* [PATCH V4 (was V6)] generalize audit_del_rule
@ 2015-08-01 19:44 Richard Guy Briggs
2015-08-01 19:44 ` [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted Richard Guy Briggs
0 siblings, 1 reply; 4+ messages in thread
From: Richard Guy Briggs @ 2015-08-01 19:44 UTC (permalink / raw)
To: linux-audit, linux-kernel; +Cc: Richard Guy Briggs, sgrubb, pmoore, eparis
This patch was split out from the audit by executable path patch set due to the
potential to use it elsewhere.
In particular, some questions came up while assessing the potential for code
reuse:
Why does audit_remove_parent_watches() not call audit_del_rule() for
each entry found?
Is audit_signals not properly decremented?
Is audit_n_rules not properly decremented?
Why does kill_rules() not call audit_del_rule() for each entry found?
Is audit_signals not properly decremented?
Is audit_n_rules not properly decremented?
Richard Guy Briggs (1):
audit: save signal match info in case entry passed in is the one
deleted
kernel/auditfilter.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted 2015-08-01 19:44 [PATCH V4 (was V6)] generalize audit_del_rule Richard Guy Briggs @ 2015-08-01 19:44 ` Richard Guy Briggs 2015-08-04 23:04 ` Paul Moore 0 siblings, 1 reply; 4+ messages in thread From: Richard Guy Briggs @ 2015-08-01 19:44 UTC (permalink / raw) To: linux-audit, linux-kernel; +Cc: Richard Guy Briggs, sgrubb, pmoore, eparis Move the access to the entry for audit_match_signal() to the beginning of the function in case the entry found is the same one passed in. This will enable it to be used by audit_remove_mark_rule(). Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- kernel/auditfilter.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 4cb9b44..afb63b3 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -943,6 +943,7 @@ static inline int audit_del_rule(struct audit_entry *entry) int ret = 0; #ifdef CONFIG_AUDITSYSCALL int dont_count = 0; + int match_signal = !audit_match_signal(entry); /* If either of these, don't count towards total */ if (entry->rule.listnr == AUDIT_FILTER_USER || @@ -972,7 +973,7 @@ static inline int audit_del_rule(struct audit_entry *entry) if (!dont_count) audit_n_rules--; - if (!audit_match_signal(entry)) + if (match_signal) audit_signals--; #endif mutex_unlock(&audit_filter_mutex); -- 1.7.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted 2015-08-01 19:44 ` [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted Richard Guy Briggs @ 2015-08-04 23:04 ` Paul Moore 2015-08-05 9:25 ` Richard Guy Briggs 0 siblings, 1 reply; 4+ messages in thread From: Paul Moore @ 2015-08-04 23:04 UTC (permalink / raw) To: Richard Guy Briggs; +Cc: linux-audit, linux-kernel, sgrubb, eparis On Saturday, August 01, 2015 03:44:01 PM Richard Guy Briggs wrote: > Move the access to the entry for audit_match_signal() to the beginning of > the function in case the entry found is the same one passed in. This will > enable it to be used by audit_remove_mark_rule(). > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > --- > kernel/auditfilter.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c > index 4cb9b44..afb63b3 100644 > --- a/kernel/auditfilter.c > +++ b/kernel/auditfilter.c > @@ -943,6 +943,7 @@ static inline int audit_del_rule(struct audit_entry > *entry) int ret = 0; > #ifdef CONFIG_AUDITSYSCALL > int dont_count = 0; > + int match_signal = !audit_match_signal(entry); > > /* If either of these, don't count towards total */ > if (entry->rule.listnr == AUDIT_FILTER_USER || > @@ -972,7 +973,7 @@ static inline int audit_del_rule(struct audit_entry > *entry) if (!dont_count) > audit_n_rules--; > > - if (!audit_match_signal(entry)) > + if (match_signal) > audit_signals--; > #endif > mutex_unlock(&audit_filter_mutex); Why not simply move this second CONFIG_AUDITSYSCALL above the list_del() calls? Am I missing something? Also, while we're fixing up audit_del_rule(), why not also move the mutex_unlock() call to after the "out" jump target and then drop the mutex_unlock() call in the audit_find_rule() error case? Not your fault, but the code seems silly as-is. -- paul moore security @ redhat ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted 2015-08-04 23:04 ` Paul Moore @ 2015-08-05 9:25 ` Richard Guy Briggs 0 siblings, 0 replies; 4+ messages in thread From: Richard Guy Briggs @ 2015-08-05 9:25 UTC (permalink / raw) To: Paul Moore; +Cc: linux-audit, linux-kernel, sgrubb, eparis On 15/08/04, Paul Moore wrote: > On Saturday, August 01, 2015 03:44:01 PM Richard Guy Briggs wrote: > > Move the access to the entry for audit_match_signal() to the beginning of > > the function in case the entry found is the same one passed in. This will > > enable it to be used by audit_remove_mark_rule(). > > > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > > --- > > kernel/auditfilter.c | 3 ++- > > 1 files changed, 2 insertions(+), 1 deletions(-) > > > > diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c > > index 4cb9b44..afb63b3 100644 > > --- a/kernel/auditfilter.c > > +++ b/kernel/auditfilter.c > > @@ -943,6 +943,7 @@ static inline int audit_del_rule(struct audit_entry > > *entry) int ret = 0; > > #ifdef CONFIG_AUDITSYSCALL > > int dont_count = 0; > > + int match_signal = !audit_match_signal(entry); > > > > /* If either of these, don't count towards total */ > > if (entry->rule.listnr == AUDIT_FILTER_USER || > > @@ -972,7 +973,7 @@ static inline int audit_del_rule(struct audit_entry > > *entry) if (!dont_count) > > audit_n_rules--; > > > > - if (!audit_match_signal(entry)) > > + if (match_signal) > > audit_signals--; > > #endif > > mutex_unlock(&audit_filter_mutex); > > Why not simply move this second CONFIG_AUDITSYSCALL above the list_del() > calls? Am I missing something? Good point. That did occur to me at one point when I wasn't in front of the code and promptly forgot once I was. That will neatly remove the temporary variable. > Also, while we're fixing up audit_del_rule(), why not also move the > mutex_unlock() call to after the "out" jump target and then drop the > mutex_unlock() call in the audit_find_rule() error case? Not your fault, but > the code seems silly as-is. Yes, agreed. Another nice catch. These changes will affect "audit by executable" so I'll re-spin that patch set to make it easier to apply. > paul moore - RGB -- Richard Guy Briggs <rbriggs@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-08-05 9:25 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-08-01 19:44 [PATCH V4 (was V6)] generalize audit_del_rule Richard Guy Briggs 2015-08-01 19:44 ` [PATCH V4 (was V6)] audit: save signal match info in case entry passed in is the one deleted Richard Guy Briggs 2015-08-04 23:04 ` Paul Moore 2015-08-05 9:25 ` Richard Guy Briggs
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).