Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
MIME-Version: 1.0
References: <7cff118972930ccb650bd62fbf0d2e8e452d729a.1661395017.git.rgb@redhat.com>
In-Reply-To: <7cff118972930ccb650bd62fbf0d2e8e452d729a.1661395017.git.rgb@redhat.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 25 Aug 2022 09:20:53 -0400
Message-ID: <CAHC9VhTzJT4qBtthQ=ynUHEJY=UJNRFr4wD9G56UaLS_6n+pNg@mail.gmail.com>
Subject: Re: [PATCH ghak138] audit: move audit_return_fixup before the filters
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Eric Paris <eparis@parisplace.org>,
        Steve Grubb <sgrubb@redhat.com>, scorreia@redhat.com,
        omosnace@redhat.com, omoris@redhat.com,
        Eric Paris <eparis@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

On Wed, Aug 24, 2022 at 11:10 PM Richard Guy Briggs <rgb@redhat.com> wrote:
>
> The success and return_code are needed by the filters.  Move
> audit_return_fixup() before the filters.
>
> The pid member of struct audit_context is never used.  Remove it.
>
> The audit_reset_context() comment about unconditionally resetting
> "ctx->state" should read "ctx->context".
>
> The proctitle is intentionally stored between syscalls.  Only free it in
> audit_free_context().
>
> Be explicit in checking the struct audit_context "context" member  enum
> value rather than assuming the order of context enum values.
>
> Cc: stable@vger.kernel.org
> Fixes: 12c5e81d3fd0 ("audit: prepare audit_context for use in calling contexts beyond syscalls")
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  kernel/audit.h   |  2 +-
>  kernel/auditsc.c | 12 ++++++------
>  2 files changed, 7 insertions(+), 7 deletions(-)

[NOTE: dropped the stable kernel alias from my reply]

A couple of things:

* I know you like to CC a lot of people on your patches Richard, but
just a heads-up that you are likely to get a nastygram back from Greg
about CC'ing the stable kernel alias directly.  It's probably worth
re-reading the Documentation/process/stable-kernel-rules.rst docs if
you haven't done so in a while, it's a quick read and I do it myself
every few months.

* I generally ask that people *not* directly add the 'Cc: stable@...`
tag to patches they send to the list, I prefer to add/remove those as
needed.  It's not a hard rule, just something I prefer (and don't
respin patches *only* to remove the tag, but keep this in mind for
future submissions/respins).  If there is ever any concern about the
stable tag I bring that up for discussion on-list, although that has
only ever happened once (twice?) that I can recall; it's usually
pretty obvious.

* Despite what I said about the stable tagging, please continue to add
the 'Fixes: ...' tags for serious bugs, those are good and welcome.

* The audit_return_fixup() is definitely -rc/stable material, which
means it should be split into its own patch.

* The proctitle free change *might* be stable worthy, but I'd like to
hear some more justification of this from you either in a reply on
this thread or in a commit description.  Regardless, just like the
return fix, this should be in a separate patch.

* The enum comparison should be its own patch, with an appropriate
'Fixes:' tag in case the -stable folks want to merge it, but as we
haven't seen any problems with it (and they aren't likely) I wouldn't
tag this for -stable.

* I would suggest the audit_context::pid removal and the comment fix
be separate patches as well.  I would also suggest omitting a 'Fixes:'
tag here as these are far from critical, and things with a fixes tag
tend to get pulled into -stable kernels which I believe would be a
mistake here.

> diff --git a/kernel/audit.h b/kernel/audit.h
> index 58b66543b4d5..d6eb7b59c791 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -133,7 +133,7 @@ struct audit_context {
>         struct sockaddr_storage *sockaddr;
>         size_t sockaddr_len;
>                                 /* Save things to print about task_struct */
> -       pid_t               pid, ppid;
> +       pid_t               ppid;
>         kuid_t              uid, euid, suid, fsuid;
>         kgid_t              gid, egid, sgid, fsgid;
>         unsigned long       personality;
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9226746dcf0a..9f8c05228d6d 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -965,7 +965,7 @@ static void audit_reset_context(struct audit_context *ctx)
>         if (!ctx)
>                 return;
>
> -       /* if ctx is non-null, reset the "ctx->state" regardless */
> +       /* if ctx is non-null, reset the "ctx->context" regardless */
>         ctx->context = AUDIT_CTX_UNUSED;
>         if (ctx->dummy)
>                 return;
> @@ -1002,7 +1002,7 @@ static void audit_reset_context(struct audit_context *ctx)
>         kfree(ctx->sockaddr);
>         ctx->sockaddr = NULL;
>         ctx->sockaddr_len = 0;
> -       ctx->pid = ctx->ppid = 0;
> +       ctx->ppid = 0;
>         ctx->uid = ctx->euid = ctx->suid = ctx->fsuid = KUIDT_INIT(0);
>         ctx->gid = ctx->egid = ctx->sgid = ctx->fsgid = KGIDT_INIT(0);
>         ctx->personality = 0;
> @@ -1016,7 +1016,6 @@ static void audit_reset_context(struct audit_context *ctx)
>         WARN_ON(!list_empty(&ctx->killed_trees));
>         audit_free_module(ctx);
>         ctx->fds[0] = -1;
> -       audit_proctitle_free(ctx);
>         ctx->type = 0; /* reset last for audit_free_*() */
>  }
>
> @@ -1077,6 +1076,7 @@ static inline void audit_free_context(struct audit_context *context)
>  {
>         /* resetting is extra work, but it is likely just noise */
>         audit_reset_context(context);
> +       audit_proctitle_free(context);
>         free_tree_refs(context);
>         kfree(context->filterkey);
>         kfree(context);
> @@ -1940,6 +1940,7 @@ void __audit_uring_exit(int success, long code)
>                 goto out;
>         }
>
> +       audit_return_fixup(ctx, success, code);
>         if (ctx->context == AUDIT_CTX_SYSCALL) {
>                 /*
>                  * NOTE: See the note in __audit_uring_entry() about the case
> @@ -1981,7 +1982,6 @@ void __audit_uring_exit(int success, long code)
>         audit_filter_inodes(current, ctx);
>         if (ctx->current_state != AUDIT_STATE_RECORD)
>                 goto out;
> -       audit_return_fixup(ctx, success, code);
>         audit_log_exit();
>
>  out:
> @@ -2065,13 +2065,13 @@ void __audit_syscall_exit(int success, long return_code)
>         if (!list_empty(&context->killed_trees))
>                 audit_kill_trees(context);
>
> +       audit_return_fixup(context, success, return_code);
>         /* run through both filters to ensure we set the filterkey properly */
>         audit_filter_syscall(current, context);
>         audit_filter_inodes(current, context);
> -       if (context->current_state < AUDIT_STATE_RECORD)
> +       if (context->current_state != AUDIT_STATE_RECORD)
>                 goto out;
>
> -       audit_return_fixup(context, success, return_code);
>         audit_log_exit();
>
>  out:
> --
> 2.27.0

-- 
paul-moore.com