[RFC][PATCH] (#7U3) [linux-2.6.12-rc2-mm1] file system auditing
Steve Grubb
sgrubb at redhat.com
Sat Apr 30 15:09:15 UTC 2005
On Wednesday 27 April 2005 19:17, Timothy R. Chavez wrote:
> diff -Nurp linux-2.6.12-rc2-mm1~orig/include/linux/audit.h
> linux-2.6.12-rc2-mm1~audit/include/linux/audit.h ---
> linux-2.6.12-rc2-mm1~orig/include/linux/audit.h 2005-04-11
> 09:15:03.000000000 -0500 +++
> linux-2.6.12-rc2-mm1~audit/include/linux/audit.h 2005-04-27
> 16:37:54.000000000 -0500 @@ -24,18 +24,27 @@
> #ifndef _LINUX_AUDIT_H_
> #define _LINUX_AUDIT_H_
>
> +#ifdef __KERNEL__
> #include <linux/sched.h>
> #include <linux/elf.h>
>
> +#include <linux/list.h>
> +#include <linux/spinlock.h>
> +#include <asm/atomic.h>
> +#endif
Do you need these headers or just the forward declaration for the data types
used in this header?
>+struct audit_data {
>+ struct audit_wentry *wentry;
>+ struct hlist_head watchlist;
>+ rwlock_t lock;
>+};
audit_data seems very generic. Like something the core auditing system would
have. It would be more meaningful if it were named something related to the
file system or watch. audit_wdata?
>@@ -190,6 +236,7 @@ extern void audit_get_stamp(struct audit
>extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
>extern uid_t audit_get_loginuid(struct audit_context *ctx);
>extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid,
mode_t mode);
>+extern int audit_notify_watch(struct inode *inode, int mask);
>#else
>#define audit_alloc(t) ({ 0; })
>#define audit_free(t) do { ; } while (0)
I wonder if this function declaration should have a #ifdef
CONFIG_AUDITFILESYSTEM around it and then use the macro if not. Same goes for
the function definition in auditsc.c.
(audit.c)
>@@ -416,6 +419,17 @@ static int audit_receive_msg(struct sk_b
> err = -EOPNOTSUPP;
> #endif
> break;
>+ case AUDIT_WATCH_LIST:
>+ err = audit_list_watches(pid, seq);
>+ break;
>+ case AUDIT_WATCH_INS:
>+ case AUDIT_WATCH_REM:
>+ if (nlh->nlmsg_len < sizeof(struct audit_transport))
>+ return -EINVAL;
>+ err = audit_receive_watch(nlh->nlmsg_type,
>+ NETLINK_CB(skb).pid,
Should the call to audit_list_watches be surrounded by #ifdef
CONFIG_AUDITFILESYSTEM and then return -EOPNOTSUPP in the #else? Same with
audit_receive_watch.
Looking through the code for auditfs.c, there is no use of the macros likely
and unlikely to help branch prediction. I'll throw this out to Chris & David,
do we have any critical paths that would benefit from this code being
augmented with those macros?
(auditfs.c)
>+ /* Payload */
>+ memcpy(memblk, &req, sizeof(req));
>+ offset = total - req.fklen;
>+ memcpy(memblk + offset, watch->filterkey, req.fklen);
>+ offset = offset - req.pathlen;
>+ memcpy(memblk + offset, watch->path, req.pathlen);
Are these offsets being calculated right?
Seems like sb
+ memcpy(memblk, &req, sizeof(req));
+ offset = sizeof(req);
+ memcpy(memblk + offset, watch->filterkey, req.fklen);
+ offset += req.fklen;
+ memcpy(memblk + offset, watch->path, req.pathlen)
?
>+int audit_receive_watch(int type, int pid, int uid, int seq,
>+ struct audit_transport *req)
>+{
>+ int ret = 0;
>+ char *path = NULL;
>+ char *filterkey = NULL;
>+
>+ ret = -ENOMEM;
>+ path = kmalloc(req->pathlen, GFP_KERNEL);
>+ if (!path)
>+ goto audit_receive_watch_exit;
>+ strncpy(path, req->buf, req->pathlen);
>+
>+ if (req->fklen) {
>+ filterkey = kmalloc(req->fklen, GFP_KERNEL);
>+ if (!filterkey)
>+ goto audit_receive_watch_exit;
>+ }
>+ strncpy(filterkey, req->buf+req->pathlen, req->fklen);
>+
>+ ret = -EINVAL;
>+ if (!path || strlen(path) + 1 > PATH_MAX)
>+ goto audit_receive_watch_exit;
>+
>+ /* Includes terminating '\0' */
>+ if (req->fklen > AUDIT_FILTERKEY_MAX)
>+ goto audit_receive_watch_exit;
>+
>+ if (req->perms > (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND))
>+ goto audit_receive_watch_exit;
Whatever happened to checking parameters and then allocating memory? I thought
this was done right a few revs ago.
>+int audit_notify_watch(struct inode *inode, int mask)
>+{
>+ int ret = 0;
>+ struct audit_context *context = current->audit_context;
>+ struct audit_aux_data_watched *ax;
>+ struct audit_wentry *wentry = NULL;
>+
>+ if (likely(!context))
>+ goto audit_notify_watch_fail;
Question. If there is no context, is there a possibility of generating one?
Under what circumstances besides no memory would a context not exist?
Based on what I see, I think I can merge the userspace portion for listing
watches. There's cleanups needed, but I think the intent is correct.
-Steve
More information about the Linux-audit
mailing list