From mboxrd@z Thu Jan 1 00:00:00 1970 From: Amol Grover Subject: [PATCH 3/3] auditsc: Do not use RCU primitive to read from cred pointer Date: Fri, 7 Feb 2020 23:35:05 +0530 Message-ID: <20200207180504.4200-3-frextrite@gmail.com> References: <20200207180504.4200-1-frextrite@gmail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <20200207180504.4200-1-frextrite@gmail.com> Sender: linux-kernel-owner@vger.kernel.org To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , James Morris , Thomas Gleixner Peter Zijlstra , Jann Horn , David Howells , Shakeel Butt , "Eric W . Biederman" , Andrew Morton , Paul Moore , Eric Paris Cc: linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com, Joel Fernandes , Madhuparna Bhowmik , "Paul E . McKenney" , Amol Grover List-Id: linux-audit@redhat.com task_struct::cred is only used task-synchronously and does not require any RCU locks, hence, rcu_dereference_check is not required to read from it. Suggested-by: Jann Horn Co-developed-by: Joel Fernandes (Google) Signed-off-by: Joel Fernandes (Google) Signed-off-by: Amol Grover --- kernel/auditsc.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4effe01ebbe2..d3510513cdd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, /* Determine if any context name data matches a rule's watch data */ /* Compare a task_struct with an audit_rule. Return 1 on match, 0 * otherwise. - * - * If task_creation is true, this is an explicit indication that we are - * filtering a task rule at task creation time. This and tsk == current are - * the only situations where tsk->cred may be accessed without an rcu read lock. */ static int audit_filter_rules(struct task_struct *tsk, struct audit_krule *rule, struct audit_context *ctx, struct audit_names *name, - enum audit_state *state, - bool task_creation) + enum audit_state *state) { const struct cred *cred; int i, need_sid = 1; u32 sid; unsigned int sessionid; - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); + cred = tsk->cred; for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) rcu_read_lock(); list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { if (audit_filter_rules(tsk, &e->rule, NULL, NULL, - &state, true)) { + &state)) { if (state == AUDIT_RECORD_CONTEXT) *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); rcu_read_unlock(); @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && audit_filter_rules(tsk, &e->rule, ctx, NULL, - &state, false)) { + &state)) { rcu_read_unlock(); ctx->current_state = state; return state; @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { ctx->current_state = state; return 1; } -- 2.24.1