Re: [PATCH ghak90 V9 01/13] audit: collect audit task parameters

On 2020-07-05 11:09, Paul Moore wrote: > On Sat, Jun 27, 2020 at 9:21 AM Richard Guy Briggs <rgb(a)redhat.com&gt; wrote: > > > > The audit-related parameters in struct task_struct should ideally be > > collected together and accessed through a standard audit API. > > > > Collect the existing loginuid, sessionid and audit_context together in a > > new struct audit_task_info called "audit" in struct task_struct. > > > > Use kmem_cache to manage this pool of memory. > > Un-inline audit_free() to be able to always recover that memory. > > > > Please see the upstream github issue > > https://github.com/linux-audit/audit-kernel/issues/81 > > > > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; > > Acked-by: Neil Horman <nhorman(a)tuxdriver.com&gt; > > Reviewed-by: Ondrej Mosnacek <omosnace(a)redhat.com&gt; > > --- > > include/linux/audit.h | 49 +++++++++++++++++++++++------------ > > include/linux/sched.h | 7 +---- > > init/init_task.c | 3 +-- > > init/main.c | 2 ++ > > kernel/audit.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++-- > > kernel/audit.h | 5 ++++ > > kernel/auditsc.c | 26 ++++++++++--------- > > kernel/fork.c | 1 - > > 8 files changed, 124 insertions(+), 40 deletions(-) > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index 3fcd9ee49734..c2150415f9df 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -100,6 +100,16 @@ enum audit_nfcfgop { > > AUDIT_XT_OP_UNREGISTER, > > }; > > > > +struct audit_task_info { > > + kuid_t loginuid; > > + unsigned int sessionid; > > +#ifdef CONFIG_AUDITSYSCALL > > + struct audit_context *ctx; > > +#endif > > +}; > > + > > +extern struct audit_task_info init_struct_audit; > > + > > extern int is_audit_feature_set(int which); > > > > extern int __init audit_register_class(int class, unsigned *list); > > ... > > > diff --git a/include/linux/sched.h b/include/linux/sched.h > > index b62e6aaf28f0..2213ac670386 100644 > > --- a/include/linux/sched.h > > +++ b/include/linux/sched.h > > @@ -34,7 +34,6 @@ > > #include <linux/kcsan.h> > > > > /* task_struct member predeclarations (sorted alphabetically): */ > > -struct audit_context; > > struct backing_dev_info; > > struct bio_list; > > struct blk_plug; > > @@ -946,11 +945,7 @@ struct task_struct { > > struct callback_head *task_works; > > > > #ifdef CONFIG_AUDIT > > -#ifdef CONFIG_AUDITSYSCALL > > - struct audit_context *audit_context; > > -#endif > > - kuid_t loginuid; > > - unsigned int sessionid; > > + struct audit_task_info *audit; > > #endif > > struct seccomp seccomp; > > In the early days of this patchset we talked a lot about how to handle > the task_struct and the changes that would be necessary, ultimately > deciding that encapsulating all of the audit fields into an > audit_task_info struct. However, what is puzzling me a bit at this > moment is why we are only including audit_task_info in task_info by > reference *and* making it a build time conditional (via CONFIG_AUDIT). > > If audit is enabled at build time it would seem that we are always > going to allocate an audit_task_info struct, so I have to wonder why > we don't simply embed it inside the task_info struct (similar to the > seccomp struct in the snippet above? Of course the audit_context > struct needs to remain as is, I'm talking only about the > task_info/audit_task_info struct. I agree that including the audit_task_info struct in the struct task_struct would have been preferred to simplify allocation and free, but the reason it was included by reference instead was to make the task_struct size independent of audit so that future changes would not cause as many kABI challenges. This first change will cause kABI challenges regardless, but it was future ones that we were trying to ease. Does that match with your recollection?

From an upstream perspective, I think embedding the audit_task_info

> Richard, I'm sure you can answer this off the top of your head, but > I'd have to go digging through the archives to pull out the relevant > discussions so I figured I would just ask you for a reminder ... ? I > imagine it's also possible things have changed a bit since those early > discussions and the solution we arrived at then no longer makes as > much sense as it did before. Agreed, it doesn't make as much sense now as it did when proposed, but will make more sense in the future depending on when this change gets accepted upstream. This is why I wanted this patch to go through as part of ghak81 at the time the rest of it did so that future kABI issues would be easier to handle, but that ship has long sailed.

I didn't make that argument then and I regret it now that I realize and recall some of the thinking behind the change. Your reasons at the time were that contid was the only user of that change but there have been some CONFIG_AUDIT and CONFIG_AUDITSYSCALL changes since that were related.

> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 468a23390457..f00c1da587ea 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -1612,7 +1615,6 @@ void __audit_free(struct task_struct *tsk) > > if (context->current_state == AUDIT_RECORD_CONTEXT) > > audit_log_exit(); > > } > > - > > audit_set_context(tsk, NULL); > > audit_free_context(context); > > } > > This nitpick is barely worth the time it is taking me to write this, > but the whitespace change above isn't strictly necessary. Sure, it is a harmless but noisy cleanup when the function was being cleaned up and renamed. It wasn't an accident, but a style preference. Do you prefer a vertical space before cleanup actions at the end of functions and more versus less vertical whitespace in general?