From: Steve Grubb <sgrubb@redhat.com>
To: paul@paul-moore.com, eparis@redhat.com, rgb@redhat.com,
linux-audit@redhat.com
Cc: wangweiyang2@huawei.com, linux-audit@redhat.com,
linux-kernel@vger.kernel.org,
Gaosheng Cui <cuigaosheng1@huawei.com>
Subject: Re: [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority
Date: Tue, 19 Oct 2021 10:51:00 -0400 [thread overview]
Message-ID: <5543735.DvuYhMxLoT@x2> (raw)
In-Reply-To: <20211016072351.237745-3-cuigaosheng1@huawei.com>
Hello,
On Saturday, October 16, 2021 3:23:51 AM EDT Gaosheng Cui wrote:
> It is not necessary for audit_filter_rules() functions to check
> audit fileds of the rule with a lower priority, and if we did,
> there might be some unintended effects, such as the ctx->ppid
> may be changed unexpectedly, so return early if the rule has
> a lower priority.
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
> ---
> kernel/auditsc.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 42d4a4320526..b517947bfa48 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk,
> u32 sid;
> unsigned int sessionid;
>
> + if (ctx && rule->prio <= ctx->prio)
> + return 0;
> +
Just wondering something... If the first thing we do is to decide to return,
should we have called the function in the first place? I wonder if this test
should be used to break out of the rule iteration loops so that we don't keep
calling only to return ?
-Steve
> cred = rcu_dereference_check(tsk->cred, tsk == current ||
task_creation);
>
> for (i = 0; i < rule->field_count; i++) {
> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk,
> }
>
> if (ctx) {
> - if (rule->prio <= ctx->prio)
> - return 0;
> if (rule->filterkey) {
> kfree(ctx->filterkey);
> ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
WARNING: multiple messages have this Message-ID (diff)
From: Steve Grubb <sgrubb@redhat.com>
To: paul@paul-moore.com, eparis@redhat.com, rgb@redhat.com,
linux-audit@redhat.com
Cc: wangweiyang2@huawei.com, linux-audit@redhat.com,
linux-kernel@vger.kernel.org,
Gaosheng Cui <cuigaosheng1@huawei.com>
Subject: Re: [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority
Date: Tue, 19 Oct 2021 10:51:00 -0400 [thread overview]
Message-ID: <5543735.DvuYhMxLoT@x2> (raw)
In-Reply-To: <20211016072351.237745-3-cuigaosheng1@huawei.com>
Hello,
On Saturday, October 16, 2021 3:23:51 AM EDT Gaosheng Cui wrote:
> It is not necessary for audit_filter_rules() functions to check
> audit fileds of the rule with a lower priority, and if we did,
> there might be some unintended effects, such as the ctx->ppid
> may be changed unexpectedly, so return early if the rule has
> a lower priority.
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
> ---
> kernel/auditsc.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 42d4a4320526..b517947bfa48 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -470,6 +470,9 @@ static int audit_filter_rules(struct task_struct *tsk,
> u32 sid;
> unsigned int sessionid;
>
> + if (ctx && rule->prio <= ctx->prio)
> + return 0;
> +
Just wondering something... If the first thing we do is to decide to return,
should we have called the function in the first place? I wonder if this test
should be used to break out of the rule iteration loops so that we don't keep
calling only to return ?
-Steve
> cred = rcu_dereference_check(tsk->cred, tsk == current ||
task_creation);
>
> for (i = 0; i < rule->field_count; i++) {
> @@ -737,8 +740,6 @@ static int audit_filter_rules(struct task_struct *tsk,
> }
>
> if (ctx) {
> - if (rule->prio <= ctx->prio)
> - return 0;
> if (rule->filterkey) {
> kfree(ctx->filterkey);
> ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
next prev parent reply other threads:[~2021-10-19 14:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-16 7:23 [PATCH -next,v3 0/2] Audit: fix warning and check priority early Gaosheng Cui
2021-10-16 7:23 ` Gaosheng Cui
2021-10-16 7:23 ` [PATCH -next, v3 1/2] audit: fix possible null-pointer dereference in audit_filter_rules Gaosheng Cui
2021-10-16 7:23 ` [PATCH -next,v3 " Gaosheng Cui
2021-10-18 22:28 ` [PATCH -next, v3 " Paul Moore
2021-10-18 22:28 ` [PATCH -next,v3 " Paul Moore
2021-10-16 7:23 ` [PATCH -next, v3 2/2] audit: return early if the rule has a lower priority Gaosheng Cui
2021-10-16 7:23 ` [PATCH -next,v3 " Gaosheng Cui
2021-10-18 22:38 ` [PATCH -next, v3 " Paul Moore
2021-10-18 22:38 ` [PATCH -next,v3 " Paul Moore
2021-10-19 14:51 ` Steve Grubb [this message]
2021-10-19 14:51 ` [PATCH -next, v3 " Steve Grubb
2021-10-19 14:53 ` Paul Moore
2021-10-19 14:53 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5543735.DvuYhMxLoT@x2 \
--to=sgrubb@redhat.com \
--cc=cuigaosheng1@huawei.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
--cc=wangweiyang2@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.