+ task-watchers-register-audit-task-watcher.patch added to -mm tree

Monday, 19 June 2006

The patch titled

     Task watchers: register audit task watcher

has been added to the -mm tree.  Its filename is

     task-watchers-register-audit-task-watcher.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: Task watchers: register audit task watcher
From: Matt Helsley <matthltc(a)us.ibm.com&gt;


Adapt audit to use task watchers.

Signed-off-by: Matt Helsley <matthltc(a)us.ibm.com&gt;
Cc: David Woodhouse <dwmw2(a)infradead.org&gt;
Cc: <linux-audit(a)redhat.com&gt;
Signed-off-by: Andrew Morton <akpm(a)osdl.org&gt;
---

 kernel/audit.c |   25 ++++++++++++++++++++++++-
 kernel/exit.c  |    3 ---
 kernel/fork.c  |    7 +------
 3 files changed, 25 insertions(+), 10 deletions(-)

diff -puN kernel/audit.c~task-watchers-register-audit-task-watcher kernel/audit.c

--- a/kernel/audit.c~task-watchers-register-audit-task-watcher
+++ a/kernel/audit.c
@@ -48,6 +48,7 @@
 #include <linux/module.h>
 #include <linux/err.h>
 #include <linux/kthread.h>
+#include <linux/notifier.h>
 
 #include <linux/audit.h>
 
@@ -66,6 +67,26 @@ static int	audit_initialized;
 /* No syscall auditing will take place unless audit_enabled != 0. */
 int		audit_enabled;
 
+static int audit_task(struct notifier_block *nb, unsigned long val, void *t)
+{
+	struct task_struct *tsk = t;
+
+	switch(get_watch_event(val)) {
+	case WATCH_TASK_INIT:
+		/* Hack: -EFOO sets NOTIFY_STOP_MASK */
+		return audit_alloc(tsk);
+	case WATCH_TASK_FREE:
+		if (unlikely(tsk->audit_context))
+			audit_free(tsk);
+	default:
+		return NOTIFY_DONE;
+	}
+}
+
+static struct notifier_block __read_mostly audit_watch_tasks_nb = {
+	.notifier_call = audit_task,
+};
+
 /* Default state when kernel boots without any parameters. */
 static int	audit_default;
 
@@ -709,8 +730,10 @@ static int __init audit_enable(char *str
 	printk(KERN_INFO "audit: %s%s\n",
 	       audit_default ? "enabled" : "disabled",
 	       audit_initialized ? "" : " (after initialization)");
-	if (audit_initialized)
+	if (audit_initialized) {
 		audit_enabled = audit_default;
+		register_task_watcher(&audit_watch_tasks_nb);
+	}
 	return 1;
 }
 
diff -puN kernel/exit.c~task-watchers-register-audit-task-watcher kernel/exit.c
--- a/kernel/exit.c~task-watchers-register-audit-task-watcher
+++ a/kernel/exit.c
@@ -37,7 +37,6 @@
 #include <linux/futex.h>
 #include <linux/compat.h>
 #include <linux/pipe_fs_i.h>
-#include <linux/audit.h> /* for audit_free() */
 #include <linux/resource.h>
 #include <linux/notifier.h>
 
@@ -908,8 +907,6 @@ fastcall NORET_TYPE void do_exit(long co
 	if (unlikely(tsk->compat_robust_list))
 		compat_exit_robust_list(tsk);
 #endif
-	if (unlikely(tsk->audit_context))
-		audit_free(tsk);
 	tsk->exit_code = code;
 	taskstats_exit_send(tsk, tidstats, tgidstats);
 	taskstats_exit_free(tidstats, tgidstats);
diff -puN kernel/fork.c~task-watchers-register-audit-task-watcher kernel/fork.c
--- a/kernel/fork.c~task-watchers-register-audit-task-watcher
+++ a/kernel/fork.c
@@ -40,7 +40,6 @@
 #include <linux/rcupdate.h>
 #include <linux/ptrace.h>
 #include <linux/mount.h>
-#include <linux/audit.h>
 #include <linux/profile.h>
 #include <linux/rmap.h>
 #include <linux/acct.h>
@@ -1067,11 +1066,9 @@ static task_t *copy_process(unsigned lon
 
 	if ((retval = security_task_alloc(p)))
 		goto bad_fork_cleanup_policy;
-	if ((retval = audit_alloc(p)))
-		goto bad_fork_cleanup_security;
 	/* copy all the process information */
 	if ((retval = copy_semundo(clone_flags, p)))
-		goto bad_fork_cleanup_audit;
+		goto bad_fork_cleanup_security;
 	if ((retval = copy_files(clone_flags, p)))
 		goto bad_fork_cleanup_semundo;
 	if ((retval = copy_fs(clone_flags, p)))
@@ -1249,8 +1246,6 @@ bad_fork_cleanup_files:
 	exit_files(p); /* blocking */
 bad_fork_cleanup_semundo:
 	exit_sem(p);
-bad_fork_cleanup_audit:
-	audit_free(p);
 bad_fork_cleanup_security:
 	security_task_free(p);
 	notify_result = notify_watchers(WATCH_TASK_FREE, p);
_

Patches currently in -mm which might be from matthltc(a)us.ibm.com are

process-events-header-cleanup.patch
process-events-license-change.patch
remove-unecessary-null-check-in-kernel-acctc.patch
mark-profile-notifier-blocks-__read_mostly.patch
task-watchers-task-watchers.patch
task-watchers-task-watchers-tidy.patch
task-watchers-register-process-events-task-watcher.patch
task-watchers-refactor-process-events.patch
task-watchers-make-process-events-configurable-as.patch
task-watchers-allow-task-watchers-to-block.patch
task-watchers-register-audit-task-watcher.patch
task-watchers-register-per-task-delay-accounting.patch
task-watchers-register-profile-as-a-task-watcher.patch
task-watchers-add-support-for-per-task-watchers.patch
task-watchers-register-semundo-task-watcher.patch
task-watchers-register-per-task-semundo-watcher.patch
ipc-replace-kmalloc-and-memset-in-get_undo_list-with-kzalloc.patch


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

+ task-watchers-register-audit-task-watcher.patch added to -mm tree