HomeFreeBSD
Diffusion FreeBSD src repository 1574c53178e9

audit: Fix short-circuiting in syscallenter()
1574c53178e9
Actions

Description

audit: Fix short-circuiting in syscallenter()

syscallenter() has a slow path to handle syscall auditing and dtrace
syscall tracing. It uses AUDIT_SYSCALL_ENTER() to check whether to take
the slow path, but this macro also has side effects: it writes the audit
log entry. When systrace (dtrace syscall tracing) is enabled, this
would get short-circuited, and we end up not writing audit log entries.

Introduce a pure macro to check whether auditing is enabled, use it in
syscallenter() instead of AUDIT_SYSCALL_ENTER().

Approved by: so
Security: FreeBSD-EN-25:02.audit
Reviewed by: kib
Reported by: Joe Duin <jd@firexfly.com>
Fixes: 2f7292437d0c ("Merge audit and systrace checks")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48448

(cherry picked from commit f78fe930854cac6eed55859b45e0a7b5d87189d6)
(cherry picked from commit 4b9ba274d736de74676051c8f13e7d3dd536334b)

Details

Provenance
markjAuthored on Tue, Jan 14, 2:19 PM
Reviewer
rG2f7292437d0c: Merge audit and systrace checks
Differential Revision
D48448: audit: Fix short-circuiting in syscallenter()
Parents
rG4fdb8d1ab316: svc.c: Check for a non-NULL xp_socket
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
kern/
security/
audit/

rG1574c53178e9

View Options

sys/kern/subr_syscall.c

Loading...
View Options

sys/security/audit/audit.h

Loading...