[PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Davidlohr Bueso]

From: Davidlohr Bueso <dave@stgolabs.net>

This patch adds a audit_log_d_path_exe() helper function
to share how we handle auditing of the exe_file's path.
Used by both audit and auditsc. No functionality is changed.

Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---

Compile tested only.

 kernel/audit.c   |  9 +--------
 kernel/audit.h   | 14 ++++++++++++++
 kernel/auditsc.c |  9 +--------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 72ab759..9b49f76 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1842,7 +1842,6 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
 	const struct cred *cred;
 	char comm[sizeof(tsk->comm)];
-	struct mm_struct *mm = tsk->mm;
 	char *tty;
 
 	if (!ab)
@@ -1878,13 +1877,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 	audit_log_format(ab, " comm=");
 	audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
 
-	if (mm) {
-		down_read(&mm->mmap_sem);
-		if (mm->exe_file)
-			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-		up_read(&mm->mmap_sem);
-	} else
-		audit_log_format(ab, " exe=(null)");
+	audit_log_d_path_exe(ab, tsk->mm);
 	audit_log_task_context(ab);
 }
 EXPORT_SYMBOL(audit_log_task_info);
diff --git a/kernel/audit.h b/kernel/audit.h
index 1caa0d3..510901f 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -257,6 +257,20 @@ extern struct list_head audit_filter_list[];
 
 extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
 
+static inline void audit_log_d_path_exe(struct audit_buffer *ab,
+					struct mm_struct *mm)
+{
+	if (!mm) {
+		audit_log_format(ab, " exe=(null)");
+		return;
+	}
+
+	down_read(&mm->mmap_sem);
+	if (mm->exe_file)
+		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
+	up_read(&mm->mmap_sem);
+}
+
 /* audit watch functions */
 #ifdef CONFIG_AUDIT_WATCH
 extern void audit_put_watch(struct audit_watch *watch);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index dc4ae70..84c74d0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2361,7 +2361,6 @@ static void audit_log_task(struct audit_buffer *ab)
 	kuid_t auid, uid;
 	kgid_t gid;
 	unsigned int sessionid;
-	struct mm_struct *mm = current->mm;
 	char comm[sizeof(current->comm)];
 
 	auid = audit_get_loginuid(current);
@@ -2376,13 +2375,7 @@ static void audit_log_task(struct audit_buffer *ab)
 	audit_log_task_context(ab);
 	audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
 	audit_log_untrustedstring(ab, get_task_comm(comm, current));
-	if (mm) {
-		down_read(&mm->mmap_sem);
-		if (mm->exe_file)
-			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-		up_read(&mm->mmap_sem);
-	} else
-		audit_log_format(ab, " exe=(null)");
+	audit_log_d_path_exe(ab, current->mm);
 }
 
 /**
-- 
2.1.4

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Paul Moore]

On Wed, Feb 18, 2015 at 7:10 PM, Davidlohr Bueso <dbueso@suse.de> wrote:
> From: Davidlohr Bueso <dave@stgolabs.net>
>
> This patch adds a audit_log_d_path_exe() helper function
> to share how we handle auditing of the exe_file's path.
> Used by both audit and auditsc. No functionality is changed.
>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Eric Paris <eparis@redhat.com>
> Cc: linux-audit@redhat.com
> Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
> ---
>
> Compile tested only.
>
>  kernel/audit.c   |  9 +--------
>  kernel/audit.h   | 14 ++++++++++++++
>  kernel/auditsc.c |  9 +--------
>  3 files changed, 16 insertions(+), 16 deletions(-)

I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.

> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -257,6 +257,20 @@ extern struct list_head audit_filter_list[];
>
>  extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
>
> +static inline void audit_log_d_path_exe(struct audit_buffer *ab,
> +                                       struct mm_struct *mm)
> +{
> +       if (!mm) {
> +               audit_log_format(ab, " exe=(null)");
> +               return;
> +       }
> +
> +       down_read(&mm->mmap_sem);
> +       if (mm->exe_file)
> +               audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> +       up_read(&mm->mmap_sem);
> +}
> +
>  /* audit watch functions */
>  #ifdef CONFIG_AUDIT_WATCH
>  extern void audit_put_watch(struct audit_watch *watch);

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Davidlohr Bueso]

On Wed, 2015-02-18 at 22:23 -0500, Paul Moore wrote:
> I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.

What do you have in mind? At least in code size static inlining wins:

   text    data     bss     dec     hex filename
  14423     284     676   15383    3c17 kernel/audit.o
  14407     284     676   15367    3c07 kernel/audit.o-thispatch
  14474     284     676   15434    3c4a kernel/audit.o-noninline


Thanks,
Davidlohr

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Paul Moore]

On Fri, Feb 20, 2015 at 8:23 PM, Davidlohr Bueso <dave@stgolabs.net> wrote:
> On Wed, 2015-02-18 at 22:23 -0500, Paul Moore wrote:
>> I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.
>
> What do you have in mind?

Pretty much what I said before, audit_log_d_path_exe() as a
traditional function and not an inline.  Put the function in
kernel/audit.c.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Davidlohr Bueso]

On Sat, 2015-02-21 at 08:45 -0500, Paul Moore wrote:
> On Fri, Feb 20, 2015 at 8:23 PM, Davidlohr Bueso <dave@stgolabs.net> wrote:
> > On Wed, 2015-02-18 at 22:23 -0500, Paul Moore wrote:
> >> I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.
> >
> > What do you have in mind?
> 
> Pretty much what I said before, audit_log_d_path_exe() as a
> traditional function and not an inline.  Put the function in
> kernel/audit.c.

well yes I know that, which is why I showed you the code sizes. Now
again, do you have any reason? This function will only get less bulky in
the future.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

[Paul Moore]

On Sat, Feb 21, 2015 at 10:00 AM, Davidlohr Bueso <dave@stgolabs.net> wrote:
> On Sat, 2015-02-21 at 08:45 -0500, Paul Moore wrote:
>> On Fri, Feb 20, 2015 at 8:23 PM, Davidlohr Bueso <dave@stgolabs.net> wrote:
>> > On Wed, 2015-02-18 at 22:23 -0500, Paul Moore wrote:
>> >> I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.
>> >
>> > What do you have in mind?
>>
>> Pretty much what I said before, audit_log_d_path_exe() as a
>> traditional function and not an inline.  Put the function in
>> kernel/audit.c.
>
> well yes I know that, which is why I showed you the code sizes. Now
> again, do you have any reason? This function will only get less bulky in
> the future.

The code size was pretty negligible from my point of view, not enough
to outweigh my preference for a non-inlined version of the function.
Also, I expect this function will be one of the things that gets
shuffled/reworked in the coming months as we make some architectural
changes to audit.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

[PATCH v2 1/3] kernel/audit: consolidate handling of mm->exe_file

[Davidlohr Bueso]

This patch adds a audit_log_d_path_exe() helper function
to share how we handle auditing of the exe_file's path.
Used by both audit and auditsc. No functionality is changed.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---

changes from v1: created normal function for helper.

 kernel/audit.c   | 23 +++++++++++++++--------
 kernel/audit.h   |  3 +++
 kernel/auditsc.c |  9 +--------
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 72ab759..a71cbfe 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1838,11 +1838,24 @@ error_path:
 }
 EXPORT_SYMBOL(audit_log_task_context);
 
+void audit_log_d_path_exe(struct audit_buffer *ab,
+			  struct mm_struct *mm)
+{
+	if (!mm) {
+		audit_log_format(ab, " exe=(null)");
+		return;
+	}
+
+	down_read(&mm->mmap_sem);
+	if (mm->exe_file)
+		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
+	up_read(&mm->mmap_sem);
+}
+
 void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
 	const struct cred *cred;
 	char comm[sizeof(tsk->comm)];
-	struct mm_struct *mm = tsk->mm;
 	char *tty;
 
 	if (!ab)
@@ -1878,13 +1891,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 	audit_log_format(ab, " comm=");
 	audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
 
-	if (mm) {
-		down_read(&mm->mmap_sem);
-		if (mm->exe_file)
-			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-		up_read(&mm->mmap_sem);
-	} else
-		audit_log_format(ab, " exe=(null)");
+	audit_log_d_path_exe(ab, tsk->mm);
 	audit_log_task_context(ab);
 }
 EXPORT_SYMBOL(audit_log_task_info);
diff --git a/kernel/audit.h b/kernel/audit.h
index 1caa0d3..d641f9b 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -257,6 +257,9 @@ extern struct list_head audit_filter_list[];
 
 extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
 
+extern void audit_log_d_path_exe(struct audit_buffer *ab,
+				 struct mm_struct *mm);
+
 /* audit watch functions */
 #ifdef CONFIG_AUDIT_WATCH
 extern void audit_put_watch(struct audit_watch *watch);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index dc4ae70..84c74d0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2361,7 +2361,6 @@ static void audit_log_task(struct audit_buffer *ab)
 	kuid_t auid, uid;
 	kgid_t gid;
 	unsigned int sessionid;
-	struct mm_struct *mm = current->mm;
 	char comm[sizeof(current->comm)];
 
 	auid = audit_get_loginuid(current);
@@ -2376,13 +2375,7 @@ static void audit_log_task(struct audit_buffer *ab)
 	audit_log_task_context(ab);
 	audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
 	audit_log_untrustedstring(ab, get_task_comm(comm, current));
-	if (mm) {
-		down_read(&mm->mmap_sem);
-		if (mm->exe_file)
-			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-		up_read(&mm->mmap_sem);
-	} else
-		audit_log_format(ab, " exe=(null)");
+	audit_log_d_path_exe(ab, current->mm);
 }
 
 /**
-- 
2.1.4





--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH v2 1/3] kernel/audit: consolidate handling of mm->exe_file

[Paul Moore]

On Sunday, February 22, 2015 06:20:00 PM Davidlohr Bueso wrote:
> This patch adds a audit_log_d_path_exe() helper function
> to share how we handle auditing of the exe_file's path.
> Used by both audit and auditsc. No functionality is changed.
> 
> Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
> ---
> 
> changes from v1: created normal function for helper.
> 
>  kernel/audit.c   | 23 +++++++++++++++--------
>  kernel/audit.h   |  3 +++
>  kernel/auditsc.c |  9 +--------
>  3 files changed, 19 insertions(+), 16 deletions(-)

Merged into audit#next.

> diff --git a/kernel/audit.c b/kernel/audit.c
> index 72ab759..a71cbfe 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1838,11 +1838,24 @@ error_path:
>  }
>  EXPORT_SYMBOL(audit_log_task_context);
> 
> +void audit_log_d_path_exe(struct audit_buffer *ab,
> +			  struct mm_struct *mm)
> +{
> +	if (!mm) {
> +		audit_log_format(ab, " exe=(null)");
> +		return;
> +	}
> +
> +	down_read(&mm->mmap_sem);
> +	if (mm->exe_file)
> +		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> +	up_read(&mm->mmap_sem);
> +}
> +
>  void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
>  {
>  	const struct cred *cred;
>  	char comm[sizeof(tsk->comm)];
> -	struct mm_struct *mm = tsk->mm;
>  	char *tty;
> 
>  	if (!ab)
> @@ -1878,13 +1891,7 @@ void audit_log_task_info(struct audit_buffer *ab,
> struct task_struct *tsk) audit_log_format(ab, " comm=");
>  	audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
> 
> -	if (mm) {
> -		down_read(&mm->mmap_sem);
> -		if (mm->exe_file)
> -			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> -		up_read(&mm->mmap_sem);
> -	} else
> -		audit_log_format(ab, " exe=(null)");
> +	audit_log_d_path_exe(ab, tsk->mm);
>  	audit_log_task_context(ab);
>  }
>  EXPORT_SYMBOL(audit_log_task_info);
> diff --git a/kernel/audit.h b/kernel/audit.h
> index 1caa0d3..d641f9b 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -257,6 +257,9 @@ extern struct list_head audit_filter_list[];
> 
>  extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
> 
> +extern void audit_log_d_path_exe(struct audit_buffer *ab,
> +				 struct mm_struct *mm);
> +
>  /* audit watch functions */
>  #ifdef CONFIG_AUDIT_WATCH
>  extern void audit_put_watch(struct audit_watch *watch);
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index dc4ae70..84c74d0 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2361,7 +2361,6 @@ static void audit_log_task(struct audit_buffer *ab)
>  	kuid_t auid, uid;
>  	kgid_t gid;
>  	unsigned int sessionid;
> -	struct mm_struct *mm = current->mm;
>  	char comm[sizeof(current->comm)];
> 
>  	auid = audit_get_loginuid(current);
> @@ -2376,13 +2375,7 @@ static void audit_log_task(struct audit_buffer *ab)
>  	audit_log_task_context(ab);
>  	audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
>  	audit_log_untrustedstring(ab, get_task_comm(comm, current));
> -	if (mm) {
> -		down_read(&mm->mmap_sem);
> -		if (mm->exe_file)
> -			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> -		up_read(&mm->mmap_sem);
> -	} else
> -		audit_log_format(ab, " exe=(null)");
> +	audit_log_d_path_exe(ab, current->mm);
>  }
> 
>  /**

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH v2 1/3] kernel/audit: consolidate handling of mm->exe_file

[Davidlohr Bueso]

On Mon, 2015-02-23 at 16:59 -0500, Paul Moore wrote:
> Merged into audit#next.

hmm Andrew I was hoping you could take these patches. That way we can
easily build on top. Let me know if you think otherwise, as I've got
more ready to send out with a similar email scheme.

Thanks,
Davidlohr

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH v2 1/3] kernel/audit: consolidate handling of mm->exe_file

[Paul Moore]

On Mon, Feb 23, 2015 at 5:02 PM, Davidlohr Bueso <dave@stgolabs.net> wrote:
> On Mon, 2015-02-23 at 16:59 -0500, Paul Moore wrote:
>> Merged into audit#next.
>
> hmm Andrew I was hoping you could take these patches. That way we can
> easily build on top. Let me know if you think otherwise, as I've got
> more ready to send out with a similar email scheme.

FWIW, I merged these two patches into the audit#next branch because
they are contained to audit and have value regardless of what else
happens during this development cycle.  It is just linux-next after
all, not Linus tree so if I need to drop the patches later I can do
that easily enough.  I'd rather get more exposure to the patches than
less, and getting into linux-next now helps that.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

[PATCH 2/3] kernel/audit: robustify handling of mm->exe_file

[Davidlohr Bueso]

From: Davidlohr Bueso <dave@stgolabs.net>

The mm->exe_file is currently serialized with mmap_sem (shared)
in order to both safely (1) read the file and (2) audit it via
audit_log_d_path(). Good users will, on the other hand, make use
of the more standard get_mm_exe_file(), requiring only holding
the mmap_sem to read the value, and relying on reference counting
to make sure that the exe file won't dissapear underneath us.

This is safe as audit_log_d_path() does not need the mmap_sem --
...and if it did we seriously need to fix that.

Additionally, upon NULL return of get_mm_exe_file, we also call
audit_log_format(ab, " exe=(null)").

Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---

Compiled tested only.

 kernel/audit.h | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/kernel/audit.h b/kernel/audit.h
index 510901f..17020f0 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -20,6 +20,7 @@
  */
 
 #include <linux/fs.h>
+#include <linux/file.h>
 #include <linux/audit.h>
 #include <linux/skbuff.h>
 #include <uapi/linux/mqueue.h>
@@ -260,15 +261,20 @@ extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
 static inline void audit_log_d_path_exe(struct audit_buffer *ab,
 					struct mm_struct *mm)
 {
-	if (!mm) {
-		audit_log_format(ab, " exe=(null)");
-		return;
-	}
-
-	down_read(&mm->mmap_sem);
-	if (mm->exe_file)
-		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-	up_read(&mm->mmap_sem);
+	struct file *exe_file;
+
+	if (!mm)
+		goto out_null;
+
+	exe_file = get_mm_exe_file(mm);
+	if (!exe_file)
+		goto out_null;
+
+	audit_log_d_path(ab, " exe=", &exe_file->f_path);
+	fput(exe_file);
+	return;
+out_null:
+	audit_log_format(ab, " exe=(null)");
 }
 
 /* audit watch functions */
-- 
2.1.4

[PATCH v2 2/3] kernel/audit: reduce mmap_sem hold for mm->exe_file

[Davidlohr Bueso]

The mm->exe_file is currently serialized with mmap_sem (shared)
in order to both safely (1) read the file and (2) audit it via
audit_log_d_path(). Good users will, on the other hand, make use
of the more standard get_mm_exe_file(), requiring only holding
the mmap_sem to read the value, and relying on reference counting
to make sure that the exe file won't dissapear underneath us.

Additionally, upon NULL return of get_mm_exe_file, we also call
audit_log_format(ab, " exe=(null)").

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---

changes from v1: rebased on top of 1/1.

 kernel/audit.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index a71cbfe..b446d54 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -43,6 +43,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <linux/file.h>
 #include <linux/init.h>
 #include <linux/types.h>
 #include <linux/atomic.h>
@@ -1841,15 +1842,20 @@ EXPORT_SYMBOL(audit_log_task_context);
 void audit_log_d_path_exe(struct audit_buffer *ab,
 			  struct mm_struct *mm)
 {
-	if (!mm) {
-		audit_log_format(ab, " exe=(null)");
-		return;
-	}
+	struct file *exe_file;
+
+	if (!mm)
+		goto out_null;
 
-	down_read(&mm->mmap_sem);
-	if (mm->exe_file)
-		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
-	up_read(&mm->mmap_sem);
+	exe_file = get_mm_exe_file(mm);
+	if (!exe_file)
+		goto out_null;
+
+	audit_log_d_path(ab, " exe=", &exe_file->f_path);
+	fput(exe_file);
+	return;
+out_null:
+	audit_log_format(ab, " exe=(null)");
 }
 
 void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
-- 
2.1.4




--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH v2 2/3] kernel/audit: reduce mmap_sem hold for mm->exe_file

[Paul Moore]

On Sunday, February 22, 2015 06:20:09 PM Davidlohr Bueso wrote:
> The mm->exe_file is currently serialized with mmap_sem (shared)
> in order to both safely (1) read the file and (2) audit it via
> audit_log_d_path(). Good users will, on the other hand, make use
> of the more standard get_mm_exe_file(), requiring only holding
> the mmap_sem to read the value, and relying on reference counting
> to make sure that the exe file won't dissapear underneath us.
> 
> Additionally, upon NULL return of get_mm_exe_file, we also call
> audit_log_format(ab, " exe=(null)").
> 
> Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
> ---
> 
> changes from v1: rebased on top of 1/1.
> 
>  kernel/audit.c | 22 ++++++++++++++--------
>  1 file changed, 14 insertions(+), 8 deletions(-)

Merged into audit#next.

> diff --git a/kernel/audit.c b/kernel/audit.c
> index a71cbfe..b446d54 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -43,6 +43,7 @@
> 
>  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> 
> +#include <linux/file.h>
>  #include <linux/init.h>
>  #include <linux/types.h>
>  #include <linux/atomic.h>
> @@ -1841,15 +1842,20 @@ EXPORT_SYMBOL(audit_log_task_context);
>  void audit_log_d_path_exe(struct audit_buffer *ab,
>  			  struct mm_struct *mm)
>  {
> -	if (!mm) {
> -		audit_log_format(ab, " exe=(null)");
> -		return;
> -	}
> +	struct file *exe_file;
> +
> +	if (!mm)
> +		goto out_null;
> 
> -	down_read(&mm->mmap_sem);
> -	if (mm->exe_file)
> -		audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> -	up_read(&mm->mmap_sem);
> +	exe_file = get_mm_exe_file(mm);
> +	if (!exe_file)
> +		goto out_null;
> +
> +	audit_log_d_path(ab, " exe=", &exe_file->f_path);
> +	fput(exe_file);
> +	return;
> +out_null:
> +	audit_log_format(ab, " exe=(null)");
>  }
> 
>  void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)

-- 
paul moore
www.paul-moore.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>