audit: consistently record PIDs with task_tgid_nr()

Unfortunately we record PIDs in audit records using a variety of methods despite the correct way being the use of task_tgid_nr(). This patch converts all of these callers, except for the case of AUDIT_SET in audit_receive_msg() (see the comment in the code). Reported-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2016-08-30 17:19:13 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-08-30 17:19:13 -0400
commit: fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108 (patch)
tree: a7f49ec5a58e527f6a50cac7a628561688007629 /kernel/auditsc.c
parent: 523d939ef98fd712632d93a5a2b588e477a7565e (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2672d105cffc..3824b1bbeae1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -455,7 +455,7 @@ static int audit_filter_rules(struct task_struct *tsk,
                switch (f->type) {
                case AUDIT_PID:
-                        pid = task_pid_nr(tsk);
+                        pid = task_tgid_nr(tsk);
                        result = audit_comparator(pid, f->op, f->val);
                        break;
                case AUDIT_PPID:
@@ -1993,7 +1993,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
        loginuid = from_kuid(&init_user_ns, kloginuid),
        tty = audit_get_tty(current);
-        audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);
+        audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);
        audit_log_task_context(ab);
        audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
                         oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
@@ -2220,7 +2220,7 @@ void __audit_ptrace(struct task_struct *t)
 {
        struct audit_context *context = current->audit_context;
-        context->target_pid = task_pid_nr(t);
+        context->target_pid = task_tgid_nr(t);
        context->target_auid = audit_get_loginuid(t);
        context->target_uid = task_uid(t);
        context->target_sessionid = audit_get_sessionid(t);
@@ -2245,7 +2245,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
        if (audit_pid && t->tgid == audit_pid) {
                if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
-                        audit_sig_pid = task_pid_nr(tsk);
+                        audit_sig_pid = task_tgid_nr(tsk);
                        if (uid_valid(tsk->loginuid))
                                audit_sig_uid = tsk->loginuid;
                        else
@@ -2345,7 +2345,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
 void __audit_log_capset(const struct cred *new, const struct cred *old)
 {
        struct audit_context *context = current->audit_context;
-        context->capset.pid = task_pid_nr(current);
+        context->capset.pid = task_tgid_nr(current);
        context->capset.cap.effective   = new->cap_effective;
        context->capset.cap.inheritable = new->cap_effective;
        context->capset.cap.permitted   = new->cap_permitted;
@@ -2377,7 +2377,7 @@ static void audit_log_task(struct audit_buffer *ab)
                         from_kgid(&init_user_ns, gid),
                         sessionid);
        audit_log_task_context(ab);
-        audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
+        audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
        audit_log_untrustedstring(ab, get_task_comm(comm, current));
        audit_log_d_path_exe(ab, current->mm);
 }
author	Paul Moore <paul@paul-moore.com>	2016-08-30 17:19:13 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-08-30 17:19:13 -0400
commit	fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108 (patch)
tree	a7f49ec5a58e527f6a50cac7a628561688007629 /kernel/auditsc.c
parent	523d939ef98fd712632d93a5a2b588e477a7565e (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2672d105cffc..3824b1bbeae1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -455,7 +455,7 @@ static int audit_filter_rules(struct task_struct *tsk,
455		455
456	switch (f->type) {	456	switch (f->type) {
457	case AUDIT_PID:	457	case AUDIT_PID:
458	pid = task_pid_nr(tsk);	458	pid = task_tgid_nr(tsk);
459	result = audit_comparator(pid, f->op, f->val);	459	result = audit_comparator(pid, f->op, f->val);
460	break;	460	break;
461	case AUDIT_PPID:	461	case AUDIT_PPID:
@@ -1993,7 +1993,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
1993	loginuid = from_kuid(&init_user_ns, kloginuid),	1993	loginuid = from_kuid(&init_user_ns, kloginuid),
1994	tty = audit_get_tty(current);	1994	tty = audit_get_tty(current);
1995		1995
1996	audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);	1996	audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);
1997	audit_log_task_context(ab);	1997	audit_log_task_context(ab);
1998	audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",	1998	audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
1999	oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",	1999	oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
@@ -2220,7 +2220,7 @@ void __audit_ptrace(struct task_struct *t)
2220	{	2220	{
2221	struct audit_context *context = current->audit_context;	2221	struct audit_context *context = current->audit_context;
2222		2222
2223	context->target_pid = task_pid_nr(t);	2223	context->target_pid = task_tgid_nr(t);
2224	context->target_auid = audit_get_loginuid(t);	2224	context->target_auid = audit_get_loginuid(t);
2225	context->target_uid = task_uid(t);	2225	context->target_uid = task_uid(t);
2226	context->target_sessionid = audit_get_sessionid(t);	2226	context->target_sessionid = audit_get_sessionid(t);
@@ -2245,7 +2245,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2245		2245
2246	if (audit_pid && t->tgid == audit_pid) {	2246	if (audit_pid && t->tgid == audit_pid) {
2247	if (sig == SIGTERM \|\| sig == SIGHUP \|\| sig == SIGUSR1 \|\| sig == SIGUSR2) {	2247	if (sig == SIGTERM \|\| sig == SIGHUP \|\| sig == SIGUSR1 \|\| sig == SIGUSR2) {
2248	audit_sig_pid = task_pid_nr(tsk);	2248	audit_sig_pid = task_tgid_nr(tsk);
2249	if (uid_valid(tsk->loginuid))	2249	if (uid_valid(tsk->loginuid))
2250	audit_sig_uid = tsk->loginuid;	2250	audit_sig_uid = tsk->loginuid;
2251	else	2251	else
@@ -2345,7 +2345,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
2345	void __audit_log_capset(const struct cred new, const struct cred old)	2345	void __audit_log_capset(const struct cred new, const struct cred old)
2346	{	2346	{
2347	struct audit_context *context = current->audit_context;	2347	struct audit_context *context = current->audit_context;
2348	context->capset.pid = task_pid_nr(current);	2348	context->capset.pid = task_tgid_nr(current);
2349	context->capset.cap.effective = new->cap_effective;	2349	context->capset.cap.effective = new->cap_effective;
2350	context->capset.cap.inheritable = new->cap_effective;	2350	context->capset.cap.inheritable = new->cap_effective;
2351	context->capset.cap.permitted = new->cap_permitted;	2351	context->capset.cap.permitted = new->cap_permitted;
@@ -2377,7 +2377,7 @@ static void audit_log_task(struct audit_buffer *ab)
2377	from_kgid(&init_user_ns, gid),	2377	from_kgid(&init_user_ns, gid),
2378	sessionid);	2378	sessionid);
2379	audit_log_task_context(ab);	2379	audit_log_task_context(ab);
2380	audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));	2380	audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
2381	audit_log_untrustedstring(ab, get_task_comm(comm, current));	2381	audit_log_untrustedstring(ab, get_task_comm(comm, current));
2382	audit_log_d_path_exe(ab, current->mm);	2382	audit_log_d_path_exe(ab, current->mm);
2383	}	2383	}