From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA33FC433F5 for ; Tue, 15 Mar 2022 23:47:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235842AbiCOXtE (ORCPT ); Tue, 15 Mar 2022 19:49:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348320AbiCOXtC (ORCPT ); Tue, 15 Mar 2022 19:49:02 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDC4126D9 for ; Tue, 15 Mar 2022 16:47:48 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id hw13so830240ejc.9 for ; Tue, 15 Mar 2022 16:47:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rytjyPZ9RNxi/avIuivSs6xI7PnvqvUQtVccmZitEKI=; b=gAazJfXI5UKMUFXIaLVmR4ut6nyHRO1MbFHm2xIVfKwZjvF9UpO93tabuvO5mNS4cq GekKVQ+O/gYxc//atQNwW86Fl6+OHtxy1l3hP1VfXU425AoJ7WbzCPl1pEewLwo4VSc4 I1iXvR6ObDSmwwjCvdhvq3dorv/rcAqR5aWuraEVlNxDnO3zZ0sgoz2p+7GXgYZ2p6tg GZjyKJpZYfErbiMJx/9y6xZ56/GhuLRpGfIeTo4PgPXd7OQsdKSfo4whGJzD5P+tS4oJ lMYaFxmBznvGAs6E5Tqk9XtKXF7N1r+XUtmIfvKgQy6jMvRckCQxvSATJUiNu8CXSRpT MJUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rytjyPZ9RNxi/avIuivSs6xI7PnvqvUQtVccmZitEKI=; b=gHiVAjX8y4gmEHIJgk2R5unZkF1OL1Z7UOE65Su5D5tnD5HBjz0MQKInT+sobS8wru BbIOPMnTyinHiHyAEOQvXS5bB/GCevBaK0XgNKme2NzpAS5e8uVRBbZBVTd4WKudlNy+ hM0eL6Dzm98sSFeOX5zhl56e7g/BqCjAPx81OgwPHqDX9ls3zmS945rC0Fw7xnsd6rkL hRniQwxITGdkmNTr9URvgaByukdl1MgfdSUZmkjQFCuoG1/n815QhIw0dm8bPQRVW7r2 9j5GAfHF1zQ/oiXxs2lwVekKkdYJoD4DJV2bTI2CopMqcyEgS9ucfHvuJkZ54TuPCAOw u/0Q== X-Gm-Message-State: AOAM531y49AuHx98s5xb/gmwrLdr/+YzzDRMtNcnRu5xu+6uLy4gjuS3 cwHJHJAW76E6WpeOVWQm17mUMtehwlyHsr/6szLzokUgvA== X-Google-Smtp-Source: ABdhPJzQyi5HuX+wXvfaijMiHF1MOswzJSHw7vqFltYTNxOMEDQ5dBxEcxUIifpqaIwrQ2yGc8SzMlAwcA4wIGxQyfM= X-Received: by 2002:a17:907:1b09:b0:6d8:faa8:4a06 with SMTP id mp9-20020a1709071b0900b006d8faa84a06mr24602944ejc.701.1647388067190; Tue, 15 Mar 2022 16:47:47 -0700 (PDT) MIME-Version: 1.0 References: <20220310234632.16194-1-casey@schaufler-ca.com> <20220310234632.16194-26-casey@schaufler-ca.com> In-Reply-To: <20220310234632.16194-26-casey@schaufler-ca.com> From: Paul Moore Date: Tue, 15 Mar 2022 19:47:36 -0400 Message-ID: Subject: Re: [PATCH v33 25/29] Audit: Allow multiple records in an audit_buffer To: Casey Schaufler Cc: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 10, 2022 at 6:59 PM Casey Schaufler wrote: > > Replace the single skb pointer in an audit_buffer with > a list of skb pointers. Add the audit_stamp information > to the audit_buffer as there's no guarantee that there > will be an audit_context containing the stamp associated > with the event. At audit_log_end() time create auxiliary > records (none are currently defined) as have been added > to the list. > > Suggested-by: Paul Moore > Signed-off-by: Casey Schaufler > --- > kernel/audit.c | 53 +++++++++++++++++++++++++++++++++----------------- > 1 file changed, 35 insertions(+), 18 deletions(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index f012c3786264..4713e66a12af 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -197,8 +197,10 @@ static struct audit_ctl_mutex { > * to place it on a transmit queue. Multiple audit_buffers can be in > * use simultaneously. */ > struct audit_buffer { > - struct sk_buff *skb; /* formatted skb ready to send */ > + struct sk_buff *skb; /* the skb for audit_log functions */ > + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ > struct audit_context *ctx; /* NULL or associated context */ > + struct audit_stamp stamp; /* audit stamp for these records */ > gfp_t gfp_mask; > }; > > @@ -1744,7 +1746,6 @@ static void audit_buffer_free(struct audit_buffer *ab) > if (!ab) > return; > > - kfree_skb(ab->skb); I like the safety in knowing that audit_buffer_free() would free the ab->skb memory, I'm not sure I want to get rid of that. With the understanding that ab->skb is always going to be present somewhere in ab->skb_list, any reason not to do something like this? while ((skb = skb_dequeue(&ab->skb_list))) kfree_skb(skb); > kmem_cache_free(audit_buffer_cache, ab); > } > > @@ -1760,11 +1761,15 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, > ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); > if (!ab->skb) > goto err; > - if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) > + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) { > + kfree_skb(ab->skb); > goto err; > + } Assuming we restore the audit_buffer_free() functionality as mentioned above, if we move the ab->skb_list init and enqueue calls before we attempt the nlmsg_put() we can drop the kfree_skb() call and just use the existing audit_buffer_free() call at the err target. > ab->ctx = ctx; > ab->gfp_mask = gfp_mask; > + skb_queue_head_init(&ab->skb_list); > + skb_queue_tail(&ab->skb_list, ab->skb); > > return ab; > -- paul-moore.com From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 05553C43217 for ; Tue, 15 Mar 2022 23:47:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-387-BxOK9nHIP9O0bu7DoAaLoA-1; Tue, 15 Mar 2022 19:47:55 -0400 X-MC-Unique: BxOK9nHIP9O0bu7DoAaLoA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1446D802C16; Tue, 15 Mar 2022 23:47:54 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id D9FBA100321B; Tue, 15 Mar 2022 23:47:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 69C7B19451EC; Tue, 15 Mar 2022 23:47:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1124919452D2 for ; Tue, 15 Mar 2022 23:47:51 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id F1E2F40D2821; Tue, 15 Mar 2022 23:47:50 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECDBF40D2820 for ; Tue, 15 Mar 2022 23:47:50 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D33B38002BF for ; Tue, 15 Mar 2022 23:47:50 +0000 (UTC) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-463-sMu_ntIxOnaUMuNeZtcSmQ-1; Tue, 15 Mar 2022 19:47:48 -0400 X-MC-Unique: sMu_ntIxOnaUMuNeZtcSmQ-1 Received: by mail-ej1-f52.google.com with SMTP id d10so824111eje.10 for ; Tue, 15 Mar 2022 16:47:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rytjyPZ9RNxi/avIuivSs6xI7PnvqvUQtVccmZitEKI=; b=j5LiWuEWMJrSf4NfdRQfHs984dt9DnHMFpEkjXVvu2MjspfanATothUjkDFm3pGMzL 8YHURGeK5tHKO5++EZPVu/0HzinPPsdF79wxx7BafaDVcq1I6UlW4RahlLpjvPx8YnL4 qVUab8w4EjLHuANgCR6us6M27NLJ3QcAED1q3Hp/OmPIkv1xgIvH7SA/ngUeAbBX6MV6 pv/LFpzg+4is1Txvl9ZIicB8iii2/GoHy7jEbZh/OiY4yE2jNAFPbsrpFHU0frqhB3sO /2S3YTGiuAzsEUFAfzAiwHSl+BIUMNt/h7vgAwVWhfV0I/V6keEhXfT5mYpHLQp3kHar aK4w== X-Gm-Message-State: AOAM530jOHoVjewhCLbb3COm7XUqnu2jebRT7m8y6zq3YFn5qfOfAQFR zrDsljmzWXPwGxf48JD1OOVPMr26TRWPuSWYmaOa X-Google-Smtp-Source: ABdhPJzQyi5HuX+wXvfaijMiHF1MOswzJSHw7vqFltYTNxOMEDQ5dBxEcxUIifpqaIwrQ2yGc8SzMlAwcA4wIGxQyfM= X-Received: by 2002:a17:907:1b09:b0:6d8:faa8:4a06 with SMTP id mp9-20020a1709071b0900b006d8faa84a06mr24602944ejc.701.1647388067190; Tue, 15 Mar 2022 16:47:47 -0700 (PDT) MIME-Version: 1.0 References: <20220310234632.16194-1-casey@schaufler-ca.com> <20220310234632.16194-26-casey@schaufler-ca.com> In-Reply-To: <20220310234632.16194-26-casey@schaufler-ca.com> From: Paul Moore Date: Tue, 15 Mar 2022 19:47:36 -0400 Message-ID: Subject: Re: [PATCH v33 25/29] Audit: Allow multiple records in an audit_buffer To: Casey Schaufler X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: john.johansen@canonical.com, selinux@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, casey.schaufler@intel.com Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Thu, Mar 10, 2022 at 6:59 PM Casey Schaufler wrote: > > Replace the single skb pointer in an audit_buffer with > a list of skb pointers. Add the audit_stamp information > to the audit_buffer as there's no guarantee that there > will be an audit_context containing the stamp associated > with the event. At audit_log_end() time create auxiliary > records (none are currently defined) as have been added > to the list. > > Suggested-by: Paul Moore > Signed-off-by: Casey Schaufler > --- > kernel/audit.c | 53 +++++++++++++++++++++++++++++++++----------------- > 1 file changed, 35 insertions(+), 18 deletions(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index f012c3786264..4713e66a12af 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -197,8 +197,10 @@ static struct audit_ctl_mutex { > * to place it on a transmit queue. Multiple audit_buffers can be in > * use simultaneously. */ > struct audit_buffer { > - struct sk_buff *skb; /* formatted skb ready to send */ > + struct sk_buff *skb; /* the skb for audit_log functions */ > + struct sk_buff_head skb_list; /* formatted skbs, ready to send */ > struct audit_context *ctx; /* NULL or associated context */ > + struct audit_stamp stamp; /* audit stamp for these records */ > gfp_t gfp_mask; > }; > > @@ -1744,7 +1746,6 @@ static void audit_buffer_free(struct audit_buffer *ab) > if (!ab) > return; > > - kfree_skb(ab->skb); I like the safety in knowing that audit_buffer_free() would free the ab->skb memory, I'm not sure I want to get rid of that. With the understanding that ab->skb is always going to be present somewhere in ab->skb_list, any reason not to do something like this? while ((skb = skb_dequeue(&ab->skb_list))) kfree_skb(skb); > kmem_cache_free(audit_buffer_cache, ab); > } > > @@ -1760,11 +1761,15 @@ static struct audit_buffer *audit_buffer_alloc(struct audit_context *ctx, > ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); > if (!ab->skb) > goto err; > - if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) > + if (!nlmsg_put(ab->skb, 0, 0, type, 0, 0)) { > + kfree_skb(ab->skb); > goto err; > + } Assuming we restore the audit_buffer_free() functionality as mentioned above, if we move the ab->skb_list init and enqueue calls before we attempt the nlmsg_put() we can drop the kfree_skb() call and just use the existing audit_buffer_free() call at the err target. > ab->ctx = ctx; > ab->gfp_mask = gfp_mask; > + skb_queue_head_init(&ab->skb_list); > + skb_queue_tail(&ab->skb_list, ab->skb); > > return ab; > -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit