Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
audit: widen ino fields to u64
inode->i_ino is being widened from unsigned long to u64. The audit
subsystem uses unsigned long ino in struct fields, function parameters,
and local variables that store inode numbers from arbitrary filesystems.
On 32-bit platforms this truncates inode numbers that exceed 32 bits,
which will cause incorrect audit log entries and broken watch/mark
comparisons.
Widen all audit ino fields, parameters, and locals to u64, and update
the inode format string from %lu to %llu to match.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://patch.msgid.link/20260304-iino-u64-v3-2-2257ad83d372@kernel.org
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
authored by
Jeff Layton
and committed by
Christian Brauner
125dfa21
96fefcab
+17
-18
+1
-1
include/linux/audit.h
+1
-1
include/linux/audit.h
+6
-7
kernel/audit.h
+6
-7
kernel/audit.h
···
76
76
int name_len; /* number of chars to log */
77
77
bool hidden; /* don't log this record */
78
78
79
-
unsigned long ino;
79
+
u64 ino;
80
80
dev_t dev;
81
81
umode_t mode;
82
82
kuid_t uid;
···
225
225
#define AUDIT_INODE_BUCKETS 32
226
226
extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
227
227
228
-
static inline int audit_hash_ino(u32 ino)
228
+
static inline int audit_hash_ino(u64 ino)
229
229
{
230
-
return (ino & (AUDIT_INODE_BUCKETS-1));
230
+
return ((u32)ino & (AUDIT_INODE_BUCKETS-1));
231
231
}
232
232
233
233
/* Indicates that audit should log the full pathname. */
···
277
277
extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
278
278
extern void audit_remove_watch_rule(struct audit_krule *krule);
279
279
extern char *audit_watch_path(struct audit_watch *watch);
280
-
extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino,
281
-
dev_t dev);
280
+
extern int audit_watch_compare(struct audit_watch *watch, u64 ino, dev_t dev);
282
281
283
282
extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule,
284
283
char *pathname, int len);
285
284
extern char *audit_mark_path(struct audit_fsnotify_mark *mark);
286
285
extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark);
287
286
extern void audit_remove_mark_rule(struct audit_krule *krule);
288
-
extern int audit_mark_compare(struct audit_fsnotify_mark *mark,
289
-
unsigned long ino, dev_t dev);
287
+
extern int audit_mark_compare(struct audit_fsnotify_mark *mark, u64 ino,
288
+
dev_t dev);
290
289
extern int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old);
291
290
extern int audit_exe_compare(struct task_struct *tsk,
292
291
struct audit_fsnotify_mark *mark);
+2
-2
kernel/audit_fsnotify.c
+2
-2
kernel/audit_fsnotify.c
···
25
25
*/
26
26
struct audit_fsnotify_mark {
27
27
dev_t dev; /* associated superblock device */
28
-
unsigned long ino; /* associated inode number */
28
+
u64 ino; /* associated inode number */
29
29
char *path; /* insertion path */
30
30
struct fsnotify_mark mark; /* fsnotify mark on the inode */
31
31
struct audit_krule *rule;
···
57
57
return mark->path;
58
58
}
59
59
60
-
int audit_mark_compare(struct audit_fsnotify_mark *mark, unsigned long ino, dev_t dev)
60
+
int audit_mark_compare(struct audit_fsnotify_mark *mark, u64 ino, dev_t dev)
61
61
{
62
62
if (mark->ino == AUDIT_INO_UNSET)
63
63
return 0;
+6
-6
kernel/audit_watch.c
+6
-6
kernel/audit_watch.c
···
37
37
refcount_t count; /* reference count */
38
38
dev_t dev; /* associated superblock device */
39
39
char *path; /* insertion path */
40
-
unsigned long ino; /* associated inode number */
40
+
u64 ino; /* associated inode number */
41
41
struct audit_parent *parent; /* associated parent */
42
42
struct list_head wlist; /* entry in parent->watches list */
43
43
struct list_head rules; /* anchor for krule->rlist */
···
125
125
return watch->path;
126
126
}
127
127
128
-
int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev)
128
+
int audit_watch_compare(struct audit_watch *watch, u64 ino, dev_t dev)
129
129
{
130
130
return (watch->ino != AUDIT_INO_UNSET) &&
131
131
(watch->ino == ino) &&
···
244
244
/* Update inode info in audit rules based on filesystem event. */
245
245
static void audit_update_watch(struct audit_parent *parent,
246
246
const struct qstr *dname, dev_t dev,
247
-
unsigned long ino, unsigned invalidating)
247
+
u64 ino, unsigned invalidating)
248
248
{
249
249
struct audit_watch *owatch, *nwatch, *nextw;
250
250
struct audit_krule *r, *nextr;
···
285
285
list_del(&oentry->rule.list);
286
286
audit_panic("error updating watch, removing");
287
287
} else {
288
-
int h = audit_hash_ino((u32)ino);
288
+
int h = audit_hash_ino(ino);
289
289
290
290
/*
291
291
* nentry->rule.watch == oentry->rule.watch so
···
439
439
440
440
audit_add_to_parent(krule, parent);
441
441
442
-
h = audit_hash_ino((u32)watch->ino);
442
+
h = audit_hash_ino(watch->ino);
443
443
*list = &audit_inode_hash[h];
444
444
error:
445
445
path_put(&parent_path);
···
527
527
int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)
528
528
{
529
529
struct file *exe_file;
530
-
unsigned long ino;
530
+
u64 ino;
531
531
dev_t dev;
532
532
533
533
/* only do exe filtering if we are recording @current events/records */
+2
-2
kernel/auditsc.c
+2
-2
kernel/auditsc.c
···
886
886
struct audit_names *n,
887
887
struct audit_context *ctx)
888
888
{
889
-
int h = audit_hash_ino((u32)n->ino);
889
+
int h = audit_hash_ino(n->ino);
890
890
struct list_head *list = &audit_inode_hash[h];
891
891
892
892
return __audit_filter_op(tsk, ctx, list, n, ctx->major);
···
1534
1534
audit_log_format(ab, " name=(null)");
1535
1535
1536
1536
if (n->ino != AUDIT_INO_UNSET)
1537
-
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x",
1537
+
audit_log_format(ab, " inode=%llu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x",
1538
1538
n->ino,
1539
1539
MAJOR(n->dev),
1540
1540
MINOR(n->dev),