diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-06 18:01:25 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-06 18:01:25 -0400 |
| commit | 6ad11bdd57ad31182850a54235f0e947cbfd5ad0 (patch) | |
| tree | 298074cee5a8af7ac9f885f7b30d04830031312a | |
| parent | 69824bcc4b4e1427ac18a76057d592ec9028f2fe (diff) | |
| parent | ea841bafda3f7f9aa8b06a09f0f3e41c207af84f (diff) | |
Merge tag 'audit-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"We didn't have anything to send for v4.16, but we're back with a
little more than usual for v4.17.
Eleven patches in total, most fall into the small fix category, but
there are three non-trivial changes worth calling out:
- the audit entry filter is being removed after deprecating it for
quite a while (years of no one really using it because it turns out
to be not very practical)
- created our own version of "__mutex_owner()" because the locking
folks were upset we were using theirs
- improved our handling of kernel command line parameters to make
them more forgiving
- we fixed auditing of symlink operations
Everything passes the audit-testsuite and as of a few minutes ago it
merges well with your tree"
* tag 'audit-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: add refused symlink to audit_names
audit: remove path param from link denied function
audit: link denied should not directly generate PATH record
audit: make ANOM_LINK obey audit_enabled and audit_dummy_context
audit: do not panic on invalid boot parameter
audit: track the owner of the command mutex ourselves
audit: return on memory error to avoid null pointer dereference
audit: bail before bug check if audit disabled
audit: deprecate the AUDIT_FILTER_ENTRY filter
audit: session ID should not set arch quick field pointer
audit: update bugtracker and source URIs
| -rw-r--r-- | Documentation/admin-guide/kernel-parameters.txt | 14 | ||||
| -rw-r--r-- | MAINTAINERS | 1 | ||||
| -rw-r--r-- | fs/namei.c | 5 | ||||
| -rw-r--r-- | include/linux/audit.h | 6 | ||||
| -rw-r--r-- | kernel/audit.c | 108 | ||||
| -rw-r--r-- | kernel/audit.h | 3 | ||||
| -rw-r--r-- | kernel/audit_tree.c | 8 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 5 | ||||
| -rw-r--r-- | kernel/auditsc.c | 22 |
9 files changed, 106 insertions, 66 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 3c87a69cffcb..7efed1ccddc9 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt | |||
| @@ -389,15 +389,15 @@ | |||
| 389 | Use software keyboard repeat | 389 | Use software keyboard repeat |
| 390 | 390 | ||
| 391 | audit= [KNL] Enable the audit sub-system | 391 | audit= [KNL] Enable the audit sub-system |
| 392 | Format: { "0" | "1" } (0 = disabled, 1 = enabled) | 392 | Format: { "0" | "1" | "off" | "on" } |
| 393 | 0 - kernel audit is disabled and can not be enabled | 393 | 0 | off - kernel audit is disabled and can not be |
| 394 | until the next reboot | 394 | enabled until the next reboot |
| 395 | unset - kernel audit is initialized but disabled and | 395 | unset - kernel audit is initialized but disabled and |
| 396 | will be fully enabled by the userspace auditd. | 396 | will be fully enabled by the userspace auditd. |
| 397 | 1 - kernel audit is initialized and partially enabled, | 397 | 1 | on - kernel audit is initialized and partially |
| 398 | storing at most audit_backlog_limit messages in | 398 | enabled, storing at most audit_backlog_limit |
| 399 | RAM until it is fully enabled by the userspace | 399 | messages in RAM until it is fully enabled by the |
| 400 | auditd. | 400 | userspace auditd. |
| 401 | Default: unset | 401 | Default: unset |
| 402 | 402 | ||
| 403 | audit_backlog_limit= [KNL] Set the audit queue size limit. | 403 | audit_backlog_limit= [KNL] Set the audit queue size limit. |
diff --git a/MAINTAINERS b/MAINTAINERS index 881d328020df..f1be26eb7e80 100644 --- a/MAINTAINERS +++ b/MAINTAINERS | |||
| @@ -2504,7 +2504,6 @@ M: Paul Moore <paul@paul-moore.com> | |||
| 2504 | M: Eric Paris <eparis@redhat.com> | 2504 | M: Eric Paris <eparis@redhat.com> |
| 2505 | L: linux-audit@redhat.com (moderated for non-subscribers) | 2505 | L: linux-audit@redhat.com (moderated for non-subscribers) |
| 2506 | W: https://github.com/linux-audit | 2506 | W: https://github.com/linux-audit |
| 2507 | W: https://people.redhat.com/sgrubb/audit | ||
| 2508 | T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git | 2507 | T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git |
| 2509 | S: Supported | 2508 | S: Supported |
| 2510 | F: include/linux/audit.h | 2509 | F: include/linux/audit.h |
diff --git a/fs/namei.c b/fs/namei.c index 5661da1972cd..a66ed5a1622a 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -929,7 +929,8 @@ static inline int may_follow_link(struct nameidata *nd) | |||
| 929 | if (nd->flags & LOOKUP_RCU) | 929 | if (nd->flags & LOOKUP_RCU) |
| 930 | return -ECHILD; | 930 | return -ECHILD; |
| 931 | 931 | ||
| 932 | audit_log_link_denied("follow_link", &nd->stack[0].link); | 932 | audit_inode(nd->name, nd->stack[0].link.dentry, 0); |
| 933 | audit_log_link_denied("follow_link"); | ||
| 933 | return -EACCES; | 934 | return -EACCES; |
| 934 | } | 935 | } |
| 935 | 936 | ||
| @@ -995,7 +996,7 @@ static int may_linkat(struct path *link) | |||
| 995 | if (safe_hardlink_source(inode) || inode_owner_or_capable(inode)) | 996 | if (safe_hardlink_source(inode) || inode_owner_or_capable(inode)) |
| 996 | return 0; | 997 | return 0; |
| 997 | 998 | ||
| 998 | audit_log_link_denied("linkat", link); | 999 | audit_log_link_denied("linkat"); |
| 999 | return -EPERM; | 1000 | return -EPERM; |
| 1000 | } | 1001 | } |
| 1001 | 1002 | ||
diff --git a/include/linux/audit.h b/include/linux/audit.h index af410d9fbf2d..75d5b031e802 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
| 146 | const struct path *path); | 146 | const struct path *path); |
| 147 | extern void audit_log_key(struct audit_buffer *ab, | 147 | extern void audit_log_key(struct audit_buffer *ab, |
| 148 | char *key); | 148 | char *key); |
| 149 | extern void audit_log_link_denied(const char *operation, | 149 | extern void audit_log_link_denied(const char *operation); |
| 150 | const struct path *link); | ||
| 151 | extern void audit_log_lost(const char *message); | 150 | extern void audit_log_lost(const char *message); |
| 152 | 151 | ||
| 153 | extern int audit_log_task_context(struct audit_buffer *ab); | 152 | extern int audit_log_task_context(struct audit_buffer *ab); |
| @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab, | |||
| 194 | { } | 193 | { } |
| 195 | static inline void audit_log_key(struct audit_buffer *ab, char *key) | 194 | static inline void audit_log_key(struct audit_buffer *ab, char *key) |
| 196 | { } | 195 | { } |
| 197 | static inline void audit_log_link_denied(const char *string, | 196 | static inline void audit_log_link_denied(const char *string) |
| 198 | const struct path *link) | ||
| 199 | { } | 197 | { } |
| 200 | static inline int audit_log_task_context(struct audit_buffer *ab) | 198 | static inline int audit_log_task_context(struct audit_buffer *ab) |
| 201 | { | 199 | { |
diff --git a/kernel/audit.c b/kernel/audit.c index d97e8f0f73ca..670665c6e2a6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -38,7 +38,8 @@ | |||
| 38 | * 6) Support low-overhead kernel-based filtering to minimize the | 38 | * 6) Support low-overhead kernel-based filtering to minimize the |
| 39 | * information that must be passed to user-space. | 39 | * information that must be passed to user-space. |
| 40 | * | 40 | * |
| 41 | * Example user-space utilities: http://people.redhat.com/sgrubb/audit/ | 41 | * Audit userspace, documentation, tests, and bug/issue trackers: |
| 42 | * https://github.com/linux-audit | ||
| 42 | */ | 43 | */ |
| 43 | 44 | ||
| 44 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | 45 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
| @@ -180,9 +181,21 @@ static char *audit_feature_names[2] = { | |||
| 180 | "loginuid_immutable", | 181 | "loginuid_immutable", |
| 181 | }; | 182 | }; |
| 182 | 183 | ||
| 183 | 184 | /** | |
| 184 | /* Serialize requests from userspace. */ | 185 | * struct audit_ctl_mutex - serialize requests from userspace |
| 185 | DEFINE_MUTEX(audit_cmd_mutex); | 186 | * @lock: the mutex used for locking |
| 187 | * @owner: the task which owns the lock | ||
| 188 | * | ||
| 189 | * Description: | ||
| 190 | * This is the lock struct used to ensure we only process userspace requests | ||
| 191 | * in an orderly fashion. We can't simply use a mutex/lock here because we | ||
| 192 | * need to track lock ownership so we don't end up blocking the lock owner in | ||
| 193 | * audit_log_start() or similar. | ||
| 194 | */ | ||
| 195 | static struct audit_ctl_mutex { | ||
| 196 | struct mutex lock; | ||
| 197 | void *owner; | ||
| 198 | } audit_cmd_mutex; | ||
| 186 | 199 | ||
| 187 | /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting | 200 | /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting |
| 188 | * audit records. Since printk uses a 1024 byte buffer, this buffer | 201 | * audit records. Since printk uses a 1024 byte buffer, this buffer |
| @@ -227,6 +240,36 @@ int auditd_test_task(struct task_struct *task) | |||
| 227 | } | 240 | } |
| 228 | 241 | ||
| 229 | /** | 242 | /** |
| 243 | * audit_ctl_lock - Take the audit control lock | ||
| 244 | */ | ||
| 245 | void audit_ctl_lock(void) | ||
| 246 | { | ||
| 247 | mutex_lock(&audit_cmd_mutex.lock); | ||
| 248 | audit_cmd_mutex.owner = current; | ||
| 249 | } | ||
| 250 | |||
| 251 | /** | ||
| 252 | * audit_ctl_unlock - Drop the audit control lock | ||
| 253 | */ | ||
| 254 | void audit_ctl_unlock(void) | ||
| 255 | { | ||
| 256 | audit_cmd_mutex.owner = NULL; | ||
| 257 | mutex_unlock(&audit_cmd_mutex.lock); | ||
| 258 | } | ||
| 259 | |||
| 260 | /** | ||
| 261 | * audit_ctl_owner_current - Test to see if the current task owns the lock | ||
| 262 | * | ||
| 263 | * Description: | ||
| 264 | * Return true if the current task owns the audit control lock, false if it | ||
| 265 | * doesn't own the lock. | ||
| 266 | */ | ||
| 267 | static bool audit_ctl_owner_current(void) | ||
| 268 | { | ||
| 269 | return (current == audit_cmd_mutex.owner); | ||
| 270 | } | ||
| 271 | |||
| 272 | /** | ||
| 230 | * auditd_pid_vnr - Return the auditd PID relative to the namespace | 273 | * auditd_pid_vnr - Return the auditd PID relative to the namespace |
| 231 | * | 274 | * |
| 232 | * Description: | 275 | * Description: |
| @@ -860,8 +903,8 @@ int audit_send_list(void *_dest) | |||
| 860 | struct sock *sk = audit_get_sk(dest->net); | 903 | struct sock *sk = audit_get_sk(dest->net); |
| 861 | 904 | ||
| 862 | /* wait for parent to finish and send an ACK */ | 905 | /* wait for parent to finish and send an ACK */ |
| 863 | mutex_lock(&audit_cmd_mutex); | 906 | audit_ctl_lock(); |
| 864 | mutex_unlock(&audit_cmd_mutex); | 907 | audit_ctl_unlock(); |
| 865 | 908 | ||
| 866 | while ((skb = __skb_dequeue(&dest->q)) != NULL) | 909 | while ((skb = __skb_dequeue(&dest->q)) != NULL) |
| 867 | netlink_unicast(sk, skb, dest->portid, 0); | 910 | netlink_unicast(sk, skb, dest->portid, 0); |
| @@ -902,8 +945,8 @@ static int audit_send_reply_thread(void *arg) | |||
| 902 | struct audit_reply *reply = (struct audit_reply *)arg; | 945 | struct audit_reply *reply = (struct audit_reply *)arg; |
| 903 | struct sock *sk = audit_get_sk(reply->net); | 946 | struct sock *sk = audit_get_sk(reply->net); |
| 904 | 947 | ||
| 905 | mutex_lock(&audit_cmd_mutex); | 948 | audit_ctl_lock(); |
| 906 | mutex_unlock(&audit_cmd_mutex); | 949 | audit_ctl_unlock(); |
| 907 | 950 | ||
| 908 | /* Ignore failure. It'll only happen if the sender goes away, | 951 | /* Ignore failure. It'll only happen if the sender goes away, |
| 909 | because our timeout is set to infinite. */ | 952 | because our timeout is set to infinite. */ |
| @@ -1058,6 +1101,8 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature | |||
| 1058 | return; | 1101 | return; |
| 1059 | 1102 | ||
| 1060 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); | 1103 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); |
| 1104 | if (!ab) | ||
| 1105 | return; | ||
| 1061 | audit_log_task_info(ab, current); | 1106 | audit_log_task_info(ab, current); |
| 1062 | audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", | 1107 | audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", |
| 1063 | audit_feature_names[which], !!old_feature, !!new_feature, | 1108 | audit_feature_names[which], !!old_feature, !!new_feature, |
| @@ -1466,7 +1511,7 @@ static void audit_receive(struct sk_buff *skb) | |||
| 1466 | nlh = nlmsg_hdr(skb); | 1511 | nlh = nlmsg_hdr(skb); |
| 1467 | len = skb->len; | 1512 | len = skb->len; |
| 1468 | 1513 | ||
| 1469 | mutex_lock(&audit_cmd_mutex); | 1514 | audit_ctl_lock(); |
| 1470 | while (nlmsg_ok(nlh, len)) { | 1515 | while (nlmsg_ok(nlh, len)) { |
| 1471 | err = audit_receive_msg(skb, nlh); | 1516 | err = audit_receive_msg(skb, nlh); |
| 1472 | /* if err or if this message says it wants a response */ | 1517 | /* if err or if this message says it wants a response */ |
| @@ -1475,7 +1520,7 @@ static void audit_receive(struct sk_buff *skb) | |||
| 1475 | 1520 | ||
| 1476 | nlh = nlmsg_next(nlh, &len); | 1521 | nlh = nlmsg_next(nlh, &len); |
| 1477 | } | 1522 | } |
| 1478 | mutex_unlock(&audit_cmd_mutex); | 1523 | audit_ctl_unlock(); |
| 1479 | } | 1524 | } |
| 1480 | 1525 | ||
| 1481 | /* Run custom bind function on netlink socket group connect or bind requests. */ | 1526 | /* Run custom bind function on netlink socket group connect or bind requests. */ |
| @@ -1547,6 +1592,9 @@ static int __init audit_init(void) | |||
| 1547 | for (i = 0; i < AUDIT_INODE_BUCKETS; i++) | 1592 | for (i = 0; i < AUDIT_INODE_BUCKETS; i++) |
| 1548 | INIT_LIST_HEAD(&audit_inode_hash[i]); | 1593 | INIT_LIST_HEAD(&audit_inode_hash[i]); |
| 1549 | 1594 | ||
| 1595 | mutex_init(&audit_cmd_mutex.lock); | ||
| 1596 | audit_cmd_mutex.owner = NULL; | ||
| 1597 | |||
| 1550 | pr_info("initializing netlink subsys (%s)\n", | 1598 | pr_info("initializing netlink subsys (%s)\n", |
| 1551 | audit_default ? "enabled" : "disabled"); | 1599 | audit_default ? "enabled" : "disabled"); |
| 1552 | register_pernet_subsys(&audit_net_ops); | 1600 | register_pernet_subsys(&audit_net_ops); |
| @@ -1567,19 +1615,26 @@ static int __init audit_init(void) | |||
| 1567 | } | 1615 | } |
| 1568 | postcore_initcall(audit_init); | 1616 | postcore_initcall(audit_init); |
| 1569 | 1617 | ||
| 1570 | /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ | 1618 | /* |
| 1619 | * Process kernel command-line parameter at boot time. | ||
| 1620 | * audit={0|off} or audit={1|on}. | ||
| 1621 | */ | ||
| 1571 | static int __init audit_enable(char *str) | 1622 | static int __init audit_enable(char *str) |
| 1572 | { | 1623 | { |
| 1573 | long val; | 1624 | if (!strcasecmp(str, "off") || !strcmp(str, "0")) |
| 1574 | 1625 | audit_default = AUDIT_OFF; | |
| 1575 | if (kstrtol(str, 0, &val)) | 1626 | else if (!strcasecmp(str, "on") || !strcmp(str, "1")) |
| 1576 | panic("audit: invalid 'audit' parameter value (%s)\n", str); | 1627 | audit_default = AUDIT_ON; |
| 1577 | audit_default = (val ? AUDIT_ON : AUDIT_OFF); | 1628 | else { |
| 1629 | pr_err("audit: invalid 'audit' parameter value (%s)\n", str); | ||
| 1630 | audit_default = AUDIT_ON; | ||
| 1631 | } | ||
| 1578 | 1632 | ||
| 1579 | if (audit_default == AUDIT_OFF) | 1633 | if (audit_default == AUDIT_OFF) |
| 1580 | audit_initialized = AUDIT_DISABLED; | 1634 | audit_initialized = AUDIT_DISABLED; |
| 1581 | if (audit_set_enabled(audit_default)) | 1635 | if (audit_set_enabled(audit_default)) |
| 1582 | panic("audit: error setting audit state (%d)\n", audit_default); | 1636 | pr_err("audit: error setting audit state (%d)\n", |
| 1637 | audit_default); | ||
| 1583 | 1638 | ||
| 1584 | pr_info("%s\n", audit_default ? | 1639 | pr_info("%s\n", audit_default ? |
| 1585 | "enabled (after initialization)" : "disabled (until reboot)"); | 1640 | "enabled (after initialization)" : "disabled (until reboot)"); |
| @@ -1710,8 +1765,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | |||
| 1710 | * using a PID anchored in the caller's namespace | 1765 | * using a PID anchored in the caller's namespace |
| 1711 | * 2. generator holding the audit_cmd_mutex - we don't want to block | 1766 | * 2. generator holding the audit_cmd_mutex - we don't want to block |
| 1712 | * while holding the mutex */ | 1767 | * while holding the mutex */ |
| 1713 | if (!(auditd_test_task(current) || | 1768 | if (!(auditd_test_task(current) || audit_ctl_owner_current())) { |
| 1714 | (current == __mutex_owner(&audit_cmd_mutex)))) { | ||
| 1715 | long stime = audit_backlog_wait_time; | 1769 | long stime = audit_backlog_wait_time; |
| 1716 | 1770 | ||
| 1717 | while (audit_backlog_limit && | 1771 | while (audit_backlog_limit && |
| @@ -2254,33 +2308,23 @@ EXPORT_SYMBOL(audit_log_task_info); | |||
| 2254 | /** | 2308 | /** |
| 2255 | * audit_log_link_denied - report a link restriction denial | 2309 | * audit_log_link_denied - report a link restriction denial |
| 2256 | * @operation: specific link operation | 2310 | * @operation: specific link operation |
| 2257 | * @link: the path that triggered the restriction | ||
| 2258 | */ | 2311 | */ |
| 2259 | void audit_log_link_denied(const char *operation, const struct path *link) | 2312 | void audit_log_link_denied(const char *operation) |
| 2260 | { | 2313 | { |
| 2261 | struct audit_buffer *ab; | 2314 | struct audit_buffer *ab; |
| 2262 | struct audit_names *name; | ||
| 2263 | 2315 | ||
| 2264 | name = kzalloc(sizeof(*name), GFP_NOFS); | 2316 | if (!audit_enabled || audit_dummy_context()) |
| 2265 | if (!name) | ||
| 2266 | return; | 2317 | return; |
| 2267 | 2318 | ||
| 2268 | /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ | 2319 | /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ |
| 2269 | ab = audit_log_start(current->audit_context, GFP_KERNEL, | 2320 | ab = audit_log_start(current->audit_context, GFP_KERNEL, |
| 2270 | AUDIT_ANOM_LINK); | 2321 | AUDIT_ANOM_LINK); |
| 2271 | if (!ab) | 2322 | if (!ab) |
| 2272 | goto out; | 2323 | return; |
| 2273 | audit_log_format(ab, "op=%s", operation); | 2324 | audit_log_format(ab, "op=%s", operation); |
| 2274 | audit_log_task_info(ab, current); | 2325 | audit_log_task_info(ab, current); |
| 2275 | audit_log_format(ab, " res=0"); | 2326 | audit_log_format(ab, " res=0"); |
| 2276 | audit_log_end(ab); | 2327 | audit_log_end(ab); |
| 2277 | |||
| 2278 | /* Generate AUDIT_PATH record with object. */ | ||
| 2279 | name->type = AUDIT_TYPE_NORMAL; | ||
| 2280 | audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry)); | ||
| 2281 | audit_log_name(current->audit_context, name, link, 0, NULL); | ||
| 2282 | out: | ||
| 2283 | kfree(name); | ||
| 2284 | } | 2328 | } |
| 2285 | 2329 | ||
| 2286 | /** | 2330 | /** |
diff --git a/kernel/audit.h b/kernel/audit.h index af5bc59487ed..214e14948370 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -341,4 +341,5 @@ extern struct list_head *audit_killed_trees(void); | |||
| 341 | #define audit_filter_inodes(t,c) AUDIT_DISABLED | 341 | #define audit_filter_inodes(t,c) AUDIT_DISABLED |
| 342 | #endif | 342 | #endif |
| 343 | 343 | ||
| 344 | extern struct mutex audit_cmd_mutex; | 344 | extern void audit_ctl_lock(void); |
| 345 | extern void audit_ctl_unlock(void); | ||
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index fd353120e0d9..67e6956c0b61 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c | |||
| @@ -709,7 +709,7 @@ static int prune_tree_thread(void *unused) | |||
| 709 | schedule(); | 709 | schedule(); |
| 710 | } | 710 | } |
| 711 | 711 | ||
| 712 | mutex_lock(&audit_cmd_mutex); | 712 | audit_ctl_lock(); |
| 713 | mutex_lock(&audit_filter_mutex); | 713 | mutex_lock(&audit_filter_mutex); |
| 714 | 714 | ||
| 715 | while (!list_empty(&prune_list)) { | 715 | while (!list_empty(&prune_list)) { |
| @@ -727,7 +727,7 @@ static int prune_tree_thread(void *unused) | |||
| 727 | } | 727 | } |
| 728 | 728 | ||
| 729 | mutex_unlock(&audit_filter_mutex); | 729 | mutex_unlock(&audit_filter_mutex); |
| 730 | mutex_unlock(&audit_cmd_mutex); | 730 | audit_ctl_unlock(); |
| 731 | } | 731 | } |
| 732 | return 0; | 732 | return 0; |
| 733 | } | 733 | } |
| @@ -924,7 +924,7 @@ static void audit_schedule_prune(void) | |||
| 924 | */ | 924 | */ |
| 925 | void audit_kill_trees(struct list_head *list) | 925 | void audit_kill_trees(struct list_head *list) |
| 926 | { | 926 | { |
| 927 | mutex_lock(&audit_cmd_mutex); | 927 | audit_ctl_lock(); |
| 928 | mutex_lock(&audit_filter_mutex); | 928 | mutex_lock(&audit_filter_mutex); |
| 929 | 929 | ||
| 930 | while (!list_empty(list)) { | 930 | while (!list_empty(list)) { |
| @@ -942,7 +942,7 @@ void audit_kill_trees(struct list_head *list) | |||
| 942 | } | 942 | } |
| 943 | 943 | ||
| 944 | mutex_unlock(&audit_filter_mutex); | 944 | mutex_unlock(&audit_filter_mutex); |
| 945 | mutex_unlock(&audit_cmd_mutex); | 945 | audit_ctl_unlock(); |
| 946 | } | 946 | } |
| 947 | 947 | ||
| 948 | /* | 948 | /* |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 4a1758adb222..d7a807e81451 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -258,8 +258,8 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data * | |||
| 258 | goto exit_err; | 258 | goto exit_err; |
| 259 | #ifdef CONFIG_AUDITSYSCALL | 259 | #ifdef CONFIG_AUDITSYSCALL |
| 260 | case AUDIT_FILTER_ENTRY: | 260 | case AUDIT_FILTER_ENTRY: |
| 261 | if (rule->action == AUDIT_ALWAYS) | 261 | pr_err("AUDIT_FILTER_ENTRY is deprecated\n"); |
| 262 | goto exit_err; | 262 | goto exit_err; |
| 263 | case AUDIT_FILTER_EXIT: | 263 | case AUDIT_FILTER_EXIT: |
| 264 | case AUDIT_FILTER_TASK: | 264 | case AUDIT_FILTER_TASK: |
| 265 | #endif | 265 | #endif |
| @@ -496,7 +496,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 496 | if (!gid_valid(f->gid)) | 496 | if (!gid_valid(f->gid)) |
| 497 | goto exit_free; | 497 | goto exit_free; |
| 498 | break; | 498 | break; |
| 499 | case AUDIT_SESSIONID: | ||
| 500 | case AUDIT_ARCH: | 499 | case AUDIT_ARCH: |
| 501 | entry->rule.arch_f = f; | 500 | entry->rule.arch_f = f; |
| 502 | break; | 501 | break; |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index e80459f7e132..4e0a4ac803db 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1511,30 +1511,28 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, | |||
| 1511 | struct audit_context *context = tsk->audit_context; | 1511 | struct audit_context *context = tsk->audit_context; |
| 1512 | enum audit_state state; | 1512 | enum audit_state state; |
| 1513 | 1513 | ||
| 1514 | if (!context) | 1514 | if (!audit_enabled || !context) |
| 1515 | return; | 1515 | return; |
| 1516 | 1516 | ||
| 1517 | BUG_ON(context->in_syscall || context->name_count); | 1517 | BUG_ON(context->in_syscall || context->name_count); |
| 1518 | 1518 | ||
| 1519 | if (!audit_enabled) | 1519 | state = context->state; |
| 1520 | if (state == AUDIT_DISABLED) | ||
| 1520 | return; | 1521 | return; |
| 1521 | 1522 | ||
| 1523 | context->dummy = !audit_n_rules; | ||
| 1524 | if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { | ||
| 1525 | context->prio = 0; | ||
| 1526 | if (auditd_test_task(tsk)) | ||
| 1527 | return; | ||
| 1528 | } | ||
| 1529 | |||
| 1522 | context->arch = syscall_get_arch(); | 1530 | context->arch = syscall_get_arch(); |
| 1523 | context->major = major; | 1531 | context->major = major; |
| 1524 | context->argv[0] = a1; | 1532 | context->argv[0] = a1; |
| 1525 | context->argv[1] = a2; | 1533 | context->argv[1] = a2; |
| 1526 | context->argv[2] = a3; | 1534 | context->argv[2] = a3; |
| 1527 | context->argv[3] = a4; | 1535 | context->argv[3] = a4; |
| 1528 | |||
| 1529 | state = context->state; | ||
| 1530 | context->dummy = !audit_n_rules; | ||
| 1531 | if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { | ||
| 1532 | context->prio = 0; | ||
| 1533 | state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]); | ||
| 1534 | } | ||
| 1535 | if (state == AUDIT_DISABLED) | ||
| 1536 | return; | ||
| 1537 | |||
| 1538 | context->serial = 0; | 1536 | context->serial = 0; |
| 1539 | context->ctime = current_kernel_time64(); | 1537 | context->ctime = current_kernel_time64(); |
| 1540 | context->in_syscall = 1; | 1538 | context->in_syscall = 1; |