Re: [PATCH v2] audit: use task_tgid_nr() instead of task_pid_nr()
From: Paul Moore
Date: Wed Aug 28 2024 - 16:52:10 EST
On Aug 28, 2024 Ricardo Robaina <rrobaina@xxxxxxxxxx> wrote:
>
> In a few audit records, PIDs were being recorded with task_pid_nr()
> instead of task_tgid_nr().
>
> $ grep "task_pid_nr" kernel/audit*.c
> audit.c: task_pid_nr(current),
> auditfilter.c: pid = task_pid_nr(current);
> auditsc.c: audit_log_format(ab, " pid=%u", task_pid_nr(current));
>
> For single-thread applications, the process id (pid) and the thread
> group id (tgid) are the same. However, on multi-thread applications,
> task_pid_nr() returns the current thread id (user-space's TID), while
> task_tgid_nr() returns the main thread id (user-space's PID). Since
> the users are more interested in the process id (pid), rather than the
> thread id (tid), this patch converts these callers to the correct method.
>
> Link: https://github.com/linux-audit/audit-kernel/issues/126
>
> Reviewed-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> Signed-off-by: Ricardo Robaina <rrobaina@xxxxxxxxxx>
> ---
> V1 -> V2: Added a more detailed commit description
>
> kernel/audit.c | 2 +-
> kernel/auditfilter.c | 2 +-
> kernel/auditsc.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
Looks good to me, merged into audit/dev, thanks!
--
paul-moore.com