tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

audit: handle unknown status requests in audit_receive_msg()

Currently, audit_receive_msg() ignores unknown status bits in AUDIT_SET
requests, incorrectly returning success to newer user space tools
querying unsupported features. This breaks forward compatibility.

Fix this by defining AUDIT_STATUS_ALL and returning -EINVAL if any
unrecognized bits are set (s.mask & ~AUDIT_STATUS_ALL).
This ensures invalid requests are safely rejected, allowing user space
to reliably test for and gracefully handle feature detection on older
kernels.

Suggested-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Ricardo Robaina and committed by
Paul Moore 360160f7 f3e334fb

+11
+9
include/linux/audit.h
··· 15 15 #include <uapi/linux/audit.h> 16 16 #include <uapi/linux/fanotify.h> 17 17 18 + #define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \ 19 + AUDIT_STATUS_FAILURE | \ 20 + AUDIT_STATUS_PID | \ 21 + AUDIT_STATUS_RATE_LIMIT | \ 22 + AUDIT_STATUS_BACKLOG_LIMIT | \ 23 + AUDIT_STATUS_BACKLOG_WAIT_TIME | \ 24 + AUDIT_STATUS_LOST | \ 25 + AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL) 26 + 18 27 #define AUDIT_INO_UNSET ((unsigned long)-1) 19 28 #define AUDIT_DEV_UNSET ((dev_t)-1) 20 29
+2
kernel/audit.c
··· 1295 1295 memset(&s, 0, sizeof(s)); 1296 1296 /* guard against past and future API changes */ 1297 1297 memcpy(&s, data, min_t(size_t, sizeof(s), data_len)); 1298 + if (s.mask & ~AUDIT_STATUS_ALL) 1299 + return -EINVAL; 1298 1300 if (s.mask & AUDIT_STATUS_ENABLED) { 1299 1301 err = audit_set_enabled(s.enabled); 1300 1302 if (err < 0)