Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1209198imm; Wed, 26 Sep 2018 13:36:47 -0700 (PDT) X-Google-Smtp-Source: ACcGV61vYys0k/h68g0eCZjwLyMW0TwtAqZeHSd1j0nWv0GWDo5TvaI+UiKXqLBuYt52N6mN4NTH X-Received: by 2002:a62:444d:: with SMTP id r74-v6mr7938852pfa.96.1537994207412; Wed, 26 Sep 2018 13:36:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537994207; cv=none; d=google.com; s=arc-20160816; b=NcAUgzFhV9j6EhLlLHaQJKJwR7EmoOyw82C0hji0WNqjBMIoDGT1ZvgnQZ2SL8JhTm PkFdj6spJg+rQwV87VGnXUoHqMtrsiKt9O9oA7gAWKxCMs052y+feU1T50mZl6MjyO3T 3j0JFknB6z+C3auLgLhHVRr1WMIzfSgAZqNbaxMSwj/Ygli0HavpFr9U6X3J9XiIvV9x vV35fgp47pJi4EEPBOt83ybhjlDYLER4tPUFJXp7qGTawvIWFAjnstY09IJo6I8jRBKM +nsfG8jmWklGTwhwXk4Vkjz2sJC8VmFp7NJw29H3x5arULXUDjH/iYhuS+H7ewlk2V4G izVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from; bh=PUFe2M5Q8nYVS2QDycXrIr3uyxJc0vRSfmYhfcWslFg=; b=gcK9J14SzbyMIlPKtwzDm8d3F1khgakeC+LrBxlveOgqliaXcMovH6KD/uscTYe1PD 4akVep7vRP1Q6Kt23jQtIyjoFNdIr+1AZuuzkDi4BEOMygNCsxSzIaKPGx5tGes9h1yL PrwDIERlMnINiAG58KzV3Rvee3d2oqJJYGK9iqRLS0eo4GWKSJrfMbP3NiV/prA5IfZY vEctotdIsswapFZr374DrqyiWXNCVyAf9EMMW+sJCJQNrc6qE4dFjmGK2MhXQqLzrtER ExvgNSJbBD3aGghiXndDnJszFn+eAhxvhbY7WPMWDJ/HnqsG+eSrj9XSzl6ABvDAQY8a 0N+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q4-v6si7393pgj.417.2018.09.26.13.36.32; Wed, 26 Sep 2018 13:36:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727223AbeI0Cte (ORCPT + 99 others); Wed, 26 Sep 2018 22:49:34 -0400 Received: from mga01.intel.com ([192.55.52.88]:12173 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726766AbeI0Ctd (ORCPT ); Wed, 26 Sep 2018 22:49:33 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2018 13:34:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,307,1534834800"; d="scan'208";a="93990986" Received: from cschaufl-mobl.amr.corp.intel.com ([10.251.154.97]) by orsmga001.jf.intel.com with ESMTP; 26 Sep 2018 13:34:48 -0700 From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Subject: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED Date: Wed, 26 Sep 2018 13:34:43 -0700 Message-Id: <20180926203446.2004-3-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180926203446.2004-1-casey.schaufler@intel.com> References: <20180926203446.2004-1-casey.schaufler@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler A ptrace access check with mode PTRACE_MODE_SCHED gets called from process switching code. This precludes the use of audit, as the locking is incompatible. Don't do audit in the PTRACE_MODE_SCHED case. Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..ffa95bcab599 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -422,7 +422,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, struct task_smack *tsp; struct smack_known *tracer_known; - if ((mode & PTRACE_MODE_NOAUDIT) == 0) { + if ((mode & PTRACE_MODE_NOAUDIT) == 0 && + (mode & PTRACE_MODE_SCHED) == 0) { smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); smk_ad_setfield_u_tsk(&ad, tracer); saip = &ad; -- 2.17.1