[Top] [All Lists]

Re: [PATCH -v2] Audit: push audit success and retcode into arch p

To: Eric Paris <>
Subject: Re: [PATCH -v2] Audit: push audit success and retcode into arch ptrace.h
From: Oleg Nesterov <>
Date: Wed, 8 Jun 2011 21:19:10 +0200
In-reply-to: <>
References: <> <> <1307472796.2052.12.camel@localhost.localdomain> <> <1307556823.2577.5.camel@localhost.localdomain> <>
User-agent: Mutt/1.5.18 (2008-05-17)
On 06/08, Oleg Nesterov wrote:
> OK. Thanks a lot Eric for your explanations.

Yes. but may I ask another one?

Shouldn't copy_process()->audit_alloc(tsk) path do
clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT) if it doesn't
set tsk->audit_context?

I can be easily wrong, but afaics otherwise the child can run
with TIF_SYSCALL_AUDIT bit copied from parent's thread_info by
dup_task_struct()->setup_thread_stack() and without ->audit_context,
right? For what?

Any other reason why audit_syscall_entry() checks context != NULL?

IOW. Any reason the patch below is wrong?

I am just curious, thanks.


--- x/kernel/auditsc.c
+++ x/kernel/auditsc.c
@@ -885,6 +885,8 @@ int audit_alloc(struct task_struct *tsk)
        if (likely(!audit_ever_enabled))
                return 0; /* Return if not auditing. */
+       clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
        state = audit_filter_task(tsk, &key);
        if (likely(state == AUDIT_DISABLED))
                return 0;
@@ -1591,9 +1593,7 @@ void audit_syscall_entry(int arch, int m
        struct audit_context *context = tsk->audit_context;
        enum audit_state     state;
-       if (unlikely(!context))
-               return;
+       BUG_ON(!context);
         * This happens only on certain architectures that make system
         * calls in kernel_thread via the entry.S interface, instead of

<Prev in Thread] Current Thread [Next in Thread>