Re: [PATCH 1/1] fix several things in ipsec audit

[Joy Latten <latten@austin.ibm.com>]

Oh my gosh, sorry!! 
I rebased my original lspp patches to 2.6.19-rc6 from kernel.org in
order to send upstream. I wanted to send patch against whatever was
latest in kernel.org. 
After sending first patch to netdev, I noticed I had messed up a line
(in xfrm_state.c) when rebasing, although code compiles and still works
fine. This little mess up is not in my lspp patch, just rebased one. 
I also needed to allow ipsec auditing to be disabled, so I included
both fixes in one patch. My mistake. The second patch was only built
against my "rebased" 2.6.19-rc6 kernel.  I should have also created an
lspp patch for the second change! My fault! I can create one against
lspp56 kerel source for second change and send to you asap. The netdev
patches should be ok since everything sent to netdev was based on
2.6.19-rc6. I think James has already applied in git tree.


Joy

On Fri, 2006-12-01 at 16:26 -0500, Eric Paris wrote:
> On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote:
> > --- linux-2.6.18-patch/include/net/xfrm.h	2006-11-27 12:29:11.000000000 -0600
> > +++ linux-2.6.18-patch.2/include/net/xfrm.h	2006-11-28 13:26:49.000000000 -0600
> > @@ -395,8 +395,13 @@ struct xfrm_audit
> >  	uid_t	loginuid;
> >  	u32	secid;
> >  };
> > -void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> > +
> > +#ifdef CONFIG_AUDITSYSCALL
> > +extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> >  		    struct xfrm_policy *xp, struct xfrm_state *x);
> > +#else
> > +#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
> > +#endif /* CONFIG_AUDITSYSCALL */
> >  
> >  static inline void xfrm_pol_hold(struct xfrm_policy *policy)
> >  {
> 
> This chunk failed to apply.  I believe it is a while space problem with
> the second line vs what you sent in the original patch.  But I'm not
> sure.
> 
> Chunk 2 had some fuzz, which may have been a result of being in the RHEL
> kernel rather thanupstream.
> 
> > diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
> > --- linux-2.6.18-patch/net/xfrm/xfrm_state.c	2006-11-27 12:29:33.000000000 -0600
> > +++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c	2006-11-28 12:58:56.000000000 -0600
> > @@ -407,7 +407,6 @@ restart:
> >  				xfrm_state_hold(x);
> >  				spin_unlock_bh(&xfrm_state_lock);
> >  
> > -				xfrm_state_delete(x);
> >  				err = xfrm_state_delete(x);
> >  				xfrm_audit_log(audit_info->loginuid,
> >  					       audit_info->secid,
> > 
> 
> 
> what is this?  Going back to: [PATCH 1/1]:ipsec audit: additional change
> when AUDITSYSCALL is off
> 
> I see:
> 
> @@ -298,7 +306,13 @@ restart:
>                                 xfrm_state_hold(x);
>                                 spin_unlock_bh(&xfrm_state_lock);
>  
> -                               xfrm_state_delete(x);
> +                               err = xfrm_state_delete(x);
> +
> +                               xfrm_audit_log(audit_info->loginuid,
> +                                              audit_info->secid, 
> +                                              AUDIT_MAC_IPSEC_DELSA, 
> +                                              err ? 0 : 1, NULL, x);
> +
>                                 xfrm_state_put(x);
> 
> Looks like you are deleting a line you already deleted, you are missing
> newlines, all sorts of things aren't right.
> 
> In any case your second patch doesn't apply on top of the first.  Can we
> get a single complete patch against 2.6.20-net and get it sent to audit,
> netdev, and make sure that jmorris, aviro, and dwmw2@infradead.org are
> cc'd as absolutely soon as possible?
> 
> -Eric