diff options
author | rwatson <rwatson@FreeBSD.org> | 2008-11-14 01:24:52 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2008-11-14 01:24:52 +0000 |
commit | ea0b860502bbb6c24b2c4f853c2d4c97e5d96f2b (patch) | |
tree | f4dda4b865cb4380c2d7ee549196f94554aaa671 /sys/security/audit/audit_syscalls.c | |
parent | cbf9e0a3f94f230c45edb13092f4b4b0ae60342a (diff) | |
download | FreeBSD-src-ea0b860502bbb6c24b2c4f853c2d4c97e5d96f2b.zip FreeBSD-src-ea0b860502bbb6c24b2c4f853c2d4c97e5d96f2b.tar.gz |
When repeatedly accessing a thread credential, cache the credential
pointer in a local thread. While this is unlikely to significantly
improve performance given modern compiler behavior, it makes the code
more readable and reduces diffs to the Mac OS X version of the same
code (which stores things in creds in the same way, but where the
cred for a thread is reached quite differently).
Discussed with: sson
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/audit/audit_syscalls.c')
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index cf88c93..83291b3 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -157,7 +157,7 @@ free_out: int auditon(struct thread *td, struct auditon_args *uap) { - struct ucred *newcred, *oldcred; + struct ucred *cred, *newcred, *oldcred; int error; union auditon_udata udata; struct proc *tp; @@ -321,22 +321,21 @@ auditon(struct thread *td, struct auditon_args *uap) PROC_UNLOCK(tp); return (error); } - if (tp->p_ucred->cr_audit.ai_termid.at_type == AU_IPv6) { + cred = tp->p_ucred; + if (cred->cr_audit.ai_termid.at_type == AU_IPv6) { PROC_UNLOCK(tp); return (EINVAL); } - udata.au_aupinfo.ap_auid = - tp->p_ucred->cr_audit.ai_auid; + udata.au_aupinfo.ap_auid = cred->cr_audit.ai_auid; udata.au_aupinfo.ap_mask.am_success = - tp->p_ucred->cr_audit.ai_mask.am_success; + cred->cr_audit.ai_mask.am_success; udata.au_aupinfo.ap_mask.am_failure = - tp->p_ucred->cr_audit.ai_mask.am_failure; + cred->cr_audit.ai_mask.am_failure; udata.au_aupinfo.ap_termid.machine = - tp->p_ucred->cr_audit.ai_termid.at_addr[0]; + cred->cr_audit.ai_termid.at_addr[0]; udata.au_aupinfo.ap_termid.port = - (dev_t)tp->p_ucred->cr_audit.ai_termid.at_port; - udata.au_aupinfo.ap_asid = - tp->p_ucred->cr_audit.ai_asid; + (dev_t)cred->cr_audit.ai_termid.at_port; + udata.au_aupinfo.ap_asid = cred->cr_audit.ai_asid; PROC_UNLOCK(tp); break; @@ -381,16 +380,14 @@ auditon(struct thread *td, struct auditon_args *uap) return (ESRCH); if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL) return (ESRCH); - udata.au_aupinfo_addr.ap_auid = - tp->p_ucred->cr_audit.ai_auid; + cred = tp->p_ucred; + udata.au_aupinfo_addr.ap_auid = cred->cr_audit.ai_auid; udata.au_aupinfo_addr.ap_mask.am_success = - tp->p_ucred->cr_audit.ai_mask.am_success; + cred->cr_audit.ai_mask.am_success; udata.au_aupinfo_addr.ap_mask.am_failure = - tp->p_ucred->cr_audit.ai_mask.am_failure; - udata.au_aupinfo_addr.ap_termid = - tp->p_ucred->cr_audit.ai_termid; - udata.au_aupinfo_addr.ap_asid = - tp->p_ucred->cr_audit.ai_asid; + cred->cr_audit.ai_mask.am_failure; + udata.au_aupinfo_addr.ap_termid = cred->cr_audit.ai_termid; + udata.au_aupinfo_addr.ap_asid = cred->cr_audit.ai_asid; PROC_UNLOCK(tp); break; @@ -503,21 +500,23 @@ int getaudit(struct thread *td, struct getaudit_args *uap) { struct auditinfo ai; + struct ucred *cred; int error; - if (jailed(td->td_ucred)) + cred = td->td_ucred; + if (jailed(cred)) return (ENOSYS); error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); - if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6) + if (cred->cr_audit.ai_termid.at_type == AU_IPv6) return (ERANGE); bzero(&ai, sizeof(ai)); - ai.ai_auid = td->td_ucred->cr_audit.ai_auid; - ai.ai_mask = td->td_ucred->cr_audit.ai_mask; - ai.ai_asid = td->td_ucred->cr_audit.ai_asid; - ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0]; - ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port; + ai.ai_auid = cred->cr_audit.ai_auid; + ai.ai_mask = cred->cr_audit.ai_mask; + ai.ai_asid = cred->cr_audit.ai_asid; + ai.ai_termid.machine = cred->cr_audit.ai_termid.at_addr[0]; + ai.ai_termid.port = cred->cr_audit.ai_termid.at_port; return (copyout(&ai, uap->auditinfo, sizeof(ai))); } |