Received: by 10.192.165.148 with SMTP id m20csp544660imm;
        Fri, 20 Apr 2018 10:56:06 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+m+7PYQpz3keAMHlyJNSxBUWyDWh8qjQXuTzOfNZh0pA4+ANUQfysBZ2+tBPk3BN6o5O8Q
X-Received: by 10.99.124.72 with SMTP id l8mr4872768pgn.420.1524246966042;
        Fri, 20 Apr 2018 10:56:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524246966; cv=none;
        d=google.com; s=arc-20160816;
        b=tnSxzCj7s7chSMPLKCdRsJK97QFIICkndKtfoUFCNpXU7VHC0roPvy9+nx84Amz+Yh
         SDYLcAEluoqo8hOt2DXFnoWO7H9M8hvHlriHvknW7vRvQLysRzppoOSwniir2qfDI0zd
         DuZrOmMqEY7EzlbET9vXYftzwGDUIN6Al6jq4zgLgdJK+VCMgS0tTfPity9U8JO2NT8X
         JKFrBKQcbOmdvUPlKhOoda5d8oc/4hCg7X7Xz1upFEppCsem595K+G1II3isj3V/rEt+
         dXgIkYvfN8+5hBGYEe9cX3auwpvq/Fyk6GKRkVyYeupoas8uk8782Qd9aWrMpdmz0Atz
         MZRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=cDG9qjf+nxgpqSb+sMImMkHu2ITJDi+gKYmHr4dbpBQ=;
        b=Q4lFomSWvFZ/myGRlwlpYhSzOS+ztPmmKwmZiZ40wWSxo1lmMpyo/ZG6vIDkOtExDD
         aImVvG32zSZt92Gz68wJk9MlGIixxpb1tfsRjEP/8kxwkZV4GAwuULu39rkOWHgKpJuk
         2dSGvwqyJNjqQR0OZDGX7h8kmMYw+P5wxAW4xx1p7XcJizQb0cosZ818KarItGgqjBfv
         KZGMDYcVmw2kHw4rPtpw4zhI5mCF30//nj7EX+1RYMBA5wytrtRUDKeI1SUeq0UTUA6S
         P38IyxS9hITtCY8rVeMHZA9GdC+a6id9o0wh2ebbbZJnl6ZbzRTPXxIkgLBOJlt0hYtv
         j/VQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m37-v6si6362062pla.346.2018.04.20.10.55.51;
        Fri, 20 Apr 2018 10:56:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753621AbeDTRyM (ORCPT <rfc822;mohamedabbas.us@gmail.com>
        + 99 others); Fri, 20 Apr 2018 13:54:12 -0400
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:59536 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752749AbeDTRyL (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Apr 2018 13:54:11 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id D3566410FBB4;
        Fri, 20 Apr 2018 17:54:10 +0000 (UTC)
Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 64192202660D;
        Fri, 20 Apr 2018 17:54:09 +0000 (UTC)
Date:   Fri, 20 Apr 2018 13:48:12 -0400
From:   Richard Guy Briggs <rgb@redhat.com>
To:     Paul Moore <paul@paul-moore.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Eric Paris <eparis@redhat.com>, Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH ghak80 V1] audit: add syscall information to
 FEATURE_CHANGE records
Message-ID: <20180420174812.3sczwow3wg6alrcu@madcap2.tricolour.ca>
References: <08bd08ee9bc70f6e98b9e298ba6a2c0f4dcadb4b.1523372093.git.rgb@redhat.com>
 <CAHC9VhSxjEKNcdE2Mm-Vwef6RvTG2ykGFFmeAtVypAaPRvddmg@mail.gmail.com>
 <20180420134651.3badjswsokqs7hex@madcap2.tricolour.ca>
 <CAHC9VhQzsE1x33uvGkoioXcLvcmdOUUbajnyZ1-qw4xLjLj98Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHC9VhQzsE1x33uvGkoioXcLvcmdOUUbajnyZ1-qw4xLjLj98Q@mail.gmail.com>
User-Agent: NeoMutt/20171027
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 20 Apr 2018 17:54:10 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 20 Apr 2018 17:54:10 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2018-04-20 11:58, Paul Moore wrote:
> On Fri, Apr 20, 2018 at 9:46 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > On 2018-04-17 18:06, Paul Moore wrote:
> >> On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> >> > Tie syscall information to FEATURE_CHANGE calls since it is a result of
> >> > user action.
> >> >
> >> > See: https://github.com/linux-audit/audit-kernel/issues/80
> >> >
> >> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> >> > ---
> >> >  kernel/audit.c | 5 ++---
> >> >  1 file changed, 2 insertions(+), 3 deletions(-)
> >> >
> >> > diff --git a/kernel/audit.c b/kernel/audit.c
> >> > index 8da24ef..23f125b 100644
> >> > --- a/kernel/audit.c
> >> > +++ b/kernel/audit.c
> >> > @@ -1103,10 +1103,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
> >> >  {
> >> >         struct audit_buffer *ab;
> >> >
> >> > -       if (audit_enabled == AUDIT_OFF)
> >> > +       if (!audit_enabled)
> >>
> >> Sooo, this is an unrelated style change, why?  Looking at the rest of
> >> kernel/audit.c we seem to use a mix of "(!x)" and "(x == 0/CONST)" so
> >> why are you adding noise to this patch?
> >
> > Ok, survey sez 25 instances of audit_enabled used as a boolean vs 7
> > instances where it could be used as a boolean where the expression is
> > made harder to read (in my opinion).  I thought it was worth changing to
> > read the same way most of the other instances I've been reviewing are
> > written.  There are only two where the non-boolean distiction with
> > AUDIT_LOCKED is required.
> 
> Thanks for the explanation.
> 
> While I still believe this patch, and connecting records in general,
> is the Right Thing To Do, I'm expecting there to be some hate mail on
> this issue and I would like to keep the patch as small and as
> straight-to-the-point as possible just so there is little confusion
> about what is changing.
> 
> Please respin this without the style change and I'll merge it as soon
> as I see it.  Alternatively, give me the "ok" and I'll merge the patch
> now and just drop the style change; after all we're talking about one
> line in a five line patch ;)

Go ahead and drop that style change line to simplify this patch and I'll
submit another patch to clean them all up at the same time (probably the
next time one of those changes).

> >> >                 return;
> >> > -
> >> > -       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
> >> > +       ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
> >>
> >> This is the important part, and the Right Thing To Do.
> >>
> >> >         if (!ab)
> >> >                 return;
> >> >         audit_log_task_info(ab, current);
> 
> -- 
> paul moore
> www.paul-moore.com

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635