From: Matt Helsley <matthltc@us.ibm.com>
To: Andrew Morton <akpm@osdl.org>
Cc: Shailabh Nagar <nagar@watson.ibm.com>,
Chandra S Seetharaman <sekharan@us.ibm.com>,
John T Kohl <jtk@us.ibm.com>, Balbir Singh <balbir@in.ibm.com>,
Jes Sorensen <jes@sgi.com>,
Linux-Kernel <linux-kernel@vger.kernel.org>,
linux-audit@redhat.com, Alan Stern <stern@rowland.harvard.edu>,
LSE-Tech <lse-tech@lists.sourceforge.net>,
David Woodhouse <dwmw2@infradead.org>
Subject: [PATCH 06/11] Task watchers: Register audit task watcher
Date: Tue, 13 Jun 2006 16:54:46 -0700 [thread overview]
Message-ID: <1150242886.21787.146.camel@stark> (raw)
In-Reply-To: 20060613235122.130021000@localhost.localdomain
Adapt audit to use task watchers.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-audit@redhat.com
--
kernel/audit.c | 25 ++++++++++++++++++++++++-
kernel/exit.c | 3 ---
kernel/fork.c | 7 +------
3 files changed, 25 insertions(+), 10 deletions(-)
Index: linux-2.6.17-rc5-mm2/kernel/exit.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/exit.c
+++ linux-2.6.17-rc5-mm2/kernel/exit.c
@@ -35,11 +35,10 @@
#include <linux/posix-timers.h>
#include <linux/mutex.h>
#include <linux/futex.h>
#include <linux/compat.h>
#include <linux/pipe_fs_i.h>
-#include <linux/audit.h> /* for audit_free() */
#include <linux/resource.h>
#include <linux/notifier.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
@@ -914,12 +913,10 @@ fastcall NORET_TYPE void do_exit(long co
exit_robust_list(tsk);
#ifdef CONFIG_COMPAT
if (unlikely(tsk->compat_robust_list))
compat_exit_robust_list(tsk);
#endif
- if (unlikely(tsk->audit_context))
- audit_free(tsk);
tsk->exit_code = code;
taskstats_exit_send(tsk, tidstats, tgidstats);
taskstats_exit_free(tidstats, tgidstats);
delayacct_tsk_exit(tsk);
notify_result = notify_watchers(WATCH_TASK_FREE, tsk);
Index: linux-2.6.17-rc5-mm2/kernel/audit.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/audit.c
+++ linux-2.6.17-rc5-mm2/kernel/audit.c
@@ -46,10 +46,11 @@
#include <asm/atomic.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/err.h>
#include <linux/kthread.h>
+#include <linux/notifier.h>
#include <linux/audit.h>
#include <net/sock.h>
#include <net/netlink.h>
@@ -64,10 +65,30 @@
static int audit_initialized;
/* No syscall auditing will take place unless audit_enabled != 0. */
int audit_enabled;
+static int audit_task(struct notifier_block *nb, unsigned long val, void *t)
+{
+ struct task_struct *tsk = t;
+
+ switch(get_watch_event(val)) {
+ case WATCH_TASK_INIT:
+ /* Hack: -EFOO sets NOTIFY_STOP_MASK */
+ return audit_alloc(tsk);
+ case WATCH_TASK_FREE:
+ if (unlikely(tsk->audit_context))
+ audit_free(tsk);
+ default:
+ return NOTIFY_DONE;
+ }
+}
+
+static struct notifier_block __read_mostly audit_watch_tasks_nb = {
+ .notifier_call = audit_task,
+};
+
/* Default state when kernel boots without any parameters. */
static int audit_default;
/* If auditing cannot proceed, audit_failure selects what happens. */
static int audit_failure = AUDIT_FAIL_PRINTK;
@@ -707,12 +728,14 @@ static int __init audit_enable(char *str
{
audit_default = !!simple_strtol(str, NULL, 0);
printk(KERN_INFO "audit: %s%s\n",
audit_default ? "enabled" : "disabled",
audit_initialized ? "" : " (after initialization)");
- if (audit_initialized)
+ if (audit_initialized) {
audit_enabled = audit_default;
+ register_task_watcher(&audit_watch_tasks_nb);
+ }
return 1;
}
__setup("audit=", audit_enable);
Index: linux-2.6.17-rc5-mm2/kernel/fork.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/fork.c
+++ linux-2.6.17-rc5-mm2/kernel/fork.c
@@ -38,11 +38,10 @@
#include <linux/jiffies.h>
#include <linux/futex.h>
#include <linux/rcupdate.h>
#include <linux/ptrace.h>
#include <linux/mount.h>
-#include <linux/audit.h>
#include <linux/profile.h>
#include <linux/rmap.h>
#include <linux/acct.h>
#include <linux/delayacct.h>
#include <linux/notifier.h>
@@ -1088,15 +1087,13 @@ static task_t *copy_process(unsigned lon
p->softirq_context = 0;
#endif
if ((retval = security_task_alloc(p)))
goto bad_fork_cleanup_policy;
- if ((retval = audit_alloc(p)))
- goto bad_fork_cleanup_security;
/* copy all the process information */
if ((retval = copy_semundo(clone_flags, p)))
- goto bad_fork_cleanup_audit;
+ goto bad_fork_cleanup_security;
if ((retval = copy_files(clone_flags, p)))
goto bad_fork_cleanup_semundo;
if ((retval = copy_fs(clone_flags, p)))
goto bad_fork_cleanup_files;
if ((retval = copy_sighand(clone_flags, p)))
@@ -1270,12 +1267,10 @@ bad_fork_cleanup_fs:
exit_fs(p); /* blocking */
bad_fork_cleanup_files:
exit_files(p); /* blocking */
bad_fork_cleanup_semundo:
exit_sem(p);
-bad_fork_cleanup_audit:
- audit_free(p);
bad_fork_cleanup_security:
security_task_free(p);
notify_result = notify_watchers(WATCH_TASK_FREE, p);
WARN_ON(notify_result & NOTIFY_STOP_MASK);
bad_fork_cleanup_policy:
--
WARNING: multiple messages have this Message-ID (diff)
From: Matt Helsley <matthltc@us.ibm.com>
To: Andrew Morton <akpm@osdl.org>
Cc: Linux-Kernel <linux-kernel@vger.kernel.org>,
Jes Sorensen <jes@sgi.com>,
LSE-Tech <lse-tech@lists.sourceforge.net>,
Chandra S Seetharaman <sekharan@us.ibm.com>,
Alan Stern <stern@rowland.harvard.edu>,
John T Kohl <jtk@us.ibm.com>, Balbir Singh <balbir@in.ibm.com>,
Shailabh Nagar <nagar@watson.ibm.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-audit@redhat.com
Subject: [PATCH 06/11] Task watchers: Register audit task watcher
Date: Tue, 13 Jun 2006 16:54:46 -0700 [thread overview]
Message-ID: <1150242886.21787.146.camel@stark> (raw)
In-Reply-To: 20060613235122.130021000@localhost.localdomain
Adapt audit to use task watchers.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-audit@redhat.com
--
kernel/audit.c | 25 ++++++++++++++++++++++++-
kernel/exit.c | 3 ---
kernel/fork.c | 7 +------
3 files changed, 25 insertions(+), 10 deletions(-)
Index: linux-2.6.17-rc5-mm2/kernel/exit.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/exit.c
+++ linux-2.6.17-rc5-mm2/kernel/exit.c
@@ -35,11 +35,10 @@
#include <linux/posix-timers.h>
#include <linux/mutex.h>
#include <linux/futex.h>
#include <linux/compat.h>
#include <linux/pipe_fs_i.h>
-#include <linux/audit.h> /* for audit_free() */
#include <linux/resource.h>
#include <linux/notifier.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
@@ -914,12 +913,10 @@ fastcall NORET_TYPE void do_exit(long co
exit_robust_list(tsk);
#ifdef CONFIG_COMPAT
if (unlikely(tsk->compat_robust_list))
compat_exit_robust_list(tsk);
#endif
- if (unlikely(tsk->audit_context))
- audit_free(tsk);
tsk->exit_code = code;
taskstats_exit_send(tsk, tidstats, tgidstats);
taskstats_exit_free(tidstats, tgidstats);
delayacct_tsk_exit(tsk);
notify_result = notify_watchers(WATCH_TASK_FREE, tsk);
Index: linux-2.6.17-rc5-mm2/kernel/audit.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/audit.c
+++ linux-2.6.17-rc5-mm2/kernel/audit.c
@@ -46,10 +46,11 @@
#include <asm/atomic.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/err.h>
#include <linux/kthread.h>
+#include <linux/notifier.h>
#include <linux/audit.h>
#include <net/sock.h>
#include <net/netlink.h>
@@ -64,10 +65,30 @@
static int audit_initialized;
/* No syscall auditing will take place unless audit_enabled != 0. */
int audit_enabled;
+static int audit_task(struct notifier_block *nb, unsigned long val, void *t)
+{
+ struct task_struct *tsk = t;
+
+ switch(get_watch_event(val)) {
+ case WATCH_TASK_INIT:
+ /* Hack: -EFOO sets NOTIFY_STOP_MASK */
+ return audit_alloc(tsk);
+ case WATCH_TASK_FREE:
+ if (unlikely(tsk->audit_context))
+ audit_free(tsk);
+ default:
+ return NOTIFY_DONE;
+ }
+}
+
+static struct notifier_block __read_mostly audit_watch_tasks_nb = {
+ .notifier_call = audit_task,
+};
+
/* Default state when kernel boots without any parameters. */
static int audit_default;
/* If auditing cannot proceed, audit_failure selects what happens. */
static int audit_failure = AUDIT_FAIL_PRINTK;
@@ -707,12 +728,14 @@ static int __init audit_enable(char *str
{
audit_default = !!simple_strtol(str, NULL, 0);
printk(KERN_INFO "audit: %s%s\n",
audit_default ? "enabled" : "disabled",
audit_initialized ? "" : " (after initialization)");
- if (audit_initialized)
+ if (audit_initialized) {
audit_enabled = audit_default;
+ register_task_watcher(&audit_watch_tasks_nb);
+ }
return 1;
}
__setup("audit=", audit_enable);
Index: linux-2.6.17-rc5-mm2/kernel/fork.c
===================================================================
--- linux-2.6.17-rc5-mm2.orig/kernel/fork.c
+++ linux-2.6.17-rc5-mm2/kernel/fork.c
@@ -38,11 +38,10 @@
#include <linux/jiffies.h>
#include <linux/futex.h>
#include <linux/rcupdate.h>
#include <linux/ptrace.h>
#include <linux/mount.h>
-#include <linux/audit.h>
#include <linux/profile.h>
#include <linux/rmap.h>
#include <linux/acct.h>
#include <linux/delayacct.h>
#include <linux/notifier.h>
@@ -1088,15 +1087,13 @@ static task_t *copy_process(unsigned lon
p->softirq_context = 0;
#endif
if ((retval = security_task_alloc(p)))
goto bad_fork_cleanup_policy;
- if ((retval = audit_alloc(p)))
- goto bad_fork_cleanup_security;
/* copy all the process information */
if ((retval = copy_semundo(clone_flags, p)))
- goto bad_fork_cleanup_audit;
+ goto bad_fork_cleanup_security;
if ((retval = copy_files(clone_flags, p)))
goto bad_fork_cleanup_semundo;
if ((retval = copy_fs(clone_flags, p)))
goto bad_fork_cleanup_files;
if ((retval = copy_sighand(clone_flags, p)))
@@ -1270,12 +1267,10 @@ bad_fork_cleanup_fs:
exit_fs(p); /* blocking */
bad_fork_cleanup_files:
exit_files(p); /* blocking */
bad_fork_cleanup_semundo:
exit_sem(p);
-bad_fork_cleanup_audit:
- audit_free(p);
bad_fork_cleanup_security:
security_task_free(p);
notify_result = notify_watchers(WATCH_TASK_FREE, p);
WARN_ON(notify_result & NOTIFY_STOP_MASK);
bad_fork_cleanup_policy:
--
next prev parent reply other threads:[~2006-06-13 23:54 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060613235122.130021000@localhost.localdomain>
2006-06-13 23:53 ` [PATCH 01/11] Task watchers: Task Watchers Matt Helsley
2006-06-14 0:19 ` Chase Venters
2006-06-14 0:55 ` Matt Helsley
2006-06-13 23:54 ` [PATCH 02/11] Task watchers: Register process events task watcher Matt Helsley
2006-06-14 0:39 ` Chase Venters
2006-06-14 0:52 ` Matt Helsley
2006-06-13 23:54 ` [PATCH 03/11] Task watchers: Refactor process events Matt Helsley
2006-06-14 0:43 ` Chase Venters
2006-06-14 1:11 ` Matt Helsley
2006-06-14 8:09 ` Chase Venters
2006-06-13 23:54 ` [PATCH 04/11] Task watchers: Make process events configurable as a module Matt Helsley
2006-06-14 0:54 ` Chase Venters
2006-06-14 1:18 ` [Lse-tech] " Matt Helsley
2006-06-13 23:54 ` [PATCH 05/11] Task watchers: Allow task watchers to block Matt Helsley
2006-06-13 23:54 ` Matt Helsley [this message]
2006-06-13 23:54 ` [PATCH 06/11] Task watchers: Register audit task watcher Matt Helsley
2006-06-14 14:46 ` Alexander Viro
2006-06-14 14:46 ` Alexander Viro
2006-06-14 23:28 ` Matt Helsley
2006-06-14 23:28 ` Matt Helsley
2006-06-13 23:54 ` [PATCH 07/11] Task watchers: Register per-task delay accounting " Matt Helsley
2006-06-14 3:31 ` Shailabh Nagar
2006-06-14 22:52 ` Matt Helsley
2006-06-13 23:54 ` [PATCH 08/11] Task watchers: Register profile as a " Matt Helsley
2006-06-14 0:59 ` Chase Venters
2006-06-14 1:16 ` [Lse-tech] " Matt Helsley
2006-06-13 23:55 ` [PATCH 09/11] Task watchers: Add support for per-task watchers Matt Helsley
2006-06-20 5:28 ` Peter Williams
2006-06-20 22:56 ` [Lse-tech] " Matt Helsley
2006-06-20 23:15 ` Andrew Morton
2006-06-20 23:23 ` Peter Williams
2006-06-21 1:20 ` Matt Helsley
2006-06-21 1:46 ` Andrew Morton
2006-06-21 1:55 ` Peter Williams
2006-06-21 13:01 ` Peter Williams
2006-06-21 13:23 ` Peter Williams
2006-06-21 2:28 ` Matt Helsley
2006-06-20 23:21 ` Peter Williams
2006-06-13 23:55 ` [PATCH 10/11] Task watchers: Register semundo task watcher Matt Helsley
2006-06-13 23:55 ` [PATCH 11/11] Task watchers: Register per-task semundo watcher Matt Helsley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1150242886.21787.146.camel@stark \
--to=matthltc@us.ibm.com \
--cc=akpm@osdl.org \
--cc=balbir@in.ibm.com \
--cc=dwmw2@infradead.org \
--cc=jes@sgi.com \
--cc=jtk@us.ibm.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lse-tech@lists.sourceforge.net \
--cc=nagar@watson.ibm.com \
--cc=sekharan@us.ibm.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.