[PATCH 1/1] fix several things in ipsec audit

Fri Dec 1 21:26:33 UTC 2006

On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote:
> --- linux-2.6.18-patch/include/net/xfrm.h	2006-11-27 12:29:11.000000000 -0600
> +++ linux-2.6.18-patch.2/include/net/xfrm.h	2006-11-28 13:26:49.000000000 -0600
> @@ -395,8 +395,13 @@ struct xfrm_audit
>  	uid_t	loginuid;
>  	u32	secid;
>  };
> -void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> +
> +#ifdef CONFIG_AUDITSYSCALL
> +extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
>  		    struct xfrm_policy *xp, struct xfrm_state *x);
> +#else
> +#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
> +#endif /* CONFIG_AUDITSYSCALL */
>  
>  static inline void xfrm_pol_hold(struct xfrm_policy *policy)
>  {

This chunk failed to apply.  I believe it is a while space problem with
the second line vs what you sent in the original patch.  But I'm not
sure.

Chunk 2 had some fuzz, which may have been a result of being in the RHEL
kernel rather thanupstream.

> diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
> --- linux-2.6.18-patch/net/xfrm/xfrm_state.c	2006-11-27 12:29:33.000000000 -0600
> +++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c	2006-11-28 12:58:56.000000000 -0600
> @@ -407,7 +407,6 @@ restart:
>  				xfrm_state_hold(x);
>  				spin_unlock_bh(&xfrm_state_lock);
>  
> -				xfrm_state_delete(x);
>  				err = xfrm_state_delete(x);
>  				xfrm_audit_log(audit_info->loginuid,
>  					       audit_info->secid,
> 


what is this?  Going back to: [PATCH 1/1]:ipsec audit: additional change
when AUDITSYSCALL is off

I see:

@@ -298,7 +306,13 @@ restart:
                                xfrm_state_hold(x);
                                spin_unlock_bh(&xfrm_state_lock);
 
-                               xfrm_state_delete(x);
+                               err = xfrm_state_delete(x);
+
+                               xfrm_audit_log(audit_info->loginuid,
+                                              audit_info->secid, 
+                                              AUDIT_MAC_IPSEC_DELSA, 
+                                              err ? 0 : 1, NULL, x);
+
                                xfrm_state_put(x);

Looks like you are deleting a line you already deleted, you are missing
newlines, all sorts of things aren't right.

In any case your second patch doesn't apply on top of the first.  Can we
get a single complete patch against 2.6.20-net and get it sent to audit,
netdev, and make sure that jmorris, aviro, and dwmw2 at infradead.org are
cc'd as absolutely soon as possible?

-Eric


