRESELECT_AUID: 846159269Srwatson aip = (struct auditpipe_ioctl_preselect *)data; 847159269Srwatson error = audit_pipe_preselect_get(ap, aip->aip_auid, 848159269Srwatson &aip->aip_mask); 849159269Srwatson break; 850159269Srwatson 851159269Srwatson case AUDITPIPE_SET_PRESELECT_AUID: 852159269Srwatson aip = (struct auditpipe_ioctl_preselect *)data; 853159269Srwatson audit_pipe_preselect_set(ap, aip->aip_auid, aip->aip_mask); 854159269Srwatson error = 0; 855159269Srwatson break; 856159269Srwatson 857159269Srwatson case AUDITPIPE_DELETE_PRESELECT_AUID: 858159269Srwatson auid = *(au_id_t *)data; 859159269Srwatson error = audit_pipe_preselect_delete(ap, auid); 860159269Srwatson break; 861159269Srwatson 862159269Srwatson case AUDITPIPE_FLUSH_PRESELECT_AUID: 863159269Srwatson audit_pipe_preselect_flush(ap); 864159269Srwatson error = 0; 865159269Srwatson break; 866159269Srwatson 867159269Srwatson case AUDITPIPE_GET_PRESELECT_MODE: 868184488Srwatson AUDIT_PIPE_LOCK(ap); 869159269Srwatson *(int *)data = ap->ap_preselect_mode; 870184488Srwatson AUDIT_PIPE_UNLOCK(ap); 871159269Srwatson error = 0; 872159269Srwatson break; 873159269Srwatson 874159269Srwatson case AUDITPIPE_SET_PRESELECT_MODE: 875159269Srwatson mode = *(int *)data; 876159269Srwatson switch (mode) { 877159269Srwatson case AUDITPIPE_PRESELECT_MODE_TRAIL: 878159269Srwatson case AUDITPIPE_PRESELECT_MODE_LOCAL: 879184488Srwatson AUDIT_PIPE_LOCK(ap); 880159269Srwatson ap->ap_preselect_mode = mode; 881184488Srwatson AUDIT_PIPE_UNLOCK(ap); 882159269Srwatson error = 0; 883159269Srwatson break; 884159269Srwatson 885159269Srwatson default: 886159269Srwatson error = EINVAL; 887159269Srwatson } 888159269Srwatson break; 889159269Srwatson 890159269Srwatson case AUDITPIPE_FLUSH: 891184488Srwatson AUDIT_PIPE_LOCK(ap); 892159269Srwatson audit_pipe_flush(ap); 893184488Srwatson AUDIT_PIPE_UNLOCK(ap); 894159269Srwatson error = 0; 895159269Srwatson break; 896159269Srwatson 897161646Srwatson case AUDITPIPE_GET_MAXAUDITDATA: 898161646Srwatson *(u_int *)data = MAXAUDITDATA; 899161646Srwatson error = 0; 900161646Srwatson break; 901161646Srwatson 902156880Srwatson case AUDITPIPE_GET_INSERTS: 903156880Srwatson *(u_int *)data = ap->ap_inserts; 904156880Srwatson error = 0; 905156880Srwatson break; 906156880Srwatson 907156880Srwatson case AUDITPIPE_GET_READS: 908156880Srwatson *(u_int *)data = ap->ap_reads; 909156880Srwatson error = 0; 910156880Srwatson break; 911156880Srwatson 912156880Srwatson case AUDITPIPE_GET_DROPS: 913156880Srwatson *(u_int *)data = ap->ap_drops; 914156880Srwatson error = 0; 915156880Srwatson break; 916156880Srwatson 917156880Srwatson case AUDITPIPE_GET_TRUNCATES: 918156880Srwatson *(u_int *)data = ap->ap_truncates; 919156880Srwatson error = 0; 920156880Srwatson break; 921156880Srwatson 922155408Srwatson default: 923155408Srwatson error = ENOTTY; 924155408Srwatson } 925155408Srwatson return (error); 926155408Srwatson} 927155408Srwatson 928155408Srwatson/* 929155408Srwatson * Audit pipe read. Pull one record off the queue and copy to user space. 930155408Srwatson * On error, the record is dropped. 931159269Srwatson * 932159269Srwatson * Providing more sophisticated behavior, such as partial reads, is tricky 933159269Srwatson * due to the potential for parallel I/O. If partial read support is 934159269Srwatson * required, it will require a per-pipe "current record being read" along 935159269Srwatson * with an offset into that trecord which has already been read. Threads 936159269Srwatson * performing partial reads will need to allocate per-thread copies of the 937159269Srwatson * data so that if another thread completes the read of the record, it can be 938159269Srwatson * freed without adding reference count logic. If this is added, a flag to 939159269Srwatson * indicate that only atomic record reads are desired would be useful, as if 940159269Srwatson * different threads are all waiting for records on the pipe, they will want 941159269Srwatson * independent record reads, which is currently the behavior. 942155408Srwatson */ 943155408Srwatsonstatic int 944155408Srwatsonaudit_pipe_read(struct cdev *dev, struct uio *uio, int flag) 945155408Srwatson{ 946155408Srwatson struct audit_pipe_entry *ape; 947155408Srwatson struct audit_pipe *ap; 948155408Srwatson int error; 949155408Srwatson 950155408Srwatson ap = dev->si_drv1; 951155408Srwatson KASSERT(ap != NULL, ("audit_pipe_read: ap == NULL")); 952184488Srwatson 953184488Srwatson AUDIT_PIPE_LOCK(ap); 954155408Srwatson do { 955155408Srwatson /* 956155408Srwatson * Wait for a record that fits into the read buffer, dropping 957155408Srwatson * records that would be truncated if actually passed to the 958155408Srwatson * process. This helps maintain the discreet record read 959155408Srwatson * interface. 960155408Srwatson */ 961155408Srwatson while ((ape = audit_pipe_pop(ap)) == NULL) { 962155408Srwatson if (ap->ap_flags & AUDIT_PIPE_NBIO) { 963184488Srwatson AUDIT_PIPE_UNLOCK(ap); 964155408Srwatson return (EAGAIN); 965155408Srwatson } 966184488Srwatson error = cv_wait_sig(&ap->ap_cv, AUDIT_PIPE_MTX(ap)); 967155408Srwatson if (error) { 968184488Srwatson AUDIT_PIPE_UNLOCK(ap); 969155408Srwatson return (error); 970155408Srwatson } 971155408Srwatson } 972155408Srwatson if (ape->ape_record_len <= uio->uio_resid) 973155408Srwatson break; 974155408Srwatson audit_pipe_entry_free(ape); 975155408Srwatson ap->ap_truncates++; 976155408Srwatson } while (1); 977173083Scsjp ap->ap_reads++; 978184488Srwatson AUDIT_PIPE_UNLOCK(ap); 979155408Srwatson 980155408Srwatson /* 981155408Srwatson * Now read record to user space memory. Even if the read is short, 982155408Srwatson * we abandon the remainder of the record, supporting only discreet 983155408Srwatson * record reads. 984155408Srwatson */ 985155408Srwatson error = uiomove(ape->ape_record, ape->ape_record_len, uio); 986155408Srwatson audit_pipe_entry_free(ape); 987155408Srwatson return (error); 988155408Srwatson} 989155408Srwatson 990155408Srwatson/* 991155408Srwatson * Audit pipe poll. 992155408Srwatson */ 993155408Srwatsonstatic int 994155408Srwatsonaudit_pipe_poll(struct cdev *dev, int events, struct thread *td) 995155408Srwatson{ 996155408Srwatson struct audit_pipe *ap; 997155408Srwatson int revents; 998155408Srwatson 999155408Srwatson revents = 0; 1000155408Srwatson ap = dev->si_drv1; 1001155408Srwatson KASSERT(ap != NULL, ("audit_pipe_poll: ap == NULL")); 1002184488Srwatson 1003155408Srwatson if (events & (POLLIN | POLLRDNORM)) { 1004184488Srwatson AUDIT_PIPE_LOCK(ap); 1005155408Srwatson if (TAILQ_FIRST(&ap->ap_queue) != NULL) 1006155408Srwatson revents |= events & (POLLIN | POLLRDNORM); 1007155408Srwatson else 1008155408Srwatson selrecord(td, &ap->ap_selinfo); 1009184488Srwatson AUDIT_PIPE_UNLOCK(ap); 1010155408Srwatson } 1011155408Srwatson return (revents); 1012155408Srwatson} 1013155408Srwatson 1014155408Srwatson/* 1015161582Srwatson * Audit pipe kqfilter. 1016161582Srwatson */ 1017161582Srwatsonstatic int 1018161582Srwatsonaudit_pipe_kqfilter(struct cdev *dev, struct knote *kn) 1019161582Srwatson{ 1020161582Srwatson struct audit_pipe *ap; 1021161582Srwatson 1022161582Srwatson ap = dev->si_drv1; 1023161582Srwatson KASSERT(ap != NULL, ("audit_pipe_kqfilter: ap == NULL")); 1024161582Srwatson 1025161582Srwatson if (kn->kn_filter != EVFILT_READ) 1026161582Srwatson return (EINVAL); 1027161582Srwatson 1028161582Srwatson kn->kn_fop = &audit_pipe_read_filterops; 1029161582Srwatson kn->kn_hook = ap; 1030161582Srwatson 1031184488Srwatson AUDIT_PIPE_LOCK(ap); 1032161582Srwatson knlist_add(&ap->ap_selinfo.si_note, kn, 1); 1033184488Srwatson AUDIT_PIPE_UNLOCK(ap); 1034161582Srwatson return (0); 1035161582Srwatson} 1036161582Srwatson 1037161582Srwatson/* 1038161582Srwatson * Return true if there are records available for reading on the pipe. 1039161582Srwatson */ 1040161582Srwatsonstatic int 1041161582Srwatsonaudit_pipe_kqread(struct knote *kn, long hint) 1042161582Srwatson{ 1043161582Srwatson struct audit_pipe_entry *ape; 1044161582Srwatson struct audit_pipe *ap; 1045161582Srwatson 1046161582Srwatson ap = (struct audit_pipe *)kn->kn_hook; 1047161582Srwatson KASSERT(ap != NULL, ("audit_pipe_kqread: ap == NULL")); 1048161582Srwatson 1049184488Srwatson AUDIT_PIPE_LOCK_ASSERT(ap); 1050184488Srwatson 1051161582Srwatson if (ap->ap_qlen != 0) { 1052161582Srwatson ape = TAILQ_FIRST(&ap->ap_queue); 1053161582Srwatson KASSERT(ape != NULL, ("audit_pipe_kqread: ape == NULL")); 1054161582Srwatson 1055161582Srwatson kn->kn_data = ape->ape_record_len; 1056161582Srwatson return (1); 1057161582Srwatson } else { 1058161582Srwatson kn->kn_data = 0; 1059161582Srwatson return (0); 1060161582Srwatson } 1061161582Srwatson} 1062161582Srwatson 1063161582Srwatson/* 1064161582Srwatson * Detach kqueue state from audit pipe. 1065161582Srwatson */ 1066161582Srwatsonstatic void 1067161582Srwatsonaudit_pipe_kqdetach(struct knote *kn) 1068161582Srwatson{ 1069161582Srwatson struct audit_pipe *ap; 1070161582Srwatson 1071161582Srwatson ap = (struct audit_pipe *)kn->kn_hook; 1072161582Srwatson KASSERT(ap != NULL, ("audit_pipe_kqdetach: ap == NULL")); 1073161582Srwatson 1074184488Srwatson AUDIT_PIPE_LOCK(ap); 1075161582Srwatson knlist_remove(&ap->ap_selinfo.si_note, kn, 1); 1076184488Srwatson AUDIT_PIPE_UNLOCK(ap); 1077161582Srwatson} 1078161582Srwatson 1079161582Srwatson/* 1080155408Srwatson * Initialize the audit pipe system. 1081155408Srwatson */ 1082155408Srwatsonstatic void 1083155408Srwatsonaudit_pipe_init(void *unused) 1084155408Srwatson{ 1085155408Srwatson 1086155408Srwatson TAILQ_INIT(&audit_pipe_list); 1087184488Srwatson AUDIT_PIPE_LIST_LOCK_INIT(); 1088155408Srwatson 1089155408Srwatson clone_setup(&audit_pipe_clones); 1090155408Srwatson audit_pipe_eh_tag = EVENTHANDLER_REGISTER(dev_clone, 1091155408Srwatson audit_pipe_clone, 0, 1000); 1092155408Srwatson if (audit_pipe_eh_tag == NULL) 1093155408Srwatson panic("audit_pipe_init: EVENTHANDLER_REGISTER"); 1094155408Srwatson} 1095155408Srwatson 1096155408SrwatsonSYSINIT(audit_pipe_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, audit_pipe_init, 1097155408Srwatson NULL); 1098