Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values

From: Paul Moore
Date: Tue Aug 04 2015 - 18:34:33 EST


On Saturday, August 01, 2015 03:42:23 PM Richard Guy Briggs wrote:
> Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> ---
> include/uapi/linux/audit.h | 2 ++
> kernel/audit.c | 2 +-
> kernel/audit_watch.c | 8 ++++----
> kernel/auditsc.c | 6 +++---
> 4 files changed, 10 insertions(+), 8 deletions(-)

Yipee, less magic numbers!

However, one question for you ... are we ever going to see a device or inode
set to -1 in the userspace facing API? In other words, should the new
#defines go in the uapi headers or simply in kernel/audit.h? Unless it is
part of the API, let's leave it out of uapi as we have to be very careful
about that stuff and I'd prefer to keep it minimal.

Also, if we can put the #defines in kernel/audit.h we can use the proper type
for AUDIT_DEV_UNSET which would make me happy.

> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index d3475e1..971df22 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -440,6 +440,8 @@ struct audit_tty_status {
> };
>
> #define AUDIT_UID_UNSET (unsigned int)-1
> +#define AUDIT_INO_UNSET (unsigned long)-1
> +#define AUDIT_DEV_UNSET (unsigned)-1
>
> /* audit_rule_data supports filter rules with both integer and string
> * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 1c13e42..d546003 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1761,7 +1761,7 @@ void audit_log_name(struct audit_context *context,
> struct audit_names *n, } else
> audit_log_format(ab, " name=(null)");
>
> - if (n->ino != (unsigned long)-1)
> + if (n->ino != AUDIT_INO_UNSET)
> audit_log_format(ab, " inode=%lu"
> " dev=%02x:%02x mode=%#ho"
> " ouid=%u ogid=%u rdev=%02x:%02x",
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index 8f123d7..c668bfc 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -138,7 +138,7 @@ char *audit_watch_path(struct audit_watch *watch)
>
> int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t
> dev) {
> - return (watch->ino != (unsigned long)-1) &&
> + return (watch->ino != AUDIT_INO_UNSET) &&
> (watch->ino == ino) &&
> (watch->dev == dev);
> }
> @@ -179,8 +179,8 @@ static struct audit_watch *audit_init_watch(char *path)
> INIT_LIST_HEAD(&watch->rules);
> atomic_set(&watch->count, 1);
> watch->path = path;
> - watch->dev = (dev_t)-1;
> - watch->ino = (unsigned long)-1;
> + watch->dev = AUDIT_DEV_UNSET;
> + watch->ino = AUDIT_INO_UNSET;
>
> return watch;
> }
> @@ -493,7 +493,7 @@ static int audit_watch_handle_event(struct
> fsnotify_group *group, if (mask & (FS_CREATE|FS_MOVED_TO) && inode)
> audit_update_watch(parent, dname, inode->i_sb->s_dev, inode->i_ino, 0);
> else if (mask & (FS_DELETE|FS_MOVED_FROM))
> - audit_update_watch(parent, dname, (dev_t)-1, (unsigned long)-1, 1);
> + audit_update_watch(parent, dname, AUDIT_DEV_UNSET, AUDIT_INO_UNSET, 1);
> else if (mask & (FS_DELETE_SELF|FS_UNMOUNT|FS_MOVE_SELF))
> audit_remove_parent_watches(parent);
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9fb9d1c..701ea5c 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -180,7 +180,7 @@ static int audit_match_filetype(struct audit_context
> *ctx, int val) return 0;
>
> list_for_each_entry(n, &ctx->names_list, list) {
> - if ((n->ino != -1) &&
> + if ((n->ino != AUDIT_INO_UNSET) &&
> ((n->mode & S_IFMT) == mode))
> return 1;
> }
> @@ -1683,7 +1683,7 @@ static struct audit_names *audit_alloc_name(struct
> audit_context *context, aname->should_free = true;
> }
>
> - aname->ino = (unsigned long)-1;
> + aname->ino = AUDIT_INO_UNSET;
> aname->type = type;
> list_add_tail(&aname->list, &context->names_list);
>
> @@ -1925,7 +1925,7 @@ void __audit_inode_child(const struct inode *parent,
> if (inode)
> audit_copy_inode(found_child, dentry, inode);
> else
> - found_child->ino = (unsigned long)-1;
> + found_child->ino = AUDIT_INO_UNSET;
> }
> EXPORT_SYMBOL_GPL(__audit_inode_child);

--
paul moore
security @ redhat

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/