From: Eric Paris <eparis@redhat.com> Subject: [RHEL 5.1 PATCH] BZ 228422 clean up xfrm_audit_log interface Date: Wed, 28 Mar 2007 13:44:31 -0400 Bugzilla: 228422 Message-Id: <1175103871.13618.90.camel@localhost.localdomain> Changelog: [net] clean up xfrm_audit_log interface BZ 228422 (and BZ 222033) Back for GA we (ok fine, I) rushed in a patch for xfrm_audit_log because it was causing a panic when re-establishing a timed out ipsec connection. The patch fixed that panic but was eventually rejected/rewritten upstream because it didn't fix the problem for all callers of the interface (it can be called from the key code as well as ipsec code). Upstream basically cleaned up the callers so it would not be a problem anywhere and added a BUG_ON in case a caller ever gets broken in the future. The original patch for the problem in GA does not fix all of the callers but it instead of a BUG_ON just silently returns. So there is no panic but it won't be right. Although this patch may not be required to stop us from panicing much of the followup LSPP patches are based on this patch. And following upstream rather than doing our own thing is always a good thing right? To apply this we would need to stop applying patch 21202 in the spec file, linux-2.6-xfrm-audit-correct-xfrm-auditing-panic.patch. This new patch has been in use in the LSPP kernel for months now and is upstream with no problems. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=13fcfbb0675bf87da694f55dec11cada489a205c -Eric Index: linux-2.6.18.noarch/net/key/af_key.c =================================================================== --- linux-2.6.18.noarch.orig/net/key/af_key.c +++ linux-2.6.18.noarch/net/key/af_key.c @@ -2285,16 +2285,17 @@ static int pfkey_spddelete(struct sock * xp = xfrm_policy_bysel_ctx(pol->sadb_x_policy_dir-1, &sel, tmp.security, 1); security_xfrm_policy_free(&tmp); - xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, - AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); - if (xp == NULL) return -ENOENT; - err = 0; + err = security_xfrm_policy_delete(xp); - if ((err = security_xfrm_policy_delete(xp))) + xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, + AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); + + if (err) goto out; + c.seq = hdr->sadb_msg_seq; c.pid = hdr->sadb_msg_pid; c.event = XFRM_MSG_DELPOLICY; Index: linux-2.6.18.noarch/net/xfrm/xfrm_user.c =================================================================== --- linux-2.6.18.noarch.orig/net/xfrm/xfrm_user.c +++ linux-2.6.18.noarch/net/xfrm/xfrm_user.c @@ -1081,12 +1081,14 @@ static int xfrm_get_policy(struct sk_buf MSG_DONTWAIT); } } else { - if ((err = security_xfrm_policy_delete(xp)) != 0) - goto out; + err = security_xfrm_policy_delete(xp); xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); + if (err != 0) + goto out; + c.data.byid = p->index; c.event = nlh->nlmsg_type; c.seq = nlh->nlmsg_seq; Index: linux-2.6.18.noarch/net/xfrm/xfrm_policy.c =================================================================== --- linux-2.6.18.noarch.orig/net/xfrm/xfrm_policy.c +++ linux-2.6.18.noarch/net/xfrm/xfrm_policy.c @@ -1396,9 +1396,14 @@ void xfrm_audit_log(uid_t auid, u32 sid, if ((x == NULL) && (xp == NULL)) return; + BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA || + type == AUDIT_MAC_IPSEC_DELSA) && !x); + BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD || + type == AUDIT_MAC_IPSEC_DELSPD) && !xp); + audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type); if (audit_buf == NULL) - return; + return; switch(type) { case AUDIT_MAC_IPSEC_ADDSA: