tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit

Pull audit fix from Paul Moore:
"One audit patch to resolve a panic/oops when recording filenames in
the audit log, see the mail archive link below.

The fix isn't as nice as I would like, as it involves an allocate/copy
of the filename, but it solves the problem and the overhead should
only affect users who have configured audit rules involving file
names.

We'll revisit this issue with future kernels in an attempt to make
this suck less, but in the meantime I think this fix should go into
the next release of v3.19-rcX.

[ https://marc.info/?t=141986927600001&r=1&w=2 ]"

* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
audit: create private file name copies when auditing inodes

Linus Torvalds 5e0f872c 7f405483

+40 -9
+40 -9
kernel/auditsc.c
··· 72 72 #include <linux/fs_struct.h> 73 73 #include <linux/compat.h> 74 74 #include <linux/ctype.h> 75 + #include <linux/string.h> 76 + #include <uapi/linux/limits.h> 75 77 76 78 #include "audit.h" 77 79 ··· 1863 1861 } 1864 1862 1865 1863 list_for_each_entry_reverse(n, &context->names_list, list) { 1866 - /* does the name pointer match? */ 1867 - if (!n->name || n->name->name != name->name) 1864 + if (!n->name || strcmp(n->name->name, name->name)) 1868 1865 continue; 1869 1866 1870 1867 /* match the correct record type */ ··· 1882 1881 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); 1883 1882 if (!n) 1884 1883 return; 1885 - if (name) 1886 - /* since name is not NULL we know there is already a matching 1887 - * name record, see audit_getname(), so there must be a type 1888 - * mismatch; reuse the string path since the original name 1889 - * record will keep the string valid until we free it in 1890 - * audit_free_names() */ 1891 - n->name = name; 1884 + /* unfortunately, while we may have a path name to record with the 1885 + * inode, we can't always rely on the string lasting until the end of 1886 + * the syscall so we need to create our own copy, it may fail due to 1887 + * memory allocation issues, but we do our best */ 1888 + if (name) { 1889 + /* we can't use getname_kernel() due to size limits */ 1890 + size_t len = strlen(name->name) + 1; 1891 + struct filename *new = __getname(); 1892 1892 1893 + if (unlikely(!new)) 1894 + goto out; 1895 + 1896 + if (len <= (PATH_MAX - sizeof(*new))) { 1897 + new->name = (char *)(new) + sizeof(*new); 1898 + new->separate = false; 1899 + } else if (len <= PATH_MAX) { 1900 + /* this looks odd, but is due to final_putname() */ 1901 + struct filename *new2; 1902 + 1903 + new2 = kmalloc(sizeof(*new2), GFP_KERNEL); 1904 + if (unlikely(!new2)) { 1905 + __putname(new); 1906 + goto out; 1907 + } 1908 + new2->name = (char *)new; 1909 + new2->separate = true; 1910 + new = new2; 1911 + } else { 1912 + /* we should never get here, but let's be safe */ 1913 + __putname(new); 1914 + goto out; 1915 + } 1916 + strlcpy((char *)new->name, name->name, len); 1917 + new->uptr = NULL; 1918 + new->aname = n; 1919 + n->name = new; 1920 + n->name_put = true; 1921 + } 1893 1922 out: 1894 1923 if (parent) { 1895 1924 n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL;