Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp881175ybv; Fri, 7 Feb 2020 10:10:08 -0800 (PST) X-Google-Smtp-Source: APXvYqx48tcfDUgDFpE6c3HWG8xEO7258xqIjhhVfSt8wSmPXR46UD5jjP++Vsyn3HDi/wK7MsHe X-Received: by 2002:a9d:74d0:: with SMTP id a16mr452389otl.228.1581099007829; Fri, 07 Feb 2020 10:10:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581099007; cv=none; d=google.com; s=arc-20160816; b=NKFbvmwUNhQ6FpvkqUwPi+PGgFl8OOHEp/41Vkd46V2WrUTFkePiaGy8IBTqJgfYsQ rK4n7GoaWiwLy08PT0e4M6paQXJs9Jn7DTwhgvi41fcgpbqH0La2qSjkPGM2eZG4RCek AktfHYZMX/o7aklie0CZgULwps/Vytmsd6X1V6SWpeJSbPRnKuQU/tKUScMiyykwMwQY kBDPDHhSxNLYM0/lkdWIWv9x3LYaVkNNOYAS5a+gS+C3iA39VTG9uGVBitZ+6W99r8Qh QjQsIOKaFDR1H5mffbxn6ho3T04/7vd50KfCHrlPQNxLhIYGAme+xo74Vk8Q1b0cNuNY 2p9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6dJnmRISnXhx/tid8L3bkFndKLLLawXzGhi1aYEmqBI=; b=aFBUG0eZFg273mW7x5kGWFt7DEsUUUTt7iy7blh8fWbkVkgxr8DvzMV3vQGG3b5Evk 7ol7LEWEDQ2bgFJoYa/5gAgygzEXaF4TQFjzBVoxzqArq7WcxiEJhkvmuzzXe5dKEoH4 FIUiVsLvg6LgF/z1AkAKGoT0FTmLA+0IoykTgPK4AzXI4diTOWlzllWGpcC08jD6Lejr uqX6wr31BqD3D/Wr49PsUJhvW3YttsiF2WN7G7kn4IMm0lDebjpwu/DElw8yGQKCexzu lbNHRP8EdmnMQW/+aF75eDaIaZeRPOSjORZ+fpt6VvTBhbnDKWtRKi/Z/7v9VIUDecOe lCNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=q66upDkh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l17si27002otq.59.2020.02.07.10.09.55; Fri, 07 Feb 2020 10:10:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=q66upDkh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727551AbgBGSIU (ORCPT + 99 others); Fri, 7 Feb 2020 13:08:20 -0500 Received: from mail-pj1-f67.google.com ([209.85.216.67]:51443 "EHLO mail-pj1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727381AbgBGSIT (ORCPT ); Fri, 7 Feb 2020 13:08:19 -0500 Received: by mail-pj1-f67.google.com with SMTP id fa20so1226966pjb.1 for ; Fri, 07 Feb 2020 10:08:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6dJnmRISnXhx/tid8L3bkFndKLLLawXzGhi1aYEmqBI=; b=q66upDkhWWqCv7RN3g0JjmwCJmoQSdSo46/A9eK5grTxsRkeNIeWBTqyrXbechcCCT ofFauNOWxK/BySUuN53q5didySxl8kkTrfKFPJmt0m3F8dS7N2YHHf5BWcXN5kp3PgAG qaDYsmYc1TVijYr/tfnXGm9DeRVGo3lzeIrWj/zmEZA4wF606Kdk+NKGY7UHxpkwJ2Vx 2f0IgA01hxIWl1aSf3g7w89o6LflVQIf9D4xhGe3Zu8bOc2Xf4ZGG3L96/pKGrSRJe5N DVQmkJDxxxkO1CPxMOVmKk7UBVgXyT5+5QjZ40441Jl0ZxBH2q3HV13H7VfKcSWSh+jT RfcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6dJnmRISnXhx/tid8L3bkFndKLLLawXzGhi1aYEmqBI=; b=E4coWN4XFCSURwgkdBY8fs35nuGNjaWQXihycOBMpUNaO10izct89V+VsBpvj813r3 BNgwhynNF55L8GGi5VaQl1TuyhV3s3SGZ1h+0buu8fC0Isi6XTc9EUJ1Ol7MqPOyX0hR rMw4eLxLZ1se+kJEaR6S8oUs0NuKivt6tKoLRoe7+jadvppjmXQy6T5OMi6Y7iD2dgLh zbWa13oPcRpt6uwpP3ez0FgBMyV2Pedwvhw9ynlwArZ0ddXzHHjXrMxeTFFNWTWtwvyN lmiCJN5a6cTGU0pPuZMt8HkzWAh8ygLAERa+XVFcEXhDB06lsQ4daq8Tv/dUtIWm4alG jcKQ== X-Gm-Message-State: APjAAAXwVe8XuqqHmkfcaMx5ihRHkiXVFUiPzSuYQo5SQ3LU5eGRqgqH VocCjuDaxk766GPd6nMUJ1k= X-Received: by 2002:a17:902:a616:: with SMTP id u22mr10769740plq.173.1581098898305; Fri, 07 Feb 2020 10:08:18 -0800 (PST) Received: from localhost.localdomain ([103.211.17.120]) by smtp.googlemail.com with ESMTPSA id gx18sm3088795pjb.8.2020.02.07.10.08.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Feb 2020 10:08:17 -0800 (PST) From: Amol Grover To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , James Morris , Thomas Gleixner , Peter Zijlstra , Jann Horn , David Howells , Shakeel Butt , "Eric W . Biederman" , Andrew Morton , Paul Moore , Eric Paris Cc: linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com, Joel Fernandes , Madhuparna Bhowmik , "Paul E . McKenney" , Amol Grover Subject: [PATCH 3/3] auditsc: Do not use RCU primitive to read from cred pointer Date: Fri, 7 Feb 2020 23:35:05 +0530 Message-Id: <20200207180504.4200-3-frextrite@gmail.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200207180504.4200-1-frextrite@gmail.com> References: <20200207180504.4200-1-frextrite@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org task_struct::cred is only used task-synchronously and does not require any RCU locks, hence, rcu_dereference_check is not required to read from it. Suggested-by: Jann Horn Co-developed-by: Joel Fernandes (Google) Signed-off-by: Joel Fernandes (Google) Signed-off-by: Amol Grover --- kernel/auditsc.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4effe01ebbe2..d3510513cdd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, /* Determine if any context name data matches a rule's watch data */ /* Compare a task_struct with an audit_rule. Return 1 on match, 0 * otherwise. - * - * If task_creation is true, this is an explicit indication that we are - * filtering a task rule at task creation time. This and tsk == current are - * the only situations where tsk->cred may be accessed without an rcu read lock. */ static int audit_filter_rules(struct task_struct *tsk, struct audit_krule *rule, struct audit_context *ctx, struct audit_names *name, - enum audit_state *state, - bool task_creation) + enum audit_state *state) { const struct cred *cred; int i, need_sid = 1; u32 sid; unsigned int sessionid; - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); + cred = tsk->cred; for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) rcu_read_lock(); list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { if (audit_filter_rules(tsk, &e->rule, NULL, NULL, - &state, true)) { + &state)) { if (state == AUDIT_RECORD_CONTEXT) *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); rcu_read_unlock(); @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && audit_filter_rules(tsk, &e->rule, ctx, NULL, - &state, false)) { + &state)) { rcu_read_unlock(); ctx->current_state = state; return state; @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { ctx->current_state = state; return 1; } -- 2.24.1