All of lore.kernel.org
 help / color / mirror / Atom feed
From: Richard Guy Briggs <rgb@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-audit@redhat.com
Subject: Re: [RFC PATCH v2] audit: move audit_signal_info() into kernel/auditsc.c
Date: Fri, 7 Apr 2017 11:59:31 -0400	[thread overview]
Message-ID: <20170407155931.GT9027@madcap2.tricolour.ca> (raw)
In-Reply-To: <CAHC9VhS_eYJFvZD-N6yPdd-hXkUR6R+BGNWgU_Sh4sagXYehbg@mail.gmail.com>

On 2017-04-04 16:26, Paul Moore wrote:
> On Tue, Apr 4, 2017 at 4:24 PM, Paul Moore <pmoore@redhat.com> wrote:
> > From: Paul Moore <paul@paul-moore.com>
> >
> > Commit 5b52330bbfe6 ("audit: fix auditd/kernel connection state
> > tracking") make inlining audit_signal_info() a bit pointless as
> > it was always calling into auditd_test_task() so let's remove the
> > inline function in kernel/audit.h and convert __audit_signal_info()
> > in kernel/auditsc.c into audit_signal_info().
> >
> > Signed-off-by: Paul Moore <paul@paul-moore.com>
> > ---
> >  kernel/audit.h   |    8 +-------
> >  kernel/auditsc.c |   25 +++++++++++++------------
> >  2 files changed, 14 insertions(+), 19 deletions(-)
> 
> A revised version of the patch from last week.
> 
> If I don't see any negative comments in a day or two I'll send this to Linus.

Looks reasonable to me.

Reviewed-by: Richard Guy Briggs <rgb@redhat.com>

> > diff --git a/kernel/audit.h b/kernel/audit.h
> > index 0f1cf6d1878a..0d87f8ab8778 100644
> > --- a/kernel/audit.h
> > +++ b/kernel/audit.h
> > @@ -333,13 +333,7 @@ extern u32 audit_sig_sid;
> >  extern int audit_filter(int msgtype, unsigned int listtype);
> >
> >  #ifdef CONFIG_AUDITSYSCALL
> > -extern int __audit_signal_info(int sig, struct task_struct *t);
> > -static inline int audit_signal_info(int sig, struct task_struct *t)
> > -{
> > -       if (auditd_test_task(t) || (audit_signals && !audit_dummy_context()))
> > -               return __audit_signal_info(sig, t);
> > -       return 0;
> > -}
> > +extern int audit_signal_info(int sig, struct task_struct *t);
> >  extern void audit_filter_inodes(struct task_struct *, struct audit_context *);
> >  extern struct list_head *audit_killed_trees(void);
> >  #else
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > index e59ffc7fc522..1c2333155893 100644
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -2249,26 +2249,27 @@ void __audit_ptrace(struct task_struct *t)
> >   * If the audit subsystem is being terminated, record the task (pid)
> >   * and uid that is doing that.
> >   */
> > -int __audit_signal_info(int sig, struct task_struct *t)
> > +int audit_signal_info(int sig, struct task_struct *t)
> >  {
> >         struct audit_aux_data_pids *axp;
> >         struct task_struct *tsk = current;
> >         struct audit_context *ctx = tsk->audit_context;
> >         kuid_t uid = current_uid(), t_uid = task_uid(t);
> >
> > -       if (auditd_test_task(t)) {
> > -               if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
> > -                       audit_sig_pid = task_tgid_nr(tsk);
> > -                       if (uid_valid(tsk->loginuid))
> > -                               audit_sig_uid = tsk->loginuid;
> > -                       else
> > -                               audit_sig_uid = uid;
> > -                       security_task_getsecid(tsk, &audit_sig_sid);
> > -               }
> > -               if (!audit_signals || audit_dummy_context())
> > -                       return 0;
> > +       if (auditd_test_task(t) &&
> > +           (sig == SIGTERM || sig == SIGHUP ||
> > +            sig == SIGUSR1 || sig == SIGUSR2)) {
> > +               audit_sig_pid = task_tgid_nr(tsk);
> > +               if (uid_valid(tsk->loginuid))
> > +                       audit_sig_uid = tsk->loginuid;
> > +               else
> > +                       audit_sig_uid = uid;
> > +               security_task_getsecid(tsk, &audit_sig_sid);
> >         }
> >
> > +       if (!audit_signals || audit_dummy_context())
> > +               return 0;
> > +
> >         /* optimize the common case by putting first signal recipient directly
> >          * in audit_context */
> >         if (!ctx->target_pid) {
> >
> > --
> > Linux-audit mailing list
> > Linux-audit@redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
> 
> 
> 
> -- 
> paul moore
> www.paul-moore.com
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

      reply	other threads:[~2017-04-07 15:59 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-04 20:24 [RFC PATCH v2] audit: move audit_signal_info() into kernel/auditsc.c Paul Moore
2017-04-04 20:26 ` Paul Moore
2017-04-07 15:59   ` Richard Guy Briggs [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170407155931.GT9027@madcap2.tricolour.ca \
    --to=rgb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=paul@paul-moore.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.