From: Richard Guy Briggs <[email protected]>
To: Paul Moore <[email protected]>
Cc: Linux-Audit Mailing List <[email protected]>,
LKML <[email protected]>,
[email protected], Eric Paris <[email protected]>,
Steve Grubb <[email protected]>,
Christian Brauner <[email protected]>,
Stefan Roesch <[email protected]>
Subject: Re: [PATCH v2] io_uring,audit: don't log IORING_OP_MADVISE
Date: Thu, 9 Feb 2023 16:53:12 -0500 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAHC9VhS0rPfkwUT1WMfqsTF-qYXdbbhHAfVPs=d3ZQVgbXBHnw@mail.gmail.com>
On 2023-02-01 16:18, Paul Moore wrote:
> On Wed, Feb 1, 2023 at 3:34 PM Richard Guy Briggs <[email protected]> wrote:
> > fadvise and madvise both provide hints for caching or access pattern for
> > file and memory respectively. Skip them.
>
> You forgot to update the first sentence in the commit description :/
I didn't forget. I updated that sentence to reflect the fact that the
two should be treated similarly rather than differently.
> I'm still looking for some type of statement that you've done some
> homework on the IORING_OP_MADVISE case to ensure that it doesn't end
> up calling into the LSM, see my previous emails on this. I need more
> than "Steve told me to do this".
>
> I basically just want to see that some care and thought has gone into
> this patch to verify it is correct and good.
Steve suggested I look into a number of iouring ops. I looked at the
description code and agreed that it wasn't necessary to audit madvise.
The rationale for fadvise was detemined to have been conflated with
fallocate and subsequently dropped. Steve also suggested a number of
others and after investigation I decided that their current state was
correct. *getxattr you've advised against, so it was dropped. It
appears fewer modifications were necessary than originally suspected.
> > Fixes: 5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
> > Signed-off-by: Richard Guy Briggs <[email protected]>
> > ---
> > changelog
> > v2:
> > - drop *GETXATTR patch
> > - drop FADVISE hunk
> >
> > io_uring/opdef.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/io_uring/opdef.c b/io_uring/opdef.c
> > index 3aa0d65c50e3..d3f36c633ceb 100644
> > --- a/io_uring/opdef.c
> > +++ b/io_uring/opdef.c
> > @@ -312,6 +312,7 @@ const struct io_op_def io_op_defs[] = {
> > .issue = io_fadvise,
> > },
> > [IORING_OP_MADVISE] = {
> > + .audit_skip = 1,
> > .name = "MADVISE",
> > .prep = io_madvise_prep,
> > .issue = io_madvise,
> > --
> > 2.27.0
>
> --
> paul-moore.com
>
- RGB
--
Richard Guy Briggs <[email protected]>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
next prev parent reply other threads:[~2023-02-09 21:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 20:33 [PATCH v2] io_uring,audit: don't log IORING_OP_MADVISE Richard Guy Briggs
2023-02-01 21:18 ` Paul Moore
2023-02-09 21:53 ` Richard Guy Briggs [this message]
2023-02-09 22:37 ` Paul Moore
2023-02-09 22:54 ` Steve Grubb
2023-02-10 0:15 ` Jens Axboe
2023-02-10 15:39 ` Paul Moore
2023-02-10 16:00 ` Jens Axboe
2023-02-10 16:52 ` Paul Moore
2023-02-10 16:58 ` Jens Axboe
2023-02-10 22:00 ` Richard Guy Briggs
2023-02-10 22:59 ` Paul Moore
2023-02-10 23:01 ` Jens Axboe
2023-02-10 15:33 ` Paul Moore
2023-02-10 1:31 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox