From patchwork Sun May 13 01:58:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Guy Briggs X-Patchwork-Id: 10396039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3E489600D0 for ; Sun, 13 May 2018 02:00:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2EB6328FCC for ; Sun, 13 May 2018 02:00:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 233FC28FF8; Sun, 13 May 2018 02:00:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8A0F28FE8 for ; Sun, 13 May 2018 02:00:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752018AbeEMB7q (ORCPT ); Sat, 12 May 2018 21:59:46 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:55042 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751129AbeEMB7m (ORCPT ); Sat, 12 May 2018 21:59:42 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E302C406F11F; Sun, 13 May 2018 01:59:41 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-35.rdu2.redhat.com [10.10.112.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id 37DA410E51A6; Sun, 13 May 2018 01:59:38 +0000 (UTC) From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML , Linux NetDev Upstream Mailing List , Netfilter Devel List , Linux Security Module list , Integrity Measurement Architecture , SElinux list Cc: Eric Paris , Paul Moore , Steve Grubb , Ingo Molnar , David Howells , Richard Guy Briggs Subject: [PATCH ghak81 RFC V2 4/5] audit: use inline function to set audit context Date: Sat, 12 May 2018 21:58:21 -0400 Message-Id: <567735cef55507a38120e30bea178980bb146313.1526173613.git.rgb@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Sun, 13 May 2018 01:59:41 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Sun, 13 May 2018 01:59:41 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Recognizing that the audit context is an internal audit value, use an access function to set the audit context pointer for the task rather than reaching directly into the task struct to set it. Signed-off-by: Richard Guy Briggs --- include/linux/audit.h | 6 ++++++ kernel/auditsc.c | 7 +++---- kernel/fork.c | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index 786aa8e..f7973e4 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -235,6 +235,10 @@ extern void __audit_inode_child(struct inode *parent, extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); +static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) +{ + task->audit_context = ctx; +} static inline struct audit_context *audit_context(void) { return current->audit_context; @@ -472,6 +476,8 @@ static inline bool audit_dummy_context(void) { return true; } +static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx) +{ } static inline struct audit_context *audit_context(void) { return NULL; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ecc0c23..d441d68 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -865,7 +865,7 @@ static inline struct audit_context *audit_take_context(struct task_struct *tsk, audit_filter_inodes(tsk, context); } - tsk->audit_context = NULL; + audit_set_context(tsk, NULL); return context; } @@ -952,7 +952,7 @@ int audit_alloc(struct task_struct *tsk) } context->filterkey = key; - tsk->audit_context = context; + audit_set_context(tsk, context); set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); return 0; } @@ -1554,7 +1554,6 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, */ void __audit_syscall_exit(int success, long return_code) { - struct task_struct *tsk = current; struct audit_context *context; if (success) @@ -1589,7 +1588,7 @@ void __audit_syscall_exit(int success, long return_code) kfree(context->filterkey); context->filterkey = NULL; } - tsk->audit_context = context; + audit_set_context(current, context); } static inline void handle_one(const struct inode *inode) diff --git a/kernel/fork.c b/kernel/fork.c index 242c8c9..cd18448 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1713,7 +1713,7 @@ static __latent_entropy struct task_struct *copy_process( p->start_time = ktime_get_ns(); p->real_start_time = ktime_get_boot_ns(); p->io_context = NULL; - p->audit_context = NULL; + audit_set_context(p, NULL); cgroup_fork(p); #ifdef CONFIG_NUMA p->mempolicy = mpol_dup(p->mempolicy);