Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v3.7-rc3 2012-10-13T00:15:09Z 2012-10-13T00:15:09Z Jeff Layton jlayton@redhat.com 2012-10-10T20:43:13Z urn:sha1:adb5c2473d3f91526c79db972aafb20a56d3fbb3 Keep a pointer to the audit_names "slot" in struct filename. Have all of the audit_inode callers pass a struct filename ponter to audit_inode instead of a string pointer. If the aname field is already populated, then we can skip walking the list altogether and just use it directly. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-13T00:15:08Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:28Z urn:sha1:7ac86265dc8f665cc49d6e60a125e608cd2fca14 Currently, if we call getname() on a userland string more than once, we'll get multiple copies of the string and multiple audit_names records. Add a function that will allow the audit_names code to satisfy getname requests using info from the audit_names list, avoiding a new allocation and audit_names records. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-13T00:14:55Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:28Z urn:sha1:91a27b2a756784714e924e5e854b919273082d26 getname() is intended to copy pathname strings from userspace into a kernel buffer. The result is just a string in kernel space. It would however be quite helpful to be able to attach some ancillary info to the string. For instance, we could attach some audit-related info to reduce the amount of audit-related processing needed. When auditing is enabled, we could also call getname() on the string more than once and not need to recopy it from userspace. This patchset converts the getname()/putname() interfaces to return a struct instead of a string. For now, the struct just tracks the string in kernel space and the original userland pointer for it. Later, we'll add other information to the struct as it becomes convenient. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:03Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:25Z urn:sha1:4fa6b5ecbf092c6ee752ece8a55d71f663d23254 In order to accomodate retrying path-based syscalls, we need to add a new "type" argument to audit_inode_child. This will tell us whether we're looking for a child entry that represents a create or a delete. If we find a parent, don't automatically assume that we need to create a new entry. Instead, use the information we have to try to find an existing entry first. Update it if one is found and create a new one if not. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:02Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:25Z urn:sha1:e3d6b07b8ba161f638b026feba0c3c97875d7f1c In the cases where we already know the length of the parent, pass it as a parm so we don't need to recompute it. In the cases where we don't know the length, pass in AUDIT_NAME_FULL (-1) to indicate that it should be determined. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:01Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:24Z urn:sha1:563a0d1236c2c58d584ef122a5cdc9930e5860b3 All the callers set this to NULL now. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:01Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:23Z urn:sha1:bfcec7087458812f575d9022b2d151641f34ee84 Currently, this gets set mostly by happenstance when we call into audit_inode_child. While that might be a little more efficient, it seems wrong. If the syscall ends up failing before audit_inode_child ever gets called, then you'll have an audit_names record that shows the full path but has the parent inode info attached. Fix this by passing in a parent flag when we call audit_inode that gets set to the value of LOOKUP_PARENT. We can then fix up the pathname for the audit entry correctly from the get-go. While we're at it, clean up the no-op macro for audit_inode in the !CONFIG_AUDITSYSCALL case. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:00Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:22Z urn:sha1:78e2e802a8519031e5858595070b39713e26340d For now, we just have two possibilities: UNKNOWN: for a new audit_names record that we don't know anything about yet NORMAL: for everything else In later patches, we'll add other types so we can distinguish and update records created under different circumstances. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:00Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:21Z urn:sha1:c43a25abba97c7d87131e71db6be24b24d7791a5 Most of the callers get called with an inode and dentry in the reverse order. The compiler then has to reshuffle the arg registers and/or stack in order to pass them on to audit_inode_child. Reverse those arguments for a micro-optimization. Reported-by: Eric Paris <eparis@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:31:59Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:21Z urn:sha1:9cec9d68ae53aae60b4a1fca4505c75a1d026392 If name is NULL then the condition in the loop will never be true. Also, with this change, we can eliminate the check for n->name == NULL since the equivalence check will never be true if it is. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>