Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2798imm; Thu, 10 May 2018 14:20:00 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrL2V6NVIlEUvL0ujuJ3SjQIk+Q5kEotzSkEBbFcxkcVJ0a39RJpLKnXBvmI3mk4sWnqUqd X-Received: by 2002:a63:740d:: with SMTP id p13-v6mr2279852pgc.327.1525987200424; Thu, 10 May 2018 14:20:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525987200; cv=none; d=google.com; s=arc-20160816; b=PZuNjsYPgN/S1ulYPQOsxrLza5US7IhKhYNPfDQIhQtwHDskT5sprdbfJfr1gyxEj0 EZ4khqQfp6K//36jQ7YgHz5XMFXDFb+cOgviZ5KaRHQ1WwWpzot7/DVMoVNH1xJtfOSJ UFP4Zq9eUBCNeLYZbNJ8Zo5TTNie8wHSP88OxaM0ycfJjVMkCYHNZFeYHA+aboM1PQVZ tDjQqxYmUyBrg8WwIWPBJoyIU8GZ2RSr9T3Sgwbpuvzm+YV8/b0utvzkDzx0y0i+ShPm 187H4tknKWqVON5nnFQ/AyWTfsBVjSO3tUNxJcU5tzHLrptVzB093Aoh91IH6lTFDGCd V3YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=LTXnLF7+//x7+H2hkXTFSXunYJ20t0j1FfCoa1dEP0U=; b=hIDXQSyl6seghJdQ0a8TGpRnuG5P1hG1k6CllQyJIb1mby3KIbMPEwfWcfRQMovVky ttZQiuoZip04AVTVAGgAndofOPSMTwrtCyQPyv1vzDdHdaha2f2V2YozakWqZlI31cmu xUvvnZXFJTblBbR+LPuVR7hPwGlUyqFbvprXaOP9Jc9gTSKQjlTjhMWXItUWFzXTtiHu V2pki5+/m2B6iuP5WD6q+O2c8QXYTIdByZ5HpuxzcA1I84ps0WIGJmyVlSQpNG4EJKzx T+33MF7+MVUXIAT/6r2lD33VS7BaAdO/C9uIWYfaZaiqUffVFZQ1V7o/d2+2lkazVQV9 g7Rg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e33-v6si1544531pld.231.2018.05.10.14.19.45; Thu, 10 May 2018 14:20:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752569AbeEJVSL (ORCPT + 99 others); Thu, 10 May 2018 17:18:11 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:56356 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752419AbeEJVSI (ORCPT ); Thu, 10 May 2018 17:18:08 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0E188EFF1F; Thu, 10 May 2018 21:18:08 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7248C2166BAD; Thu, 10 May 2018 21:18:05 +0000 (UTC) Date: Thu, 10 May 2018 17:17:46 -0400 From: Richard Guy Briggs To: Paul Moore Cc: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list , Eric Paris , Steve Grubb , Ingo Molnar , David Howells Subject: Re: [PATCH ghak81 RFC V1 3/5] audit: use inline function to get audit context Message-ID: <20180510211746.o3bb4wdnfue2fecf@madcap2.tricolour.ca> References: <0e43c5135c197209b3189032d538244571e7443d.1525466167.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Thu, 10 May 2018 21:18:08 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Thu, 10 May 2018 21:18:08 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-05-09 11:28, Paul Moore wrote: > On Fri, May 4, 2018 at 4:54 PM, Richard Guy Briggs wrote: > > Recognizing that the audit context is an internal audit value, use an > > access function to retrieve the audit context pointer for the task > > rather than reaching directly into the task struct to get it. > > > > Signed-off-by: Richard Guy Briggs > > --- > > include/linux/audit.h | 16 ++++++++--- > > include/net/xfrm.h | 2 +- > > kernel/audit.c | 4 +-- > > kernel/audit_watch.c | 2 +- > > kernel/auditsc.c | 52 ++++++++++++++++++------------------ > > net/bridge/netfilter/ebtables.c | 2 +- > > net/core/dev.c | 2 +- > > net/netfilter/x_tables.c | 2 +- > > net/netlabel/netlabel_user.c | 2 +- > > security/integrity/ima/ima_api.c | 2 +- > > security/integrity/integrity_audit.c | 2 +- > > security/lsm_audit.c | 2 +- > > security/selinux/hooks.c | 4 +-- > > security/selinux/selinuxfs.c | 6 ++--- > > security/selinux/ss/services.c | 12 ++++----- > > 15 files changed, 60 insertions(+), 52 deletions(-) > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index 5f86f7c..93e4c61 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -235,26 +235,30 @@ extern void __audit_inode_child(struct inode *parent, > > extern void __audit_seccomp(unsigned long syscall, long signr, int code); > > extern void __audit_ptrace(struct task_struct *t); > > > > +static inline struct audit_context *audit_context(struct task_struct *task) > > +{ > > + return task->audit_context; > > +} > > Another case where I think I agree with everything here on principle, > especially when one considers it in the larger context of the audit > container ID work. However, I think we might be able to somply this a > bit by eliminating the parameter to the new audit_context() helper and > making it always reference the current task_struct. Based on this > patch it would appear that this change would work for all callers > except for audit_take_context() and __audit_syscall_entry(), both of > which are contained within the core audit code and are enough of a > special case that I think it is acceptable for them to access the > context directly. I'm trying to think of reasons why a non-audit > kernel subsystem would ever need to access the audit context of a > process other than current and I can't think of any ... removing the > task_struct pointer might help prevent mistakes/abuse in the future. As for __audit_syscall_{entry,exit}() and audit_signal_info(), they are using current. current is assigned to local variable tsk only to be used as the LHS in assignments and for locking. But, audit_take_context() and audit_log_exit() are both called also from __audit_free() which can have non-current handed to it by copy_process() cleaning up, while do_exit() appears to still be in current. So, Ok, ditch the parameter to audit_context() and use local access when needed. > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 6e3ceb9..a4bbdcc 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -836,7 +836,7 @@ static inline struct audit_context *audit_take_context(struct task_struct *tsk, > > int return_valid, > > long return_code) > > { > > - struct audit_context *context = tsk->audit_context; > > + struct audit_context *context = audit_context(tsk); > > > > if (!context) > > return NULL; > > @@ -1510,7 +1510,7 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, > > unsigned long a3, unsigned long a4) > > { > > struct task_struct *tsk = current; > > - struct audit_context *context = tsk->audit_context; > > + struct audit_context *context = audit_context(tsk); > > enum audit_state state; > > > > if (!audit_enabled || !context) > > -- > paul moore > www.paul-moore.com - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635