Wrap sx locking of the audit worker sleep lock in macros, update comments.

MFC after:	2 months
Sponsored by:	Apple, Inc.

1 files changed, 31 insertions, 24 deletions

diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index a10d2b8..191d583 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2005 Apple Inc.
+ * Copyright (c) 1999-2008 Apple Inc.
  * Copyright (c) 2006-2008 Robert N. M. Watson
  * All rights reserved.
  *
@@ -78,17 +78,24 @@ static struct proc		*audit_thread;
 
 /*
  * audit_cred and audit_vp are the stored credential and vnode to use for
- * active audit trail.  They are protected by audit_worker_sx, which will be
- * held across all I/O and all rotation to prevent them from being replaced
- * (rotated) while in use.  The audit_file_rotate_wait flag is set when the
- * kernel has delivered a trigger to auditd to rotate the trail, and is
- * cleared when the next rotation takes place.  It is also protected by
- * audit_worker_sx.
+ * active audit trail.  They are protected by the audit worker lock, which
+ * will be held across all I/O and all rotation to prevent them from being
+ * replaced (rotated) while in use.  The audit_file_rotate_wait flag is set
+ * when the kernel has delivered a trigger to auditd to rotate the trail, and
+ * is cleared when the next rotation takes place.  It is also protected by
+ * the audit worker lock.
  */
 static int		 audit_file_rotate_wait;
-static struct sx	 audit_worker_sx;
 static struct ucred	*audit_cred;
 static struct vnode	*audit_vp;
+static struct sx	 audit_worker_lock;
+
+#define	AUDIT_WORKER_LOCK_INIT()	sx_init(&audit_worker_lock, \
+					    "audit_worker_lock");
+#define	AUDIT_WORKER_LOCK_ASSERT()	sx_assert(&audit_worker_lock, \
+					    SA_XLOCKED)
+#define	AUDIT_WORKER_LOCK()		sx_xlock(&audit_worker_lock)
+#define	AUDIT_WORKER_UNLOCK()		sx_xunlock(&audit_worker_lock)
 
 /*
  * Write an audit record to a file, performed as the last stage after both
@@ -111,7 +118,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, void *data,
 	struct vattr vattr;
 	long temp;
 
-	sx_assert(&audit_worker_sx, SA_LOCKED);	/* audit_file_rotate_wait. */
+	AUDIT_WORKER_LOCK_ASSERT();
 
 	if (vp == NULL)
 		return;
@@ -191,7 +198,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, void *data,
 	 */
 	if ((audit_fstat.af_filesz != 0) && (audit_file_rotate_wait == 0) &&
 	    (vattr.va_size >= audit_fstat.af_filesz)) {
-		sx_assert(&audit_worker_sx, SA_XLOCKED);
+		AUDIT_WORKER_LOCK_ASSERT();
 
 		audit_file_rotate_wait = 1;
 		(void)audit_send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL);
@@ -300,20 +307,20 @@ audit_worker_process_record(struct kaudit_record *ar)
 	au_event_t event;
 	au_id_t auid;
 	int error, sorf;
-	int trail_locked;
+	int locked;
 
 	/*
-	 * We hold the audit_worker_sx lock over both writes, if there are
-	 * two, so that the two records won't be split across a rotation and
-	 * end up in two different trail files.
+	 * We hold the audit worker lock over both writes, if there are two,
+	 * so that the two records won't be split across a rotation and end
+	 * up in two different trail files.
 	 */
 	if (((ar->k_ar_commit & AR_COMMIT_USER) &&
 	    (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) ||
 	    (ar->k_ar_commit & AR_PRESELECT_TRAIL)) {
-		sx_xlock(&audit_worker_sx);
-		trail_locked = 1;
+		AUDIT_WORKER_LOCK();
+		locked = 1;
 	} else
-		trail_locked = 0;
+		locked = 0;
 
 	/*
 	 * First, handle the user record, if any: commit to the system trail
@@ -321,7 +328,7 @@ audit_worker_process_record(struct kaudit_record *ar)
 	 */
 	if ((ar->k_ar_commit & AR_COMMIT_USER) &&
 	    (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) {
-		sx_assert(&audit_worker_sx, SA_XLOCKED);
+		AUDIT_WORKER_LOCK_ASSERT();
 		audit_record_write(audit_vp, audit_cred, ar->k_udata,
 		    ar->k_ulen);
 	}
@@ -360,7 +367,7 @@ audit_worker_process_record(struct kaudit_record *ar)
 	}
 
 	if (ar->k_ar_commit & AR_PRESELECT_TRAIL) {
-		sx_assert(&audit_worker_sx, SA_XLOCKED);
+		AUDIT_WORKER_LOCK_ASSERT();
 		audit_record_write(audit_vp, audit_cred, bsm->data, bsm->len);
 	}
 
@@ -371,8 +378,8 @@ audit_worker_process_record(struct kaudit_record *ar)
 
 	kau_free(bsm);
 out:
-	if (trail_locked)
-		sx_xunlock(&audit_worker_sx);
+	if (locked)
+		AUDIT_WORKER_UNLOCK();
 }
 
 /*
@@ -453,14 +460,14 @@ audit_rotate_vnode(struct ucred *cred, struct vnode *vp)
 	 * Rotate the vnode/cred, and clear the rotate flag so that we will
 	 * send a rotate trigger if the new file fills.
 	 */
-	sx_xlock(&audit_worker_sx);
+	AUDIT_WORKER_LOCK();
 	old_audit_cred = audit_cred;
 	old_audit_vp = audit_vp;
 	audit_cred = cred;
 	audit_vp = vp;
 	audit_file_rotate_wait = 0;
 	audit_enabled = (audit_vp != NULL);
-	sx_xunlock(&audit_worker_sx);
+	AUDIT_WORKER_UNLOCK();
 
 	/*
 	 * If there was an old vnode/credential, close and free.
@@ -479,7 +486,7 @@ audit_worker_init(void)
 {
 	int error;
 
-	sx_init(&audit_worker_sx, "audit_worker_sx");
+	AUDIT_WORKER_LOCK_INIT();
 	error = kproc_create(audit_worker, NULL, &audit_thread, RFHIGHPID,
 	    0, "audit");
 	if (error)