[RFC PATCH] audit: use current whenever possible
Paul Moore
paul at paul-moore.com
Mon Jul 23 21:24:23 UTC 2018
On Mon, Jul 23, 2018 at 3:40 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2018-07-20 18:17, Paul Moore wrote:
> > There are many places, notably audit_log_task_info() and
> > audit_log_exit(), that take task_struct pointers but in reality they
> > are always working on the current task. This patch eliminates the
> > task_struct arguments and uses current directly which allows a number
> > of cleanups as well.
>
> I came across and removed a several in the audit task struct cleanup,
> but it looks like you've rebased over those and caught a few more.
I just based this patch against audit/next to make life easier. Since
the earliest it would possibly go into the audit tree would be after
the next merge window it will likely get rebased/merged again. If
there is another patch that does some of this work and gets merged
first, awesome, if not, that's fine too.
> I'm fine with delaying setting task's context to NULL for
> __audit_free().
Yeah, it really shouldn't matter when it happens in __audit_free() as
we should be the only ones who are touching that task_struct at that
point in time.
> Why was the context originally taken for __audit_syscall_exit() and
> given back once the syscall event records have been issued? Is there a
> possible race with something else?
That was a bit bizarre, wasn't it? There shouldn't be a race
condition as the audit_context is private to the individual task and
at the point in time where __audit_syscall_exit() is being called we
shouldn't have to worry about other things hitting the task_struct.
If anything, this patch should actually make things better by not
setting the current->context to NULL at the start of
__audit_syscall_exit() only to reset it back to the original value at
the end (the audit_take_context() function, and it's relationship with
audit_log_exit() was ... odd ... and that is me being kind).
I'm chalking this up to "audit being audit" :/
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
>
> Otherwise, this cleanup looks like a good simplification.
> Reviewed-by: Richard Guy Briggs <rgb at redhat.com>
Diffstats that remove more lines than they add always make me happy.
Thanks for taking a look. It boots and passes our tests but I still
haven't convinced myself all those changes are correct. I'll send a
note if/when it gets merged, but like I said that won't happen until
after the merge window closes as we are at -rc6 right now.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list