[RFC] audit: allow audit_reusename to check kernel path
Paul Moore
paul at paul-moore.com
Wed May 27 13:23:46 UTC 2020
On Tue, May 26, 2020 at 8:37 PM Alexander Viro <aviro at redhat.com> wrote:
> On Tue, May 26, 2020 at 08:32:06AM -0400, Paul Moore wrote:
> > On Mon, May 25, 2020 at 3:22 AM Yiwen Gu <guyiwen at huawei.com> wrote:
> > > For now, we met a situation where the audit_reusename checking
> > > function returns the same filename structure for files sharing
> > > the same uptr. However, these files are different, and we are trying
> > > to open them in a loop where the names are loaded into the same address.
> > > Therefore, the function returns the same structure for different files.
> > > By the way, may I ask in what situation would the audit_list be kept
> > > across syscalls?
>
> Never. "reuse" is strictly within the same syscall, so e.g. -ESTALE
> retry logics doesn't have to worry about extra instances of struct
> filename.
I think there is something odd with the kernel that Yiwen Gu is
running; they posted a similar patch back in April (link below) and we
talked about it then. The patch didn't make sense in April and it
still doesn't make sense to me now.
If they can provide more information and a reproducer that works on a
kernel from Linus' tree we can take a look, but as things currently
stand I think this may be due to a wonky Android/Huawei kernel.
* https://lore.kernel.org/linux-audit/1587536907-63272-1-git-send-email-guyiwen@huawei.com
> > What kernel are you using? Is this an Android kernel?
> >
> > Do you have a reproducer you can share?
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list