From: Paul Moore <paul(a)paul-moore.com&gt; Commit 5b52330bbfe6 ("audit: fix auditd/kernel connection state tracking") make inlining audit_signal_info() a bit pointless as it was always calling into auditd_test_task() so let's move audit_signal_info() into audit.c and get rid of the explicit inline. Signed-off-by: Paul Moore <paul(a)paul-moore.com&gt; --- kernel/audit.c | 64 ++++++++++++++++++++++++++++++++++++++++++ kernel/audit.h | 31 +++++++++++++------- kernel/auditsc.c | 82 ------------------------------------------------------ 3 files changed, 84 insertions(+), 93 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2f4964cfde0b..757d1c8e6d7a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2315,6 +2315,70 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, } } +/** + * audit_signal_info - record signal info for shutting down audit subsystem + * @sig: signal value + * @t: task being signaled + * + * If the audit subsystem is being terminated, record the task (pid) + * and uid that is doing that. + */ +int audit_signal_info(int sig, struct task_struct *t) +{ + struct audit_aux_data_pids *axp; + struct task_struct *tsk = current; + struct audit_context *ctx = tsk->audit_context; + kuid_t uid = current_uid(), t_uid = task_uid(t); + + if (auditd_test_task(t) && + (sig == SIGTERM || sig == SIGHUP || + sig == SIGUSR1 || sig == SIGUSR2)) { + audit_sig_pid = task_tgid_nr(tsk); + if (uid_valid(tsk->loginuid)) + audit_sig_uid = tsk->loginuid; + else + audit_sig_uid = uid; + security_task_getsecid(tsk, &audit_sig_sid); + } + + if (!audit_signals || audit_dummy_context()) + return 0; + + /* optimize the common case by putting first signal recipient directly + * in audit_context */ + if (!ctx->target_pid) { + ctx->target_pid = task_tgid_nr(t); + ctx->target_auid = audit_get_loginuid(t); + ctx->target_uid = t_uid; + ctx->target_sessionid = audit_get_sessionid(t); + security_task_getsecid(t, &ctx->target_sid); + memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); + return 0; + } + + axp = (void *)ctx->aux_pids; + if (!axp || axp->pid_count == AUDIT_AUX_PIDS) { + axp = kzalloc(sizeof(*axp), GFP_ATOMIC); + if (!axp) + return -ENOMEM; + + axp->d.type = AUDIT_OBJ_PID; + axp->d.next = ctx->aux_pids; + ctx->aux_pids = (void *)axp; + } + BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); + + axp->target_pid[axp->pid_count] = task_tgid_nr(t); + axp->target_auid[axp->pid_count] = audit_get_loginuid(t); + axp->target_uid[axp->pid_count] = t_uid; + axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); + security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); + axp->pid_count++; + + return 0; +} + #ifdef CONFIG_SECURITY /** * audit_log_secctx - Converts and logs SELinux context diff --git a/kernel/audit.h b/kernel/audit.h index 0f1cf6d1878a..08052d803c06 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -207,6 +207,25 @@ struct audit_context { struct audit_proctitle proctitle; }; +struct audit_aux_data { + struct audit_aux_data *next; + int type; +}; + +/* Number of target pids per aux struct. */ +#define AUDIT_AUX_PIDS 16 + +struct audit_aux_data_pids { + struct audit_aux_data d; + pid_t target_pid[AUDIT_AUX_PIDS]; + kuid_t target_auid[AUDIT_AUX_PIDS]; + kuid_t target_uid[AUDIT_AUX_PIDS]; + unsigned int target_sessionid[AUDIT_AUX_PIDS]; + u32 target_sid[AUDIT_AUX_PIDS]; + char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; + int pid_count; +}; + extern u32 audit_ever_enabled; extern void audit_copy_inode(struct audit_names *name, @@ -326,20 +345,10 @@ extern void audit_kill_trees(struct list_head *); extern char *audit_unpack_string(void **, size_t *, size_t); -extern pid_t audit_sig_pid; -extern kuid_t audit_sig_uid; -extern u32 audit_sig_sid; - extern int audit_filter(int msgtype, unsigned int listtype); #ifdef CONFIG_AUDITSYSCALL -extern int __audit_signal_info(int sig, struct task_struct *t); -static inline int audit_signal_info(int sig, struct task_struct *t) -{ - if (auditd_test_task(t) || (audit_signals && !audit_dummy_context())) - return __audit_signal_info(sig, t); - return 0; -} +extern int audit_signal_info(int sig, struct task_struct *t); extern void audit_filter_inodes(struct task_struct *, struct audit_context *); extern struct list_head *audit_killed_trees(void); #else diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e59ffc7fc522..54a8f5b10046 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -95,27 +95,8 @@ int audit_n_rules; /* determines whether we collect data for signals sent */ int audit_signals; -struct audit_aux_data { - struct audit_aux_data *next; - int type; -}; - #define AUDIT_AUX_IPCPERM 0 -/* Number of target pids per aux struct. */ -#define AUDIT_AUX_PIDS 16 - -struct audit_aux_data_pids { - struct audit_aux_data d; - pid_t target_pid[AUDIT_AUX_PIDS]; - kuid_t target_auid[AUDIT_AUX_PIDS]; - kuid_t target_uid[AUDIT_AUX_PIDS]; - unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; - char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; - int pid_count; -}; - struct audit_aux_data_bprm_fcaps { struct audit_aux_data d; struct audit_cap_data fcap; @@ -2242,69 +2223,6 @@ void __audit_ptrace(struct task_struct *t) } /** - * audit_signal_info - record signal info for shutting down audit subsystem - * @sig: signal value - * @t: task being signaled - * - * If the audit subsystem is being terminated, record the task (pid) - * and uid that is doing that. - */ -int __audit_signal_info(int sig, struct task_struct *t) -{ - struct audit_aux_data_pids *axp; - struct task_struct *tsk = current; - struct audit_context *ctx = tsk->audit_context; - kuid_t uid = current_uid(), t_uid = task_uid(t); - - if (auditd_test_task(t)) { - if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { - audit_sig_pid = task_tgid_nr(tsk); - if (uid_valid(tsk->loginuid)) - audit_sig_uid = tsk->loginuid; - else - audit_sig_uid = uid; - security_task_getsecid(tsk, &audit_sig_sid); - } - if (!audit_signals || audit_dummy_context()) - return 0; - } - - /* optimize the common case by putting first signal recipient directly - * in audit_context */ - if (!ctx->target_pid) { - ctx->target_pid = task_tgid_nr(t); - ctx->target_auid = audit_get_loginuid(t); - ctx->target_uid = t_uid; - ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid(t, &ctx->target_sid); - memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); - return 0; - } - - axp = (void *)ctx->aux_pids; - if (!axp || axp->pid_count == AUDIT_AUX_PIDS) { - axp = kzalloc(sizeof(*axp), GFP_ATOMIC); - if (!axp) - return -ENOMEM; - - axp->d.type = AUDIT_OBJ_PID; - axp->d.next = ctx->aux_pids; - ctx->aux_pids = (void *)axp; - } - BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); - - axp->target_pid[axp->pid_count] = task_tgid_nr(t); - axp->target_auid[axp->pid_count] = audit_get_loginuid(t); - axp->target_uid[axp->pid_count] = t_uid; - axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid(t, &axp->target_sid[axp->pid_count]); - memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); - axp->pid_count++; - - return 0; -} - -/** * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps * @bprm: pointer to the bprm being processed * @new: the proposed new credentials