tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit

Pull audit fixes from Paul Moore:
"Four patches to fix various problems with the audit subsystem, all are
fairly small and straightforward.

One patch fixes a problem where we weren't using the correct gfp
allocation flags (GFP_KERNEL regardless of context, oops), one patch
fixes a problem with old userspace tools (this was broken for a
while), one patch fixes a problem where we weren't recording pathnames
correctly, and one fixes a problem with PID based filters.

In general I don't think there is anything controversial with this
patchset, and it fixes some rather unfortunate bugs; the allocation
flag one can be particularly scary looking for users"

* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
audit: restore AUDIT_LOGINUID unset ABI
audit: correctly record file names with different path name types
audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb
audit: don't attempt to lookup PIDs when changing PID filtering audit rules

Linus Torvalds 66b3f4f0 53262d12

+28 -21
+4
include/linux/audit.h
··· 47 47 48 48 struct audit_krule { 49 49 int vers_ops; 50 + u32 pflags; 50 51 u32 flags; 51 52 u32 listnr; 52 53 u32 action; ··· 64 63 struct list_head list; /* for AUDIT_LIST* purposes only */ 65 64 u64 prio; 66 65 }; 66 + 67 + /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ 68 + #define AUDIT_LOGINUID_LEGACY 0x1 67 69 68 70 struct audit_field { 69 71 u32 type;
+4 -4
kernel/audit.c
··· 429 429 * This function doesn't consume an skb as might be expected since it has to 430 430 * copy it anyways. 431 431 */ 432 - static void kauditd_send_multicast_skb(struct sk_buff *skb) 432 + static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask) 433 433 { 434 434 struct sk_buff *copy; 435 435 struct audit_net *aunet = net_generic(&init_net, audit_net_id); ··· 448 448 * no reason for new multicast clients to continue with this 449 449 * non-compliance. 450 450 */ 451 - copy = skb_copy(skb, GFP_KERNEL); 451 + copy = skb_copy(skb, gfp_mask); 452 452 if (!copy) 453 453 return; 454 454 455 - nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL); 455 + nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask); 456 456 } 457 457 458 458 /* ··· 1940 1940 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); 1941 1941 1942 1942 nlh->nlmsg_len = ab->skb->len; 1943 - kauditd_send_multicast_skb(ab->skb); 1943 + kauditd_send_multicast_skb(ab->skb, ab->gfp_mask); 1944 1944 1945 1945 /* 1946 1946 * The original kaudit unicast socket sends up messages with
+10 -13
kernel/auditfilter.c
··· 442 442 if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { 443 443 f->type = AUDIT_LOGINUID_SET; 444 444 f->val = 0; 445 - } 446 - 447 - if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { 448 - struct pid *pid; 449 - rcu_read_lock(); 450 - pid = find_vpid(f->val); 451 - if (!pid) { 452 - rcu_read_unlock(); 453 - err = -ESRCH; 454 - goto exit_free; 455 - } 456 - f->val = pid_nr(pid); 457 - rcu_read_unlock(); 445 + entry->rule.pflags |= AUDIT_LOGINUID_LEGACY; 458 446 } 459 447 460 448 err = audit_field_valid(entry, f); ··· 618 630 data->buflen += data->values[i] = 619 631 audit_pack_string(&bufp, krule->filterkey); 620 632 break; 633 + case AUDIT_LOGINUID_SET: 634 + if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { 635 + data->fields[i] = AUDIT_LOGINUID; 636 + data->values[i] = AUDIT_UID_UNSET; 637 + break; 638 + } 639 + /* fallthrough if set */ 621 640 default: 622 641 data->values[i] = f->val; 623 642 } ··· 641 646 int i; 642 647 643 648 if (a->flags != b->flags || 649 + a->pflags != b->pflags || 644 650 a->listnr != b->listnr || 645 651 a->action != b->action || 646 652 a->field_count != b->field_count) ··· 760 764 new = &entry->rule; 761 765 new->vers_ops = old->vers_ops; 762 766 new->flags = old->flags; 767 + new->pflags = old->pflags; 763 768 new->listnr = old->listnr; 764 769 new->action = old->action; 765 770 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
+10 -4
kernel/auditsc.c
··· 1877 1877 } 1878 1878 1879 1879 out_alloc: 1880 - /* unable to find the name from a previous getname(). Allocate a new 1881 - * anonymous entry. 1882 - */ 1883 - n = audit_alloc_name(context, AUDIT_TYPE_NORMAL); 1880 + /* unable to find an entry with both a matching name and type */ 1881 + n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); 1884 1882 if (!n) 1885 1883 return; 1884 + if (name) 1885 + /* since name is not NULL we know there is already a matching 1886 + * name record, see audit_getname(), so there must be a type 1887 + * mismatch; reuse the string path since the original name 1888 + * record will keep the string valid until we free it in 1889 + * audit_free_names() */ 1890 + n->name = name; 1891 + 1886 1892 out: 1887 1893 if (parent) { 1888 1894 n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL;