Received: by 10.192.165.148 with SMTP id m20csp159441imm; Thu, 19 Apr 2018 18:31:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+yz5RjolulSvD4qNDd6/Mq7Kmy4Jan602RLPdsvPRdtZudQpjcn37YVoB5qw+v4VJk1O9Q X-Received: by 2002:a17:902:aa43:: with SMTP id c3-v6mr8222070plr.17.1524187876255; Thu, 19 Apr 2018 18:31:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524187876; cv=none; d=google.com; s=arc-20160816; b=LDrIDZo/zDwqksKGSN8cYa5OAC6wQxkMQ2r1AojCalSDkVozcw+7UkBF5Ogz7RShv4 FuDR2GH9TcaJhnbogBAbXtMXvdWLIrNGmgEgF3wSSw0ouTQPYri6CwMQfBZa7xVZDbBk GLJAbTTjzC6JYPNIS06CXxsckr17581+ue8Kp5tkmq6g2FY7aUZ4QU8Hhtg42UmiJa8B EKAtEB5T1lJJ5uz1PjYvUA9Uoo3UylesxuZOxCY+liPpy6ejfEYaBRb8mWWMITU5wOls N7ZANJiI+GSZgMm3WdjBbaMRMXbdB9xNOUxS0QYSnhIAf2zpgKE4yI7+0xYJUP7xV79j 2Ppw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=WED3ru3uLzlXwhrJXIADgcKdhwrkBaWhOLruBpFP4t0=; b=uUgJZmAStbUueeUumTMTP6nyftLsEP5OolR4iLzkloBEQ338WRbixeHERHnqABN7Mr SmJIVqVLJpv9r9Ihz77IkyWe/S32jEn/s7Qpt3IM5BIv1mvuEEA/US/vvzMINlUwObg/ FOQkdo91SFuZKARzAUYHsuCPTl67lt/4dyARLlAIscZ3G91dmneKeEsdliHiPaJb4K2V 7iTzpbfHEvQ4Tff9x07voobKmLFVygSFDRE9pHXyiqfOK3JRhvESjikw7okau7quF3Qa ecFdu2qyWkeXOm8y7677nU/XgqsyTlZqTtQLrL+l2xzHye6ixGKM9vox/QznV/LXtqhm dRlw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t74si4019831pgc.178.2018.04.19.18.31.01; Thu, 19 Apr 2018 18:31:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754013AbeDTB37 (ORCPT + 99 others); Thu, 19 Apr 2018 21:29:59 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:39196 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753761AbeDTB36 (ORCPT ); Thu, 19 Apr 2018 21:29:58 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 572F08DC3E; Fri, 20 Apr 2018 01:29:57 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F621112C247; Fri, 20 Apr 2018 01:29:42 +0000 (UTC) Date: Thu, 19 Apr 2018 21:23:46 -0400 From: Richard Guy Briggs To: Paul Moore Cc: cgroups@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, jlayton@redhat.com, carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, Eric Paris , serge@hallyn.com Subject: Re: [RFC PATCH ghak32 V2 06/13] audit: add support for non-syscall auxiliary records Message-ID: <20180420012346.udnga5pfdjoazcfc@madcap2.tricolour.ca> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Fri, 20 Apr 2018 01:29:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Fri, 20 Apr 2018 01:29:57 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-04-18 20:39, Paul Moore wrote: > On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote: > > Standalone audit records have the timestamp and serial number generated > > on the fly and as such are unique, making them standalone. This new > > function audit_alloc_local() generates a local audit context that will > > be used only for a standalone record and its auxiliary record(s). The > > context is discarded immediately after the local associated records are > > produced. > > > > Signed-off-by: Richard Guy Briggs > > --- > > include/linux/audit.h | 8 ++++++++ > > kernel/auditsc.c | 20 +++++++++++++++++++- > > 2 files changed, 27 insertions(+), 1 deletion(-) > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index ed16bb6..c0b83cb 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -227,7 +227,9 @@ static inline int audit_log_container_info(struct audit_context *context, > > /* These are defined in auditsc.c */ > > /* Public API */ > > extern int audit_alloc(struct task_struct *task); > > +extern struct audit_context *audit_alloc_local(void); > > extern void __audit_free(struct task_struct *task); > > +extern void audit_free_context(struct audit_context *context); > > extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1, > > unsigned long a2, unsigned long a3); > > extern void __audit_syscall_exit(int ret_success, long ret_value); > > @@ -472,6 +474,12 @@ static inline int audit_alloc(struct task_struct *task) > > { > > return 0; > > } > > +static inline struct audit_context *audit_alloc_local(void) > > +{ > > + return NULL; > > +} > > +static inline void audit_free_context(struct audit_context *context) > > +{ } > > static inline void audit_free(struct task_struct *task) > > { } > > static inline void audit_syscall_entry(int major, unsigned long a0, > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 2932ef1..7103d23 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -959,8 +959,26 @@ int audit_alloc(struct task_struct *tsk) > > return 0; > > } > > > > -static inline void audit_free_context(struct audit_context *context) > > +struct audit_context *audit_alloc_local(void) > > { > > + struct audit_context *context; > > + > > + if (!audit_ever_enabled) > > + return NULL; /* Return if not auditing. */ > > + > > + context = audit_alloc_context(AUDIT_RECORD_CONTEXT); > > + if (!context) > > + return NULL; > > + context->serial = audit_serial(); > > + context->ctime = current_kernel_time64(); > > + context->in_syscall = 1; > > + return context; > > +} > > + > > +inline void audit_free_context(struct audit_context *context) > > +{ > > + if (!context) > > + return; > > audit_free_names(context); > > unroll_tree_refs(context, NULL, 0); > > free_tree_refs(context); > > I'm reserving the option to comment on this idea further as I make my > way through the patchset, but audit_free_context() definitely > shouldn't be declared as an inline function. Ok, I think I follow. When it wasn't exported, inline was fine, but now that it has been exported, it should no longer be inlined, or should use an intermediate function name to export so that local uses of it can remain inline. > paul moore - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635