On Wed, Sep 25, 2024 at 4:44 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > On Mon, Sep 23, 2024 at 08:11:51PM -0400, Paul Moore wrote: > > > > * get rid of the "repeated getname() on the same address is going to > > > give you the same object" - that can't be relied upon without audit, for one > > > thing and for another... having a syscall that takes two pathnames that gives > > > different audit log (if not predicate evaluation) in cases when those are > > > identical pointers vs. strings with identical contenst is, IMO, somewhat > > > undesirable. That kills filename->uaddr. > > > > /uaddr/uptr/ if I'm following you correctly, but yeah, that all seems good. > > BTW, what should we do when e.g. mkdir(2) manages to get to the parent, calls > audit_inode() to memorize that one and then gets -ESTALE from nfs_mkdir()? > We repeat the pathwalk, this time with LOOKUP_REVAL (i.e. make sure to ask > the server about each NFS directory we are visiting, even if it had been seen > recently) and arrive to a different directory, which is not stale and where > subdirectory creation succeeds. Ah, that's fun. I'm guessing we could run into similar issues with other network filesystems, or is this specific to NFS? > The thing is, we call audit_inode(...., AUDIT_INODE_PARENT) twice. With the > same name, but with different inodes. Should we log both, or should the > latter call cannibalize the audit_names instance from the earlier? I think the proper behavior is to have the second call cannibalize the state from the first. The intent of logging is to capture the state when/where the new directory is created, since we never created a directory off the -ESTALE path I don't see why we would need to log it. -- paul-moore.com
