[RFC PATCH] audit: move audit_signal_info() into kernel/audit.c

Paul Moore pmoore at redhat.com
Wed Mar 29 21:11:46 UTC 2017 

From: Paul Moore <paul at paul-moore.com>

Commit 5b52330bbfe6 ("audit: fix auditd/kernel connection state
tracking") make inlining audit_signal_info() a bit pointless as
it was always calling into auditd_test_task() so let's move
audit_signal_info() into audit.c and get rid of the explicit inline.

Signed-off-by: Paul Moore <paul at paul-moore.com>
---
 kernel/audit.c   |   64 ++++++++++++++++++++++++++++++++++++++++++
 kernel/audit.h   |   31 +++++++++++++-------
 kernel/auditsc.c |   82 ------------------------------------------------------
 3 files changed, 84 insertions(+), 93 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 2f4964cfde0b..757d1c8e6d7a 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2315,6 +2315,70 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
 	}
 }
 
+/**
+ * audit_signal_info - record signal info for shutting down audit subsystem
+ * @sig: signal value
+ * @t: task being signaled
+ *
+ * If the audit subsystem is being terminated, record the task (pid)
+ * and uid that is doing that.
+ */
+int audit_signal_info(int sig, struct task_struct *t)
+{
+	struct audit_aux_data_pids *axp;
+	struct task_struct *tsk = current;
+	struct audit_context *ctx = tsk->audit_context;
+	kuid_t uid = current_uid(), t_uid = task_uid(t);
+
+	if (auditd_test_task(t) &&
+	    (sig == SIGTERM || sig == SIGHUP ||
+	     sig == SIGUSR1 || sig == SIGUSR2)) {
+		audit_sig_pid = task_tgid_nr(tsk);
+		if (uid_valid(tsk->loginuid))
+			audit_sig_uid = tsk->loginuid;
+		else
+			audit_sig_uid = uid;
+		security_task_getsecid(tsk, &audit_sig_sid);
+	}
+
+	if (!audit_signals || audit_dummy_context())
+		return 0;
+
+	/* optimize the common case by putting first signal recipient directly
+	 * in audit_context */
+	if (!ctx->target_pid) {
+		ctx->target_pid = task_tgid_nr(t);
+		ctx->target_auid = audit_get_loginuid(t);
+		ctx->target_uid = t_uid;
+		ctx->target_sessionid = audit_get_sessionid(t);
+		security_task_getsecid(t, &ctx->target_sid);
+		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
+		return 0;
+	}
+
+	axp = (void *)ctx->aux_pids;
+	if (!axp || axp->pid_count == AUDIT_AUX_PIDS) {
+		axp = kzalloc(sizeof(*axp), GFP_ATOMIC);
+		if (!axp)
+			return -ENOMEM;
+
+		axp->d.type = AUDIT_OBJ_PID;
+		axp->d.next = ctx->aux_pids;
+		ctx->aux_pids = (void *)axp;
+	}
+	BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS);
+
+	axp->target_pid[axp->pid_count] = task_tgid_nr(t);
+	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
+	axp->target_uid[axp->pid_count] = t_uid;
+	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
+	security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
+	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
+	axp->pid_count++;
+
+	return 0;
+}
+
 #ifdef CONFIG_SECURITY
 /**
  * audit_log_secctx - Converts and logs SELinux context
diff --git a/kernel/audit.h b/kernel/audit.h
index 0f1cf6d1878a..08052d803c06 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -207,6 +207,25 @@ struct audit_context {
 	struct audit_proctitle proctitle;
 };
 
+struct audit_aux_data {
+	struct audit_aux_data	*next;
+	int			type;
+};
+
+/* Number of target pids per aux struct. */
+#define AUDIT_AUX_PIDS	16
+
+struct audit_aux_data_pids {
+	struct audit_aux_data	d;
+	pid_t			target_pid[AUDIT_AUX_PIDS];
+	kuid_t			target_auid[AUDIT_AUX_PIDS];
+	kuid_t			target_uid[AUDIT_AUX_PIDS];
+	unsigned int		target_sessionid[AUDIT_AUX_PIDS];
+	u32			target_sid[AUDIT_AUX_PIDS];
+	char			target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
+	int			pid_count;
+};
+
 extern u32 audit_ever_enabled;
 
 extern void audit_copy_inode(struct audit_names *name,
@@ -326,20 +345,10 @@ extern void audit_kill_trees(struct list_head *);
 
 extern char *audit_unpack_string(void **, size_t *, size_t);
 
-extern pid_t audit_sig_pid;
-extern kuid_t audit_sig_uid;
-extern u32 audit_sig_sid;
-
 extern int audit_filter(int msgtype, unsigned int listtype);
 
 #ifdef CONFIG_AUDITSYSCALL
-extern int __audit_signal_info(int sig, struct task_struct *t);
-static inline int audit_signal_info(int sig, struct task_struct *t)
-{
-	if (auditd_test_task(t) || (audit_signals && !audit_dummy_context()))
-		return __audit_signal_info(sig, t);
-	return 0;
-}
+extern int audit_signal_info(int sig, struct task_struct *t);
 extern void audit_filter_inodes(struct task_struct *, struct audit_context *);
 extern struct list_head *audit_killed_trees(void);
 #else
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e59ffc7fc522..54a8f5b10046 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -95,27 +95,8 @@ int audit_n_rules;
 /* determines whether we collect data for signals sent */
 int audit_signals;
 
-struct audit_aux_data {
-	struct audit_aux_data	*next;
-	int			type;
-};
-
 #define AUDIT_AUX_IPCPERM	0
 
-/* Number of target pids per aux struct. */
-#define AUDIT_AUX_PIDS	16
-
-struct audit_aux_data_pids {
-	struct audit_aux_data	d;
-	pid_t			target_pid[AUDIT_AUX_PIDS];
-	kuid_t			target_auid[AUDIT_AUX_PIDS];
-	kuid_t			target_uid[AUDIT_AUX_PIDS];
-	unsigned int		target_sessionid[AUDIT_AUX_PIDS];
-	u32			target_sid[AUDIT_AUX_PIDS];
-	char 			target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
-	int			pid_count;
-};
-
 struct audit_aux_data_bprm_fcaps {
 	struct audit_aux_data	d;
 	struct audit_cap_data	fcap;
@@ -2242,69 +2223,6 @@ void __audit_ptrace(struct task_struct *t)
 }
 
 /**
- * audit_signal_info - record signal info for shutting down audit subsystem
- * @sig: signal value
- * @t: task being signaled
- *
- * If the audit subsystem is being terminated, record the task (pid)
- * and uid that is doing that.
- */
-int __audit_signal_info(int sig, struct task_struct *t)
-{
-	struct audit_aux_data_pids *axp;
-	struct task_struct *tsk = current;
-	struct audit_context *ctx = tsk->audit_context;
-	kuid_t uid = current_uid(), t_uid = task_uid(t);
-
-	if (auditd_test_task(t)) {
-		if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
-			audit_sig_pid = task_tgid_nr(tsk);
-			if (uid_valid(tsk->loginuid))
-				audit_sig_uid = tsk->loginuid;
-			else
-				audit_sig_uid = uid;
-			security_task_getsecid(tsk, &audit_sig_sid);
-		}
-		if (!audit_signals || audit_dummy_context())
-			return 0;
-	}
-
-	/* optimize the common case by putting first signal recipient directly
-	 * in audit_context */
-	if (!ctx->target_pid) {
-		ctx->target_pid = task_tgid_nr(t);
-		ctx->target_auid = audit_get_loginuid(t);
-		ctx->target_uid = t_uid;
-		ctx->target_sessionid = audit_get_sessionid(t);
-		security_task_getsecid(t, &ctx->target_sid);
-		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
-		return 0;
-	}
-
-	axp = (void *)ctx->aux_pids;
-	if (!axp || axp->pid_count == AUDIT_AUX_PIDS) {
-		axp = kzalloc(sizeof(*axp), GFP_ATOMIC);
-		if (!axp)
-			return -ENOMEM;
-
-		axp->d.type = AUDIT_OBJ_PID;
-		axp->d.next = ctx->aux_pids;
-		ctx->aux_pids = (void *)axp;
-	}
-	BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS);
-
-	axp->target_pid[axp->pid_count] = task_tgid_nr(t);
-	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
-	axp->target_uid[axp->pid_count] = t_uid;
-	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
-	security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
-	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
-	axp->pid_count++;
-
-	return 0;
-}
-
-/**
  * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps
  * @bprm: pointer to the bprm being processed
  * @new: the proposed new credentials

More information about the Linux-audit mailing list