From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752014AbeEMB7l (ORCPT ); Sat, 12 May 2018 21:59:41 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:57108 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751978AbeEMB7h (ORCPT ); Sat, 12 May 2018 21:59:37 -0400 From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list Cc: Eric Paris , Paul Moore , Steve Grubb , Ingo Molnar , David Howells , Richard Guy Briggs Subject: [PATCH ghak81 RFC V2 2/5] audit: convert sessionid unset to a macro Date: Sat, 12 May 2018 21:58:19 -0400 Message-Id: In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Use a macro, "AUDIT_SID_UNSET", to replace each instance of initialization and comparison to an audit session ID. Signed-off-by: Richard Guy Briggs --- include/linux/audit.h | 2 +- include/net/xfrm.h | 2 +- include/uapi/linux/audit.h | 1 + init/init_task.c | 3 ++- kernel/auditsc.c | 4 ++-- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 75d5b03..5f86f7c 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -513,7 +513,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) } static inline unsigned int audit_get_sessionid(struct task_struct *tsk) { - return -1; + return AUDIT_SID_UNSET; } static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { } diff --git a/include/net/xfrm.h b/include/net/xfrm.h index a872379..fcce8ee 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -751,7 +751,7 @@ static inline void xfrm_audit_helper_usrinfo(bool task_valid, audit_get_loginuid(current) : INVALID_UID); const unsigned int ses = task_valid ? audit_get_sessionid(current) : - (unsigned int) -1; + AUDIT_SID_UNSET; audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses); audit_log_task_context(audit_buf); diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 4e61a9e..04f9bd2 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -465,6 +465,7 @@ struct audit_tty_status { }; #define AUDIT_UID_UNSET (unsigned int)-1 +#define AUDIT_SID_UNSET ((unsigned int)-1) /* audit_rule_data supports filter rules with both integer and string * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and diff --git a/init/init_task.c b/init/init_task.c index 3ac6e75..74f60ba 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -119,7 +120,7 @@ struct task_struct init_task .thread_node = LIST_HEAD_INIT(init_signals.thread_head), #ifdef CONFIG_AUDITSYSCALL .loginuid = INVALID_UID, - .sessionid = (unsigned int)-1, + .sessionid = AUDIT_SID_UNSET, #endif #ifdef CONFIG_PERF_EVENTS .perf_event_mutex = __MUTEX_INITIALIZER(init_task.perf_event_mutex), diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0d4e269..e157595 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2050,7 +2050,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, int audit_set_loginuid(kuid_t loginuid) { struct task_struct *task = current; - unsigned int oldsessionid, sessionid = (unsigned int)-1; + unsigned int oldsessionid, sessionid = AUDIT_SID_UNSET; kuid_t oldloginuid; int rc; @@ -2064,7 +2064,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) { sessionid = (unsigned int)atomic_inc_return(&session_id); - if (unlikely(sessionid == (unsigned int)-1)) + if (unlikely(sessionid == AUDIT_SID_UNSET)) sessionid = (unsigned int)atomic_inc_return(&session_id); } -- 1.8.3.1 From mboxrd@z Thu Jan 1 00:00:00 1970 From: rgb@redhat.com (Richard Guy Briggs) Date: Sat, 12 May 2018 21:58:19 -0400 Subject: [PATCH ghak81 RFC V2 2/5] audit: convert sessionid unset to a macro In-Reply-To: References: Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Use a macro, "AUDIT_SID_UNSET", to replace each instance of initialization and comparison to an audit session ID. Signed-off-by: Richard Guy Briggs --- include/linux/audit.h | 2 +- include/net/xfrm.h | 2 +- include/uapi/linux/audit.h | 1 + init/init_task.c | 3 ++- kernel/auditsc.c | 4 ++-- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 75d5b03..5f86f7c 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -513,7 +513,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) } static inline unsigned int audit_get_sessionid(struct task_struct *tsk) { - return -1; + return AUDIT_SID_UNSET; } static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { } diff --git a/include/net/xfrm.h b/include/net/xfrm.h index a872379..fcce8ee 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -751,7 +751,7 @@ static inline void xfrm_audit_helper_usrinfo(bool task_valid, audit_get_loginuid(current) : INVALID_UID); const unsigned int ses = task_valid ? audit_get_sessionid(current) : - (unsigned int) -1; + AUDIT_SID_UNSET; audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses); audit_log_task_context(audit_buf); diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 4e61a9e..04f9bd2 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -465,6 +465,7 @@ struct audit_tty_status { }; #define AUDIT_UID_UNSET (unsigned int)-1 +#define AUDIT_SID_UNSET ((unsigned int)-1) /* audit_rule_data supports filter rules with both integer and string * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and diff --git a/init/init_task.c b/init/init_task.c index 3ac6e75..74f60ba 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -119,7 +120,7 @@ struct task_struct init_task .thread_node = LIST_HEAD_INIT(init_signals.thread_head), #ifdef CONFIG_AUDITSYSCALL .loginuid = INVALID_UID, - .sessionid = (unsigned int)-1, + .sessionid = AUDIT_SID_UNSET, #endif #ifdef CONFIG_PERF_EVENTS .perf_event_mutex = __MUTEX_INITIALIZER(init_task.perf_event_mutex), diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0d4e269..e157595 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2050,7 +2050,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, int audit_set_loginuid(kuid_t loginuid) { struct task_struct *task = current; - unsigned int oldsessionid, sessionid = (unsigned int)-1; + unsigned int oldsessionid, sessionid = AUDIT_SID_UNSET; kuid_t oldloginuid; int rc; @@ -2064,7 +2064,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) { sessionid = (unsigned int)atomic_inc_return(&session_id); - if (unlikely(sessionid == (unsigned int)-1)) + if (unlikely(sessionid == AUDIT_SID_UNSET)) sessionid = (unsigned int)atomic_inc_return(&session_id); } -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html