Patchwork [-v2] Audit: push audit success and retcode into arch ptrace.h

login
register
mail settings
Submitter Oleg Nesterov
Date June 8, 2011, 7:19 p.m.
Message ID <20110608191910.GA18698@redhat.com>
Download mbox | patch
Permalink /patch/99543/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Oleg Nesterov - June 8, 2011, 7:19 p.m.
On 06/08, Oleg Nesterov wrote:
>
> OK. Thanks a lot Eric for your explanations.

Yes. but may I ask another one?

Shouldn't copy_process()->audit_alloc(tsk) path do
clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT) if it doesn't
set tsk->audit_context?

I can be easily wrong, but afaics otherwise the child can run
with TIF_SYSCALL_AUDIT bit copied from parent's thread_info by
dup_task_struct()->setup_thread_stack() and without ->audit_context,
right? For what?

Any other reason why audit_syscall_entry() checks context != NULL?

IOW. Any reason the patch below is wrong?

I am just curious, thanks.

Oleg.


--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

--- x/kernel/auditsc.c
+++ x/kernel/auditsc.c
@@ -885,6 +885,8 @@  int audit_alloc(struct task_struct *tsk)
 	if (likely(!audit_ever_enabled))
 		return 0; /* Return if not auditing. */
 
+	clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
+
 	state = audit_filter_task(tsk, &key);
 	if (likely(state == AUDIT_DISABLED))
 		return 0;
@@ -1591,9 +1593,7 @@  void audit_syscall_entry(int arch, int m
 	struct audit_context *context = tsk->audit_context;
 	enum audit_state     state;
 
-	if (unlikely(!context))
-		return;
-
+	BUG_ON(!context);
 	/*
 	 * This happens only on certain architectures that make system
 	 * calls in kernel_thread via the entry.S interface, instead of