tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:

- Improved handling of unknown status requests from userspace

The current kernel code ignores unknown/unused request bits sent from
userspace and returns an error code based on the results of the
request(s) it does understand. The patch from Ricardo fixes this so
that unknown requests return an -EINVAL to userspace, making
compatibility a bit easier moving forward.

- A number of small style and formatting cleanups

* tag 'audit-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: handle unknown status requests in audit_receive_msg()
audit: fix coding style issues
audit: remove redundant initialization of static variables to 0
audit: fix whitespace alignment in include/uapi/linux/audit.h

Linus Torvalds de639344 ef3da345

+20 -10
+9
include/linux/audit.h
··· 15 15 #include <uapi/linux/audit.h> 16 16 #include <uapi/linux/fanotify.h> 17 17 18 + #define AUDIT_STATUS_ALL (AUDIT_STATUS_ENABLED | \ 19 + AUDIT_STATUS_FAILURE | \ 20 + AUDIT_STATUS_PID | \ 21 + AUDIT_STATUS_RATE_LIMIT | \ 22 + AUDIT_STATUS_BACKLOG_LIMIT | \ 23 + AUDIT_STATUS_BACKLOG_WAIT_TIME | \ 24 + AUDIT_STATUS_LOST | \ 25 + AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL) 26 + 18 27 #define AUDIT_INO_UNSET ((u64)-1) 19 28 #define AUDIT_DEV_UNSET ((dev_t)-1) 20 29
+4 -4
include/uapi/linux/audit.h
··· 350 350 #define AUDIT_STATUS_ENABLED 0x0001 351 351 #define AUDIT_STATUS_FAILURE 0x0002 352 352 #define AUDIT_STATUS_PID 0x0004 353 - #define AUDIT_STATUS_RATE_LIMIT 0x0008 353 + #define AUDIT_STATUS_RATE_LIMIT 0x0008 354 354 #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 355 355 #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 356 356 #define AUDIT_STATUS_LOST 0x0040 ··· 386 386 * These bits disambiguate different calling conventions that share an 387 387 * ELF machine type, bitness, and endianness 388 388 */ 389 - #define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 390 - #define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 389 + #define __AUDIT_ARCH_CONVENTION_MASK 0x30000000 390 + #define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000 391 391 392 392 /* distinguish syscall tables */ 393 393 #define __AUDIT_ARCH_64BIT 0x80000000 ··· 508 508 __u32 log_passwd; /* 1 = enabled, 0 = disabled */ 509 509 }; 510 510 511 - #define AUDIT_UID_UNSET (unsigned int)-1 511 + #define AUDIT_UID_UNSET ((unsigned int)-1) 512 512 #define AUDIT_SID_UNSET ((unsigned int)-1) 513 513 514 514 /* audit_rule_data supports filter rules with both integer and string
+5 -3
kernel/audit.c
··· 355 355 356 356 static inline int audit_rate_check(void) 357 357 { 358 - static unsigned long last_check = 0; 359 - static int messages = 0; 358 + static unsigned long last_check; 359 + static int messages; 360 360 static DEFINE_SPINLOCK(lock); 361 361 unsigned long flags; 362 362 unsigned long now; ··· 391 391 */ 392 392 void audit_log_lost(const char *message) 393 393 { 394 - static unsigned long last_msg = 0; 394 + static unsigned long last_msg; 395 395 static DEFINE_SPINLOCK(lock); 396 396 unsigned long flags; 397 397 unsigned long now; ··· 1295 1295 memset(&s, 0, sizeof(s)); 1296 1296 /* guard against past and future API changes */ 1297 1297 memcpy(&s, data, min_t(size_t, sizeof(s), data_len)); 1298 + if (s.mask & ~AUDIT_STATUS_ALL) 1299 + return -EINVAL; 1298 1300 if (s.mask & AUDIT_STATUS_ENABLED) { 1299 1301 err = audit_set_enabled(s.enabled); 1300 1302 if (err < 0)
+1 -2
kernel/auditfilter.c
··· 303 303 return ERR_PTR(err); 304 304 } 305 305 306 - static u32 audit_ops[] = 307 - { 306 + static u32 audit_ops[] = { 308 307 [Audit_equal] = AUDIT_EQUAL, 309 308 [Audit_not_equal] = AUDIT_NOT_EQUAL, 310 309 [Audit_bitmask] = AUDIT_BIT_MASK,
+1 -1
lib/audit.c
··· 42 42 if (audit_is_compat(abi)) 43 43 return audit_classify_compat_syscall(abi, syscall); 44 44 45 - switch(syscall) { 45 + switch (syscall) { 46 46 #ifdef __NR_open 47 47 case __NR_open: 48 48 return AUDITSC_OPEN;