[RFC PATCH] audit: use current whenever possible

Paul Moore paul at paul-moore.com
Mon Jul 23 21:24:23 UTC 2018 

On Mon, Jul 23, 2018 at 3:40 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2018-07-20 18:17, Paul Moore wrote:
> > There are many places, notably audit_log_task_info() and
> > audit_log_exit(), that take task_struct pointers but in reality they
> > are always working on the current task.  This patch eliminates the
> > task_struct arguments and uses current directly which allows a number
> > of cleanups as well.
>
> I came across and removed a several in the audit task struct cleanup,
> but it looks like you've rebased over those and caught a few more.

I just based this patch against audit/next to make life easier.  Since
the earliest it would possibly go into the audit tree would be after
the next merge window it will likely get rebased/merged again.  If
there is another patch that does some of this work and gets merged
first, awesome, if not, that's fine too.

> I'm fine with delaying setting task's context to NULL for
> __audit_free().

Yeah, it really shouldn't matter when it happens in __audit_free() as
we should be the only ones who are touching that task_struct at that
point in time.

> Why was the context originally taken for __audit_syscall_exit() and
> given back once the syscall event records have been issued?  Is there a
> possible race with something else?

That was a bit bizarre, wasn't it?  There shouldn't be a race
condition as the audit_context is private to the individual task and
at the point in time where __audit_syscall_exit() is being called we
shouldn't have to worry about other things hitting the task_struct.
If anything, this patch should actually make things better by not
setting the current->context to NULL at the start of
__audit_syscall_exit() only to reset it back to the original value at
the end (the audit_take_context() function, and it's relationship with
audit_log_exit() was ... odd ... and that is me being kind).

I'm chalking this up to "audit being audit" :/

> > Signed-off-by: Paul Moore <paul at paul-moore.com>
>
> Otherwise, this cleanup looks like a good simplification.
> Reviewed-by: Richard Guy Briggs <rgb at redhat.com>

Diffstats that remove more lines than they add always make me happy.

Thanks for taking a look.  It boots and passes our tests but I still
haven't convinced myself all those changes are correct.  I'll send a
note if/when it gets merged, but like I said that won't happen until
after the merge window closes as we are at -rc6 right now.

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list