xfrm: Remove useless secid field from xfrm_audit.

It seems to me that commit ab5f5e8b "[XFRM]: xfrm audit calls" is doing
something strange at xfrm_audit_helper_usrinfo().
If secid != 0 && security_secid_to_secctx(secid) != 0, the caller calls
audit_log_task_context() which basically does
secid != 0 && security_secid_to_secctx(secid) == 0 case
except that secid is obtained from current thread's context.

Oh, what happens if secid passed to xfrm_audit_helper_usrinfo() was
obtained from other thread's context? It might audit current thread's
context rather than other thread's context if security_secid_to_secctx()
in xfrm_audit_helper_usrinfo() failed for some reason.

Then, are all the caller of xfrm_audit_helper_usrinfo() passing either
secid obtained from current thread's context or secid == 0?
It seems to me that they are.

If I didn't miss something, we don't need to pass secid to
xfrm_audit_helper_usrinfo() because audit_log_task_context() will
obtain secid from current thread's context.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

1 files changed, 8 insertions, 14 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c08fbd11ceff..bd001b7062c0 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -785,8 +785,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
                         if (err) {
                                 xfrm_audit_policy_delete(pol, 0,
                                                          audit_info->loginuid,
-                                                         audit_info->sessionid,
-                                                         audit_info->secid);
+                                                         audit_info->sessionid);
                                 return err;
                         }
                 }
@@ -801,8 +800,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
                                 if (err) {
                                         xfrm_audit_policy_delete(pol, 0,
                                                         audit_info->loginuid,
-                                                        audit_info->sessionid,
-                                                        audit_info->secid);
+                                                        audit_info->sessionid);
                                         return err;
                                 }
                         }
@@ -842,8 +840,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
                         cnt++;
 
                         xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
-                                                 audit_info->sessionid,
-                                                 audit_info->secid);
+                                                 audit_info->sessionid);
 
                         xfrm_policy_kill(pol);
 
@@ -864,8 +861,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
 
                                 xfrm_audit_policy_delete(pol, 1,
                                                          audit_info->loginuid,
-                                                         audit_info->sessionid,
-                                                         audit_info->secid);
+                                                         audit_info->sessionid);
                                 xfrm_policy_kill(pol);
 
                                 write_lock_bh(&net->xfrm.xfrm_policy_lock);
@@ -2870,12 +2866,10 @@ static void xfrm_policy_fini(struct net *net)
 #ifdef CONFIG_XFRM_SUB_POLICY
         audit_info.loginuid = INVALID_UID;
         audit_info.sessionid = (unsigned int)-1;
-        audit_info.secid = 0;
         xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info);
 #endif
         audit_info.loginuid = INVALID_UID;
         audit_info.sessionid = (unsigned int)-1;
-        audit_info.secid = 0;
         xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
 
         WARN_ON(!list_empty(&net->xfrm.policy_all));
@@ -2992,14 +2986,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
 }
 
 void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                           kuid_t auid, unsigned int sessionid, u32 secid)
+                           kuid_t auid, unsigned int sessionid)
 {
         struct audit_buffer *audit_buf;
 
         audit_buf = xfrm_audit_start("SPD-add");
         if (audit_buf == NULL)
                 return;
-        xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+        xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
         audit_log_format(audit_buf, " res=%u", result);
         xfrm_audit_common_policyinfo(xp, audit_buf);
         audit_log_end(audit_buf);
@@ -3007,14 +3001,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
 
 void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                              kuid_t auid, unsigned int sessionid, u32 secid)
+                              kuid_t auid, unsigned int sessionid)
 {
         struct audit_buffer *audit_buf;
 
         audit_buf = xfrm_audit_start("SPD-delete");
         if (audit_buf == NULL)
                 return;
-        xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+        xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
         audit_log_format(audit_buf, " res=%u", result);
         xfrm_audit_common_policyinfo(xp, audit_buf);
         audit_log_end(audit_buf);