Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3834063ybt; Sun, 5 Jul 2020 08:10:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzlachl5T/4NGJWMwVCefDh42d0Giyiu7lPn5Sg7uMO4r6lzp8Pe/bEGD5jwcawD8hgqGr/ X-Received: by 2002:aa7:d802:: with SMTP id v2mr43440423edq.77.1593961841334; Sun, 05 Jul 2020 08:10:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593961841; cv=none; d=google.com; s=arc-20160816; b=orVRV2lI6ryN7HsssEip5oahZAxekuvPsEnBIYOxEfnPxcRxNLpG4G2BxrjGuyc+vM 4rkbMHweCb3hCJKTp34UjFYQU/4xW1dt4h3cp9LFdd0/vSQwkE/FAtsYoa3hY7I186Bl Fi9W43ywiW0YD60X8qSCbiQy6tOfquw8oiUuyMDKAlLJQZoop830zaAPAEFctvYR2LXU rZ4nDFdrURZpAzpl8Lce4YfLIoHjwEGq/d8/jEUDchRen6TpO5yX+p4d9cM3yHDO4GHL fVObA6huslG9tpTnCXwO2HK/WO3DFvujPKgn7h+A1YBdICtAh2EyidJvlW8zltinXrSs hbjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+a+NkZk/z82sUmwa8lAR9nOo6EtZay2vAebfwkhsk6k=; b=Vkh07RiPgwzjKlmUZ4799jhQUdmfMthIAoLU9qBLLPZbT6lV5kM8J9xDtPP1NQO7t2 1pxjHa7GdtNdNG0IF/d0M3/c1F1vB4Zq3piSWc9ctFfXtvhsHEEjnCJws4o4sTzyj7YG YlIY/9pLQFYuYfjilfX7NiU7zYCvs8WzjZTvRQd6cf1cJFT7w/HaFQ6ueDHMuIU7Z1ym MBNvVo1Keo7sKskwC6sZ24XJ2fkHqyxbG0lG58t3bZ2N+6+H4n6gmbOMOtcLvsLe83T8 RDUcvsg/Mq+zOFNnHaWvyJGFpNHXqmGSxuk0xT0alF7nG3xQqFLSPKT0/1grmMb4Pu2t a/9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=UmdjKJ50; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q8si10527508ejd.687.2020.07.05.08.10.17; Sun, 05 Jul 2020 08:10:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=UmdjKJ50; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727818AbgGEPJ5 (ORCPT + 99 others); Sun, 5 Jul 2020 11:09:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727074AbgGEPJ4 (ORCPT ); Sun, 5 Jul 2020 11:09:56 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57B24C08C5E1 for ; Sun, 5 Jul 2020 08:09:56 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id dr13so39773988ejc.3 for ; Sun, 05 Jul 2020 08:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+a+NkZk/z82sUmwa8lAR9nOo6EtZay2vAebfwkhsk6k=; b=UmdjKJ50jJWLthi/DT6Fs4iFmWFWyVC7Y7eZrOOgck5bWy1qD1rM0CMXNWKAJDlHVL MAa2rwS/APF5ZIIu7ChRJtgEZ53i8mPF0SjaJsiJKKGawhM60E/UxhFkn1iaFCLKkDvX ABjq8jVd+aSn/1mm8gcR3scWaSwN1qN6a3STwAf24/t6ZOCeOFxo9U4AkYeDjAYvwVle q6JqxJ/OONYa7eHq//8Oh7lZaQDQjIrW4vcI+eC9CiyArhAChgft2Fyel1fL2i4bo0FM 6wrDxMJNUxIz0louWOYU4KpBGZlmriR+9XhHFy+lzf7hU5ECANHSv5nn2SFzJDJ0i7zK Dr2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+a+NkZk/z82sUmwa8lAR9nOo6EtZay2vAebfwkhsk6k=; b=FrRBa18/Hq7+rC2XdUaUre6/RgP19KWUYHr+B7uEQ30krM13N8tF33yVmwQnvwlsyR 4dtEmXJKvA6X85uvTtg0jAqGe1eaQDyRYsdaF+NPr3UGTvXq73xwoBKdguUqygyEH8B/ b5ryjP0/NoSalQcJQOhCzCozISDfh4Pas2pc2RRi0cFbLydwiAEoEviwOqtBJRO/dyKy Bnu4Ivr/IiMuqCYasOqBVkMo5H52i70JkYF5xDENy5JIrG9430JKG4VH/y1EJljOyVSj nFj8u9yW+EbGsGNgMYnayV+BKn/0Ww/OLScO7lO8bXiMZG5FC6yklgtg1/qy0z6NyQuB hfhQ== X-Gm-Message-State: AOAM530yLgJSKDwXjSAJivF/8n1eTUvYMEJw/qRLOBDNhXaw6HIigw52 Xz8rKe+ZDsnNCRafcqAxj4TSRL7LVpkw7vXiOIfZ X-Received: by 2002:a17:906:7d86:: with SMTP id v6mr38973801ejo.542.1593961794741; Sun, 05 Jul 2020 08:09:54 -0700 (PDT) MIME-Version: 1.0 References: <6abeb26e64489fc29b00c86b60b501c8b7316424.1593198710.git.rgb@redhat.com> In-Reply-To: <6abeb26e64489fc29b00c86b60b501c8b7316424.1593198710.git.rgb@redhat.com> From: Paul Moore Date: Sun, 5 Jul 2020 11:09:43 -0400 Message-ID: Subject: Re: [PATCH ghak90 V9 01/13] audit: collect audit task parameters To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, Ondrej Mosnacek , dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 27, 2020 at 9:21 AM Richard Guy Briggs wrote: > > The audit-related parameters in struct task_struct should ideally be > collected together and accessed through a standard audit API. > > Collect the existing loginuid, sessionid and audit_context together in a > new struct audit_task_info called "audit" in struct task_struct. > > Use kmem_cache to manage this pool of memory. > Un-inline audit_free() to be able to always recover that memory. > > Please see the upstream github issue > https://github.com/linux-audit/audit-kernel/issues/81 > > Signed-off-by: Richard Guy Briggs > Acked-by: Neil Horman > Reviewed-by: Ondrej Mosnacek > --- > include/linux/audit.h | 49 +++++++++++++++++++++++------------ > include/linux/sched.h | 7 +---- > init/init_task.c | 3 +-- > init/main.c | 2 ++ > kernel/audit.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++-- > kernel/audit.h | 5 ++++ > kernel/auditsc.c | 26 ++++++++++--------- > kernel/fork.c | 1 - > 8 files changed, 124 insertions(+), 40 deletions(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 3fcd9ee49734..c2150415f9df 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -100,6 +100,16 @@ enum audit_nfcfgop { > AUDIT_XT_OP_UNREGISTER, > }; > > +struct audit_task_info { > + kuid_t loginuid; > + unsigned int sessionid; > +#ifdef CONFIG_AUDITSYSCALL > + struct audit_context *ctx; > +#endif > +}; > + > +extern struct audit_task_info init_struct_audit; > + > extern int is_audit_feature_set(int which); > > extern int __init audit_register_class(int class, unsigned *list); ... > diff --git a/include/linux/sched.h b/include/linux/sched.h > index b62e6aaf28f0..2213ac670386 100644 > --- a/include/linux/sched.h > +++ b/include/linux/sched.h > @@ -34,7 +34,6 @@ > #include > > /* task_struct member predeclarations (sorted alphabetically): */ > -struct audit_context; > struct backing_dev_info; > struct bio_list; > struct blk_plug; > @@ -946,11 +945,7 @@ struct task_struct { > struct callback_head *task_works; > > #ifdef CONFIG_AUDIT > -#ifdef CONFIG_AUDITSYSCALL > - struct audit_context *audit_context; > -#endif > - kuid_t loginuid; > - unsigned int sessionid; > + struct audit_task_info *audit; > #endif > struct seccomp seccomp; In the early days of this patchset we talked a lot about how to handle the task_struct and the changes that would be necessary, ultimately deciding that encapsulating all of the audit fields into an audit_task_info struct. However, what is puzzling me a bit at this moment is why we are only including audit_task_info in task_info by reference *and* making it a build time conditional (via CONFIG_AUDIT). If audit is enabled at build time it would seem that we are always going to allocate an audit_task_info struct, so I have to wonder why we don't simply embed it inside the task_info struct (similar to the seccomp struct in the snippet above? Of course the audit_context struct needs to remain as is, I'm talking only about the task_info/audit_task_info struct. Richard, I'm sure you can answer this off the top of your head, but I'd have to go digging through the archives to pull out the relevant discussions so I figured I would just ask you for a reminder ... ? I imagine it's also possible things have changed a bit since those early discussions and the solution we arrived at then no longer makes as much sense as it did before. > diff --git a/init/init_task.c b/init/init_task.c > index 15089d15010a..92d34c4b7702 100644 > --- a/init/init_task.c > +++ b/init/init_task.c > @@ -130,8 +130,7 @@ struct task_struct init_task > .thread_group = LIST_HEAD_INIT(init_task.thread_group), > .thread_node = LIST_HEAD_INIT(init_signals.thread_head), > #ifdef CONFIG_AUDIT > - .loginuid = INVALID_UID, > - .sessionid = AUDIT_SID_UNSET, > + .audit = &init_struct_audit, > #endif > #ifdef CONFIG_PERF_EVENTS > .perf_event_mutex = __MUTEX_INITIALIZER(init_task.perf_event_mutex), > diff --git a/init/main.c b/init/main.c > index 0ead83e86b5a..349470ad7458 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -96,6 +96,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -1028,6 +1029,7 @@ asmlinkage __visible void __init start_kernel(void) > nsfs_init(); > cpuset_init(); > cgroup_init(); > + audit_task_init(); > taskstats_init_early(); > delayacct_init(); > > diff --git a/kernel/audit.c b/kernel/audit.c > index 8c201f414226..5d8147a29291 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -203,6 +203,73 @@ struct audit_reply { > struct sk_buff *skb; > }; > > +static struct kmem_cache *audit_task_cache; > + > +void __init audit_task_init(void) > +{ > + audit_task_cache = kmem_cache_create("audit_task", > + sizeof(struct audit_task_info), > + 0, SLAB_PANIC, NULL); > +} > + > +/** > + * audit_alloc - allocate an audit info block for a task > + * @tsk: task > + * > + * Call audit_alloc_syscall to filter on the task information and > + * allocate a per-task audit context if necessary. This is called from > + * copy_process, so no lock is needed. > + */ > +int audit_alloc(struct task_struct *tsk) > +{ > + int ret = 0; > + struct audit_task_info *info; > + > + info = kmem_cache_alloc(audit_task_cache, GFP_KERNEL); > + if (!info) { > + ret = -ENOMEM; > + goto out; > + } > + info->loginuid = audit_get_loginuid(current); > + info->sessionid = audit_get_sessionid(current); > + tsk->audit = info; > + > + ret = audit_alloc_syscall(tsk); > + if (ret) { > + tsk->audit = NULL; > + kmem_cache_free(audit_task_cache, info); > + } > +out: > + return ret; > +} This is a big nitpick, and I'm only mentioning this in the case you need to respin this patchset: the "out" label is unnecessary in the function above. Simply return the error code, there is no need to jump to "out" only to immediately return the error code there and nothing more. > +struct audit_task_info init_struct_audit = { > + .loginuid = INVALID_UID, > + .sessionid = AUDIT_SID_UNSET, > +#ifdef CONFIG_AUDITSYSCALL > + .ctx = NULL, > +#endif > +}; > + > +/** > + * audit_free - free per-task audit info > + * @tsk: task whose audit info block to free > + * > + * Called from copy_process and do_exit > + */ > +void audit_free(struct task_struct *tsk) > +{ > + struct audit_task_info *info = tsk->audit; > + > + audit_free_syscall(tsk); > + /* Freeing the audit_task_info struct must be performed after > + * audit_log_exit() due to need for loginuid and sessionid. > + */ > + info = tsk->audit; > + tsk->audit = NULL; > + kmem_cache_free(audit_task_cache, info); Another nitpick, and this one may even become a moot point given the question posed above. However, is there any reason we couldn't get rid of "info" and simplify this a bit? audit_free_syscall(tsk); kmem_cache_free(audit_task_cache, tsk->audit); tsk->audit = NULL; > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 468a23390457..f00c1da587ea 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1612,7 +1615,6 @@ void __audit_free(struct task_struct *tsk) > if (context->current_state == AUDIT_RECORD_CONTEXT) > audit_log_exit(); > } > - > audit_set_context(tsk, NULL); > audit_free_context(context); > } This nitpick is barely worth the time it is taking me to write this, but the whitespace change above isn't strictly necessary. -- paul moore www.paul-moore.com