Received: by 10.192.165.148 with SMTP id m20csp4960045imm; Tue, 8 May 2018 18:35:25 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpoVAufCXEX+htrEAua8mw6LFQ/wqShreRpNcvKWgTzYyeKdXraGaN+HvDBPcG4xru8gJ5S X-Received: by 2002:a63:3fc9:: with SMTP id m192-v6mr3779308pga.340.1525829724968; Tue, 08 May 2018 18:35:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525829724; cv=none; d=google.com; s=arc-20160816; b=kvf0tLTa8luXJ1wicZXlclb6kl0jRVykhiNh87F7MTz1oInWIni7CYGx/nyu90kf5r l2ikGAL7e7Iw76iWjTlNxHohEPSO2aF4ltLX5EN9ZsZFi/J/eqhZIdmVE1V9JT4DYqGo 1tz/mEhxvEjkoVLzTRJCelAbFPkzuh3LRDKM3rsYjqFiqDonlh+dw8TcMpEZLqoWF47j 8xdmfCmTsI7USYqq+lgr/PiNYqJldYD1AkBqCFDHGGhE1ZYKK/qQxQ6itaki4LhiogKW BB+I8vSquEzcwL817aE329qPktKbTIMTBwWYpQBewb+3WrxYLimNTb1VBsrbXe4g8boy I+vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=tSEgzgClH+ufg8WgMhndR+l0oMZ39848++D/4iGntX8=; b=FAVCbpLg3naC1tZyB8PTtQdaClv+utMclgpps7z/Gu0S271xez45lUQGNvSPJbS3eX 8D+4LN528eSRsrRt7IFbYCqSqUE5B02l3PM+c2w3WIykVFZPm/RSOFcyTKZY/lE1LsDO a//e7V4z4b8Q0t0oPiG/7+o9OEYh81/RYHRZtA8tOTYFl4P5Kg0356eG+PVHNT4capVY 1okscyKAGBRS0MfYuMwx1PEm9gvHEBBe2bYH3eMPEZ1ornnjU2ahFJyOPraDAPFxLL74 sEWzPCVCo91wioc5SXJ4mgbSUzRLPM66YlndXgXl2KRp14r3NegQztdbvpmlB8umUA8f FC2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p27si26152423pfd.76.2018.05.08.18.35.10; Tue, 08 May 2018 18:35:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933614AbeEIBei (ORCPT + 99 others); Tue, 8 May 2018 21:34:38 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:36394 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933585AbeEIBee (ORCPT ); Tue, 8 May 2018 21:34:34 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 643164023335; Wed, 9 May 2018 01:34:33 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3181C215CDA7; Wed, 9 May 2018 01:34:31 +0000 (UTC) Date: Tue, 8 May 2018 21:34:15 -0400 From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list Cc: David Howells , Ingo Molnar Subject: Re: [PATCH ghak81 RFC V1 2/5] audit: convert sessionid unset to a macro Message-ID: <20180509013415.sohoc2jbofdqqw5v@madcap2.tricolour.ca> References: <91fd13c7a66718dc827d299fa101883e5d0a864f.1525466167.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <91fd13c7a66718dc827d299fa101883e5d0a864f.1525466167.git.rgb@redhat.com> User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 09 May 2018 01:34:33 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 09 May 2018 01:34:33 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-05-04 16:54, Richard Guy Briggs wrote: > Use a macro, "AUDIT_SID_UNSET", to replace each instance of > initialization and comparison to an audit session ID. > > Signed-off-by: Richard Guy Briggs There's a minor issue with this patch, adding a header include to init/init_task.c in this patch and removing it from patch 5. That'll be in the next revision. I have dynamic allocation working, so that has a good chance of appearing too. > --- > include/linux/audit.h | 2 +- > include/net/xfrm.h | 2 +- > include/uapi/linux/audit.h | 1 + > init/init_task.c | 2 +- > kernel/auditsc.c | 4 ++-- > 5 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 75d5b03..5f86f7c 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -513,7 +513,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) > } > static inline unsigned int audit_get_sessionid(struct task_struct *tsk) > { > - return -1; > + return AUDIT_SID_UNSET; > } > static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) > { } > diff --git a/include/net/xfrm.h b/include/net/xfrm.h > index a872379..fcce8ee 100644 > --- a/include/net/xfrm.h > +++ b/include/net/xfrm.h > @@ -751,7 +751,7 @@ static inline void xfrm_audit_helper_usrinfo(bool task_valid, > audit_get_loginuid(current) : > INVALID_UID); > const unsigned int ses = task_valid ? audit_get_sessionid(current) : > - (unsigned int) -1; > + AUDIT_SID_UNSET; > > audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses); > audit_log_task_context(audit_buf); > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 4e61a9e..04f9bd2 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -465,6 +465,7 @@ struct audit_tty_status { > }; > > #define AUDIT_UID_UNSET (unsigned int)-1 > +#define AUDIT_SID_UNSET ((unsigned int)-1) > > /* audit_rule_data supports filter rules with both integer and string > * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and > diff --git a/init/init_task.c b/init/init_task.c > index 3ac6e75..c788f91 100644 > --- a/init/init_task.c > +++ b/init/init_task.c > @@ -119,7 +119,7 @@ struct task_struct init_task > .thread_node = LIST_HEAD_INIT(init_signals.thread_head), > #ifdef CONFIG_AUDITSYSCALL > .loginuid = INVALID_UID, > - .sessionid = (unsigned int)-1, > + .sessionid = AUDIT_SID_UNSET, > #endif > #ifdef CONFIG_PERF_EVENTS > .perf_event_mutex = __MUTEX_INITIALIZER(init_task.perf_event_mutex), > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index f3817d0..6e3ceb9 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2050,7 +2050,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, > int audit_set_loginuid(kuid_t loginuid) > { > struct task_struct *task = current; > - unsigned int oldsessionid, sessionid = (unsigned int)-1; > + unsigned int oldsessionid, sessionid = AUDIT_SID_UNSET; > kuid_t oldloginuid; > int rc; > > @@ -2064,7 +2064,7 @@ int audit_set_loginuid(kuid_t loginuid) > /* are we setting or clearing? */ > if (uid_valid(loginuid)) { > sessionid = (unsigned int)atomic_inc_return(&session_id); > - if (unlikely(sessionid == (unsigned int)-1)) > + if (unlikely(sessionid == AUDIT_SID_UNSET)) > sessionid = (unsigned int)atomic_inc_return(&session_id); > } > > -- > 1.8.3.1 > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635