lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <5d3a6285b9302c3f579e15b589603eb2347ee5c8.1439036885.git.rgb@redhat.com>
Date:	Sat,  8 Aug 2015 10:23:48 -0400
From:	Richard Guy Briggs <rgb@...hat.com>
To:	linux-audit@...hat.com, linux-kernel@...r.kernel.org
Cc:	Richard Guy Briggs <rgb@...hat.com>, sgrubb@...hat.com,
	pmoore@...hat.com, eparis@...hat.com, peter@...3.com
Subject: [PATCH V10] fixup! audit: add audit by children of executable path

Adding "C=1 CF=-D__CHECK_ENDIAN__" to enable sparse warnings identified a
warning with the
	[PATCH V9 3/3] audit: add audit by children of executable path
patch posted a couple of days ago (and just re-posted due to another fix):

kernel/auditsc.c:476:46: warning: dereference of noderef expression
kernel/auditsc.c:477:61: warning: dereference of noderef expression

task_struct->parent requires RCU locking for access.  This fix resolves the two
warnings.

This patch should be merged with the patch it fixes once the fix is confirmed
to be the correct approach since the original patch hasn't been accepted yet.

Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
---
My hesitation is that the rcu lock scope is too broad.  If the loop were
re-structured to hold the rcu_read_lock() and call rcu_dereference() once per
iteration, would lock release and retake action cause more overhead?

 kernel/auditsc.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e1f0da2..3ed043d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -473,13 +473,16 @@ static int audit_filter_rules(struct task_struct *tsk,
 		{
 			struct task_struct *ptsk;
 
-			for (ptsk = tsk; ptsk->parent->pid > 0;
-			     ptsk = find_task_by_pid_ns(ptsk->parent->pid, &init_pid_ns)) {
+			rcu_read_lock();
+			for (ptsk = tsk; rcu_dereference(ptsk->parent)->pid > 0;
+			     ptsk = find_task_by_pid_ns(rcu_dereference(ptsk->parent)->pid
+							, &init_pid_ns)) {
 				if (audit_exe_compare(ptsk, rule->exe)) {
 					++result;
 					break;
 				}
 			}
+			rcu_read_unlock();
 		}
 			break;
 		case AUDIT_UID:
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ