Revert "bpf: Emit audit messages upon successful prog load and unload"

This commit reverts commit 91e6015b082b ("bpf: Emit audit messages
upon successful prog load and unload") and its follow up commit
7599a896f2e4 ("audit: Move audit_log_task declaration under
CONFIG_AUDITSYSCALL") as requested by Paul Moore. The change needs
close review on linux-audit, tests etc.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 18925d9..aee3dc9 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -358,8 +358,6 @@ static inline void audit_ptrace(struct task_struct *t)
                __audit_ptrace(t);
 }
 
-extern void audit_log_task(struct audit_buffer *ab);
-
                                /* Private API (for audit.c only) */
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
@@ -647,9 +645,6 @@ static inline void audit_ntp_log(const struct audit_ntp_data *ad)
 
 static inline void audit_ptrace(struct task_struct *t)
 { }
-
-static inline void audit_log_task(struct audit_buffer *ab)
-{ }
 #define audit_n_rules 0
 #define audit_signals 0
 #endif /* CONFIG_AUDITSYSCALL */

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 32a5db9..c89c649 100644 (file)
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -116,7 +116,6 @@
 #define AUDIT_FANOTIFY         1331    /* Fanotify access decision */
 #define AUDIT_TIME_INJOFFSET   1332    /* Timekeeping offset injected */
 #define AUDIT_TIME_ADJNTPVAL   1333    /* NTP value adjustment */
-#define AUDIT_BPF              1334    /* BPF subsystem */
 
 #define AUDIT_AVC              1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR      1401    /* Internal SE Linux Errors */

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9bf1045..4effe01 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2545,7 +2545,7 @@ void __audit_ntp_log(const struct audit_ntp_data *ad)
        audit_log_ntp_val(ad, "adjust", AUDIT_NTP_ADJUST);
 }
 
-void audit_log_task(struct audit_buffer *ab)
+static void audit_log_task(struct audit_buffer *ab)
 {
        kuid_t auid, uid;
        kgid_t gid;

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index b51ecb9..4ae52eb 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -23,7 +23,6 @@
 #include <linux/timekeeping.h>
 #include <linux/ctype.h>
 #include <linux/nospec.h>
-#include <linux/audit.h>
 #include <uapi/linux/btf.h>
 
 #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PROG_ARRAY || \
@@ -1322,34 +1321,6 @@ static void free_used_maps(struct bpf_prog_aux *aux)
        kfree(aux->used_maps);
 }
 
-enum bpf_event {
-       BPF_EVENT_LOAD,
-       BPF_EVENT_UNLOAD,
-};
-
-static const char * const bpf_event_audit_str[] = {
-       [BPF_EVENT_LOAD]   = "LOAD",
-       [BPF_EVENT_UNLOAD] = "UNLOAD",
-};
-
-static void bpf_audit_prog(const struct bpf_prog *prog, enum bpf_event event)
-{
-       bool has_task_context = event == BPF_EVENT_LOAD;
-       struct audit_buffer *ab;
-
-       if (audit_enabled == AUDIT_OFF)
-               return;
-       ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_BPF);
-       if (unlikely(!ab))
-               return;
-       if (has_task_context)
-               audit_log_task(ab);
-       audit_log_format(ab, "%sprog-id=%u event=%s",
-                        has_task_context ? " " : "",
-                        prog->aux->id, bpf_event_audit_str[event]);
-       audit_log_end(ab);
-}
-
 int __bpf_prog_charge(struct user_struct *user, u32 pages)
 {
        unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
@@ -1466,7 +1437,6 @@ static void __bpf_prog_put(struct bpf_prog *prog, bool do_idr_lock)
 {
        if (atomic64_dec_and_test(&prog->aux->refcnt)) {
                perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_UNLOAD, 0);
-               bpf_audit_prog(prog, BPF_EVENT_UNLOAD);
                /* bpf_prog_free_id() must be called first */
                bpf_prog_free_id(prog, do_idr_lock);
                __bpf_prog_put_noref(prog, true);
@@ -1876,7 +1846,6 @@ static int bpf_prog_load(union bpf_attr *attr, union bpf_attr __user *uattr)
         */
        bpf_prog_kallsyms_add(prog);
        perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_LOAD, 0);
-       bpf_audit_prog(prog, BPF_EVENT_LOAD);
 
        err = bpf_prog_new_fd(prog);
        if (err < 0)