[-v2] Audit: push audit success and retcode into arch ptrace.h

Message ID 20110608191910.GA18698@redhat.com
State Not Applicable
Delegated to: David Miller
Headers show

Commit Message

Oleg Nesterov June 8, 2011, 7:19 p.m.
On 06/08, Oleg Nesterov wrote:
> OK. Thanks a lot Eric for your explanations.

Yes. but may I ask another one?

Shouldn't copy_process()->audit_alloc(tsk) path do
clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT) if it doesn't
set tsk->audit_context?

I can be easily wrong, but afaics otherwise the child can run
with TIF_SYSCALL_AUDIT bit copied from parent's thread_info by
dup_task_struct()->setup_thread_stack() and without ->audit_context,
right? For what?

Any other reason why audit_syscall_entry() checks context != NULL?

IOW. Any reason the patch below is wrong?

I am just curious, thanks.


To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


--- x/kernel/auditsc.c
+++ x/kernel/auditsc.c
@@ -885,6 +885,8 @@  int audit_alloc(struct task_struct *tsk)
 	if (likely(!audit_ever_enabled))
 		return 0; /* Return if not auditing. */
+	clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
 	state = audit_filter_task(tsk, &key);
 	if (likely(state == AUDIT_DISABLED))
 		return 0;
@@ -1591,9 +1593,7 @@  void audit_syscall_entry(int arch, int m
 	struct audit_context *context = tsk->audit_context;
 	enum audit_state     state;
-	if (unlikely(!context))
-		return;
+	BUG_ON(!context);
 	 * This happens only on certain architectures that make system
 	 * calls in kernel_thread via the entry.S interface, instead of