Received: by 10.213.65.68 with SMTP id h4csp104935imn;
        Mon, 12 Mar 2018 08:06:36 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsiywe6GqEC2yuuOn7Wvnh89w+CLaz3C95qhnFNKhOyIGmyXhjycmjZ+AxpiYIuDqlx0Vzp
X-Received: by 2002:a17:902:57c6:: with SMTP id g6-v6mr8612521plj.358.1520867196559;
        Mon, 12 Mar 2018 08:06:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520867196; cv=none;
        d=google.com; s=arc-20160816;
        b=Rod3ePdR1YRUTkitmr8NqVIbar1ua1umIHAd02DfS3T8+SlZOTt5JcvWFUZSBVz9WK
         WzKeHVNuxAnt2+bM0SgjAel4VyfrtPPLt5peIiRL0139txXRCa0XdaM4n93iVhJLh7ro
         PBH2AHM1CdxNjq6EZX1OiJsj0rJt7ob7VdzA0ntoQIBFS6/AZWFKWoDdCO6lADxw4kGf
         AT4lTo7240uqaCMvzsgwk2vDN9q8iPeJfUb+MxRwsrfenXBY72iqnhKOx87ewu3xFIr5
         EtFne64An66SJvpG8CrLoiv3N5NkcMykO512xixHZt5PcQBlBY68zDtt2rO8xhe2nvv/
         i5sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=;
        b=z6Xt/CIGchqmgFzSIN2V4fSvp0PabAyM9gZPW+Au4pGqdZODWJyNox0nXTxiQih4gj
         aGjYQrAaUnb+8BMka3S1RxawCxVi/+dPQraGnN9hPoTM1zsNClSin6iE9T+IAgzpPJlS
         qQ8Lb0/pu8WjvWxO2E5kPccuzW0zJgsRFjixZ9xS2pLhwr83JJuEUCyou0BL9UA/BSCa
         dkCMT70AsHW0PBSr2mWY7ZA0ILJGqN2K15lcAinx1cG5wHCiEyErcvzKZL0BZS0gEFOM
         qB7knUH9VrpP3ucd/hvtO7G7K5UWVaGbvrAs8UaoV4b5lDZNuLpcep3GUgQwTsan7a4u
         Fx6A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=C9LhWDXg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e87si5970410pfk.322.2018.03.12.08.06.21;
        Mon, 12 Mar 2018 08:06:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=C9LhWDXg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751543AbeCLPFQ (ORCPT <rfc822;zoe.song.ucas@gmail.com>
        + 99 others); Mon, 12 Mar 2018 11:05:16 -0400
Received: from mail-lf0-f67.google.com ([209.85.215.67]:38062 "EHLO
        mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751247AbeCLPFP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Mar 2018 11:05:15 -0400
Received: by mail-lf0-f67.google.com with SMTP id i80-v6so23769042lfg.5
        for <linux-kernel@vger.kernel.org>; Mon, 12 Mar 2018 08:05:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=;
        b=C9LhWDXgcbW5P06N0LWLtMtNO/PmA8OZ8FANUQh8ovK68pG2Xcai6msvijmPuza8j0
         07m/GWsGevTAWtlj8MKxgWpeFLOCBpIcVUT7/DOZBueODZ571SwvuECiQ4tR1xY3aFxa
         4CwqQJClQaC7hM5hRsvcvJYmSpVbOYdCP6CEejLeiiIfzxFutKEHd4FvIMRtzUxmBc8w
         q8lHoukIKNIxN9HBN6V8FnAFaODTwc/VVi5wMhcd2lW4C55VfpCFXOQE9VKUZIvKbhiB
         /1dC+VF2Z37Clt/GGKiup2t8/N8qdNftJT9w9MW+FVckXKohCV2FhagMrbyCTEyLRyyP
         dciA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=;
        b=XlEpcGV8q2U/GFqpCtmjpV5y+XII3CS5f0OM/11L13/XcU8G28qIrGpLzdYT7EEiFy
         ywTi3Ty1mXPALWm/+cu+15FiueDcbuM0CMpAM/+rSrFXzG1hrlCMZfSGaWz6RV4EcrWt
         v+QAxVEbTZ8F3QIBWo7ANTM0joOA4SYp4NE3iHqqm5dy2lBitIRBg8YD6ZePG8OLiVpq
         CjeyvlyOxmTuaPBXKJgUMpPdCzmIoWCEs/K1w9ZNDwc57ukLlRz9AiGd2TfbRWXggY6i
         0Z4+j+IdfraBUzkoQQr6+r5rX0tOjcg4ojllNRph4zay5VcY9Vf0oFuicXtXvRW9a/aR
         7upw==
X-Gm-Message-State: AElRT7EBWtmzucGjqWPhTuFHLEZoXg8qMNbYcC12fBB9g1rDrl7fg7Nr
        ryrFk2xubTdkVJOD1410Zq7aJH9Og3MKZ/z3jgmN
X-Received: by 2002:a19:c6c8:: with SMTP id w191-v6mr2503730lff.40.1520867113560;
 Mon, 12 Mar 2018 08:05:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a19:d8a7:0:0:0:0:0 with HTTP; Mon, 12 Mar 2018 08:05:12
 -0700 (PDT)
X-Originating-IP: [108.20.156.165]
In-Reply-To: <9ed76ccb239078ad5a2808d23c7b7f1738b0b2b8.1520835596.git.rgb@redhat.com>
References: <cover.1520835596.git.rgb@redhat.com> <9ed76ccb239078ad5a2808d23c7b7f1738b0b2b8.1520835596.git.rgb@redhat.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Mon, 12 Mar 2018 11:05:12 -0400
Message-ID: <CAHC9VhRDnd55em1YUkswOX4XmDP6xH5x005hcZnCZSRXz66exQ@mail.gmail.com>
Subject: Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly
 generate PATH record
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Eric Paris <eparis@redhat.com>,
        Steve Grubb <sgrubb@redhat.com>,
        Kees Cook <keescook@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> Audit link denied events generate duplicate PATH records which disagree
> in different ways from symlink and hardlink denials.
> audit_log_link_denied() should not directly generate PATH records.
> While we're at it, remove the now useless struct path argument.
>
> See: https://github.com/linux-audit/audit-kernel/issues/21
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  fs/namei.c            |  2 +-
>  include/linux/audit.h |  6 ++----
>  kernel/audit.c        | 17 ++---------------
>  3 files changed, 5 insertions(+), 20 deletions(-)

I have no objection to the v2 change of removing the link parameter,
but this patch can not be merged as-is because the v1 patch has
already been merged into audit/next (as stated on the mailing list).
You need to respin this patch against audit/next and redo the
subject/description to indicate that you are just removing the unused
link parameter in this updated patch.

> diff --git a/fs/namei.c b/fs/namei.c
> index 9cc91fb..50d2533 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link)
>         if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
>                 return 0;
>
> -       audit_log_link_denied("linkat", link);
> +       audit_log_link_denied("linkat");
>         return -EPERM;
>  }
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index af410d9..75d5b03 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -146,8 +146,7 @@ extern void             audit_log_d_path(struct audit_buffer *ab,
>                                              const struct path *path);
>  extern void                audit_log_key(struct audit_buffer *ab,
>                                           char *key);
> -extern void                audit_log_link_denied(const char *operation,
> -                                                 const struct path *link);
> +extern void                audit_log_link_denied(const char *operation);
>  extern void                audit_log_lost(const char *message);
>
>  extern int audit_log_task_context(struct audit_buffer *ab);
> @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab,
>  { }
>  static inline void audit_log_key(struct audit_buffer *ab, char *key)
>  { }
> -static inline void audit_log_link_denied(const char *string,
> -                                        const struct path *link)
> +static inline void audit_log_link_denied(const char *string)
>  { }
>  static inline int audit_log_task_context(struct audit_buffer *ab)
>  {
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 7026d69..e54deaf 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
>  /**
>   * audit_log_link_denied - report a link restriction denial
>   * @operation: specific link operation
> - * @link: the path that triggered the restriction
>   */
> -void audit_log_link_denied(const char *operation, const struct path *link)
> +void audit_log_link_denied(const char *operation)
>  {
>         struct audit_buffer *ab;
> -       struct audit_names *name;
>
>         if (!audit_enabled || audit_dummy_context())
>                 return;
>
> -       name = kzalloc(sizeof(*name), GFP_NOFS);
> -       if (!name)
> -               return;
> -
>         /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
>         ab = audit_log_start(current->audit_context, GFP_KERNEL,
>                              AUDIT_ANOM_LINK);
>         if (!ab)
> -               goto out;
> +               return;
>         audit_log_format(ab, "op=%s", operation);
>         audit_log_task_info(ab, current);
>         audit_log_format(ab, " res=0");
>         audit_log_end(ab);
> -
> -       /* Generate AUDIT_PATH record with object. */
> -       name->type = AUDIT_TYPE_NORMAL;
> -       audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> -       audit_log_name(current->audit_context, name, link, 0, NULL);
> -out:
> -       kfree(name);
>  }
>
>  /**
> --
> 1.8.3.1
>



-- 
paul moore
www.paul-moore.com