Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2612967pxb; Sun, 17 Oct 2021 20:30:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqed8m4P67evTugAewe5HyISZDA7TAEje+2KwpHLEBxXayhIkFAVtulH0tXCkjTUcQM5JZ X-Received: by 2002:a17:90a:c087:: with SMTP id o7mr44822932pjs.30.1634527841034; Sun, 17 Oct 2021 20:30:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634527841; cv=none; d=google.com; s=arc-20160816; b=dIR8b+RonQujRx0FYSwfuS0s/azl3qyNiCEluR8C8vy4GPvHqlbg9r9QFE8liRZ7wA Aie1+p/LqlnQ9g5o/ScKypm/1YU2NXVPnTMbzzCsddn3kWa8F6qAM8P0Oefc4ejqqS92 1FwDyL7p5cih0+CbFodKGhJxkM2UqYVGCvVpU0TFf9KRWYnCpTjnj5MnaovWoue4dnzS I6U16vURU7qe6gHLy0uaGWQH674jSmvpRpirMF0FSAWPXmf6Xaqdd4Cs9TmcHGwAdTJY klsTNvUCe146i3K3/WeJT0ob9PRB5pctKz3PgVosSflBwjPRJhz47vezBgnl0DnIKkKx S64Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=R7bKjflNKt6hw8ruooJDVA2iRmTw638DjwcBcfuXqck=; b=ZzL2DoOGF6qRNx3FYNfBwtwHk+ejZhjxcEGN/skiySLmd69tbwrUTaRq/uIxXTwRp6 fZ4zqfW3EA/YvTdyYz9xHmMxwtQv5QRhzLs/G90Q492/01hekdHH34Ew2AJjysurb770 d48kJ+3PmYXRtU2g9+eW4Nd5QSpZpabLSEDrcKgGwDWFfDGtctCwPDVvzV/BskfdfCrV OAVSss4Z/nj3EHT654nCv/60DmC9u51eQJC83YqND68DXtvgs2Nuw8qKpsc9SEBWqO3h wGaY/p4KIXhsYvqtG10wShXu58KDnjwiaFbsOi5i9deSlc1Hv1Zb/f2Gul7jpkPO+FGl /FkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c11si3367114plo.5.2021.10.17.20.30.28; Sun, 17 Oct 2021 20:30:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240072AbhJPIFo (ORCPT + 98 others); Sat, 16 Oct 2021 04:05:44 -0400 Received: from szxga03-in.huawei.com ([45.249.212.189]:25194 "EHLO szxga03-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239957AbhJPIFC (ORCPT ); Sat, 16 Oct 2021 04:05:02 -0400 Received: from dggeme762-chm.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4HWbDc2y01z8tf3; Sat, 16 Oct 2021 16:01:04 +0800 (CST) Received: from [10.67.110.176] (10.67.110.176) by dggeme762-chm.china.huawei.com (10.3.19.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Sat, 16 Oct 2021 16:02:14 +0800 Subject: Re: [PATCH -next,v2 2/2] audit: return early if the rule has a lower priority To: Paul Moore CC: Eric Paris , , , , References: <20211013091208.36209-1-cuigaosheng1@huawei.com> <20211013091208.36209-3-cuigaosheng1@huawei.com> From: cuigaosheng Message-ID: <0e4cf616-c362-9748-7803-07aedde5f62e@huawei.com> Date: Sat, 16 Oct 2021 16:02:13 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.110.176] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggeme762-chm.china.huawei.com (10.3.19.108) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I have done some testing with this patch, we have some testsuites to verify the function of audit, and i will test it with the audit-testsuite. Thanks. Gaosheng 在 2021/10/14 5:15, Paul Moore 写道: > On Wed, Oct 13, 2021 at 5:10 AM Gaosheng Cui wrote: >> It is not necessary for audit_filter_rules() functions to check >> audit fileds of the rule with a lower priority, and if we did, >> there might be some unintended effects, such as the ctx->ppid >> may be changed unexpectedly, so return early if the rule has >> a lower priority. >> >> Signed-off-by: Gaosheng Cui >> --- >> kernel/auditsc.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) > Thanks for this patch, it looks reasonable to me but have you done any > testing with this patch? If so, what have you done? > > As a FYI, the audit-testsuite project lives here: > * https://github.com/linux-audit/audit-testsuite > >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index 42d4a4320526..b517947bfa48 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk, >> u32 sid; >> unsigned int sessionid; >> >> + if (ctx && rule->prio <= ctx->prio) >> + return 0; >> + >> cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); >> >> for (i = 0; i < rule->field_count; i++) { >> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk, >> } >> >> if (ctx) { >> - if (rule->prio <= ctx->prio) >> - return 0; >> if (rule->filterkey) { >> kfree(ctx->filterkey); >> ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); >> -- >> 2.30.0