aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2016-12-14 17:06:40 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2016-12-14 17:06:40 -0500
commitdcdaa2f9480c55c6dcf54ab480e82e93e5622318 (patch)
tree985e4c11aeb94008f97dabf8611c0e5e46c7e7da
parent683b96f4d1d132fcefa4a0bd11916649800d7361 (diff)
parent533c7b69c764ad5febb3e716899f43a75564fcab (diff)
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit
Pull audit updates from Paul Moore: "After the small number of patches for v4.9, we've got a much bigger pile for v4.10. The bulk of these patches involve a rework of the audit backlog queue to enable us to move the netlink multicasting out of the task/thread that generates the audit record and into the kernel thread that emits the record (just like we do for the audit unicast to auditd). While we were playing with the backlog queue(s) we fixed a number of other little problems with the code, and from all the testing so far things look to be in much better shape now. Doing this also allowed us to re-enable disabling IRQs for some netns operations ("netns: avoid disabling irq for netns id"). The remaining patches fix some small problems that are well documented in the commit descriptions, as well as adding session ID filtering support" * 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit: audit: use proper refcount locking on audit_sock netns: avoid disabling irq for netns id audit: don't ever sleep on a command record/message audit: handle a clean auditd shutdown with grace audit: wake up kauditd_thread after auditd registers audit: rework audit_log_start() audit: rework the audit queue handling audit: rename the queues and kauditd related functions audit: queue netlink multicast sends just like we do for unicast sends audit: fixup audit_init() audit: move kaudit thread start from auditd registration to kaudit init (#2) audit: add support for session ID user filter audit: fix formatting of AUDIT_CONFIG_CHANGE events audit: skip sessionid sentinel value when auto-incrementing audit: tame initialization warning len_abuf in audit_log_execve_info audit: less stack usage for /proc/*/loginuid
Diffstat
-rw-r--r--fs/proc/base.c2
-rw-r--r--include/uapi/linux/audit.h5
-rw-r--r--kernel/audit.c532
-rw-r--r--kernel/audit_fsnotify.c5
-rw-r--r--kernel/audit_tree.c3
-rw-r--r--kernel/audit_watch.c5
-rw-r--r--kernel/auditfilter.c5
-rw-r--r--kernel/auditsc.c12
-rw-r--r--net/core/net_namespace.c35
9 files changed, 361 insertions, 243 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 2e5b2e379cdf..5ea836362870 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1246,7 +1246,7 @@ static const struct file_operations proc_oom_score_adj_operations = {
1246}; 1246};
1247 1247
1248#ifdef CONFIG_AUDITSYSCALL 1248#ifdef CONFIG_AUDITSYSCALL
1249#define TMPBUFLEN 21 1249#define TMPBUFLEN 11
1250static ssize_t proc_loginuid_read(struct file * file, char __user * buf, 1250static ssize_t proc_loginuid_read(struct file * file, char __user * buf,
1251 size_t count, loff_t *ppos) 1251 size_t count, loff_t *ppos)
1252{ 1252{
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 208df7b44e90..1c107cb1c83f 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -254,6 +254,7 @@
254#define AUDIT_OBJ_LEV_LOW 22 254#define AUDIT_OBJ_LEV_LOW 22
255#define AUDIT_OBJ_LEV_HIGH 23 255#define AUDIT_OBJ_LEV_HIGH 23
256#define AUDIT_LOGINUID_SET 24 256#define AUDIT_LOGINUID_SET 24
257#define AUDIT_SESSIONID 25 /* Session ID */
257 258
258 /* These are ONLY useful when checking 259 /* These are ONLY useful when checking
259 * at syscall exit time (AUDIT_AT_EXIT). */ 260 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -330,10 +331,12 @@ enum {
330#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 331#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002
331#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 332#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004
332#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008 333#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008
334#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010
333#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ 335#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
334 AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ 336 AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
335 AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \ 337 AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
336 AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND) 338 AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
339 AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
337 340
338/* deprecated: AUDIT_VERSION_* */ 341/* deprecated: AUDIT_VERSION_* */
339#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL 342#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL
diff --git a/kernel/audit.c b/kernel/audit.c
index 67b9fbd871be..91bff3c0b368 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -107,7 +107,6 @@ static u32 audit_rate_limit;
107 * When set to zero, this means unlimited. */ 107 * When set to zero, this means unlimited. */
108static u32 audit_backlog_limit = 64; 108static u32 audit_backlog_limit = 64;
109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) 109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
110static u32 audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME;
111static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; 110static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
112 111
113/* The identity of the user shutting down the audit system. */ 112/* The identity of the user shutting down the audit system. */
@@ -138,11 +137,18 @@ static DEFINE_SPINLOCK(audit_freelist_lock);
138static int audit_freelist_count; 137static int audit_freelist_count;
139static LIST_HEAD(audit_freelist); 138static LIST_HEAD(audit_freelist);
140 139
141static struct sk_buff_head audit_skb_queue; 140/* queue msgs to send via kauditd_task */
142/* queue of skbs to send to auditd when/if it comes back */ 141static struct sk_buff_head audit_queue;
143static struct sk_buff_head audit_skb_hold_queue; 142/* queue msgs due to temporary unicast send problems */
143static struct sk_buff_head audit_retry_queue;
144/* queue msgs waiting for new auditd connection */
145static struct sk_buff_head audit_hold_queue;
146
147/* queue servicing thread */
144static struct task_struct *kauditd_task; 148static struct task_struct *kauditd_task;
145static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); 149static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
150
151/* waitqueue for callers who are blocked on the audit backlog */
146static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait); 152static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
147 153
148static struct audit_features af = {.vers = AUDIT_FEATURE_VERSION, 154static struct audit_features af = {.vers = AUDIT_FEATURE_VERSION,
@@ -338,7 +344,7 @@ static int audit_set_backlog_limit(u32 limit)
338static int audit_set_backlog_wait_time(u32 timeout) 344static int audit_set_backlog_wait_time(u32 timeout)
339{ 345{
340 return audit_do_config_change("audit_backlog_wait_time", 346 return audit_do_config_change("audit_backlog_wait_time",
341 &audit_backlog_wait_time_master, timeout); 347 &audit_backlog_wait_time, timeout);
342} 348}
343 349
344static int audit_set_enabled(u32 state) 350static int audit_set_enabled(u32 state)
@@ -365,29 +371,10 @@ static int audit_set_failure(u32 state)
365} 371}
366 372
367/* 373/*
368 * Queue skbs to be sent to auditd when/if it comes back. These skbs should
369 * already have been sent via prink/syslog and so if these messages are dropped
370 * it is not a huge concern since we already passed the audit_log_lost()
371 * notification and stuff. This is just nice to get audit messages during
372 * boot before auditd is running or messages generated while auditd is stopped.
373 * This only holds messages is audit_default is set, aka booting with audit=1
374 * or building your kernel that way.
375 */
376static void audit_hold_skb(struct sk_buff *skb)
377{
378 if (audit_default &&
379 (!audit_backlog_limit ||
380 skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
381 skb_queue_tail(&audit_skb_hold_queue, skb);
382 else
383 kfree_skb(skb);
384}
385
386/*
387 * For one reason or another this nlh isn't getting delivered to the userspace 374 * For one reason or another this nlh isn't getting delivered to the userspace
388 * audit daemon, just send it to printk. 375 * audit daemon, just send it to printk.
389 */ 376 */
390static void audit_printk_skb(struct sk_buff *skb) 377static void kauditd_printk_skb(struct sk_buff *skb)
391{ 378{
392 struct nlmsghdr *nlh = nlmsg_hdr(skb); 379 struct nlmsghdr *nlh = nlmsg_hdr(skb);
393 char *data = nlmsg_data(nlh); 380 char *data = nlmsg_data(nlh);
@@ -398,58 +385,123 @@ static void audit_printk_skb(struct sk_buff *skb)
398 else 385 else
399 audit_log_lost("printk limit exceeded"); 386 audit_log_lost("printk limit exceeded");
400 } 387 }
388}
389
390/**
391 * kauditd_hold_skb - Queue an audit record, waiting for auditd
392 * @skb: audit record
393 *
394 * Description:
395 * Queue the audit record, waiting for an instance of auditd. When this
396 * function is called we haven't given up yet on sending the record, but things
397 * are not looking good. The first thing we want to do is try to write the
398 * record via printk and then see if we want to try and hold on to the record
399 * and queue it, if we have room. If we want to hold on to the record, but we
400 * don't have room, record a record lost message.
401 */
402static void kauditd_hold_skb(struct sk_buff *skb)
403{
404 /* at this point it is uncertain if we will ever send this to auditd so
405 * try to send the message via printk before we go any further */
406 kauditd_printk_skb(skb);
407
408 /* can we just silently drop the message? */
409 if (!audit_default) {
410 kfree_skb(skb);
411 return;
412 }
413
414 /* if we have room, queue the message */
415 if (!audit_backlog_limit ||
416 skb_queue_len(&audit_hold_queue) < audit_backlog_limit) {
417 skb_queue_tail(&audit_hold_queue, skb);
418 return;
419 }
401 420
402 audit_hold_skb(skb); 421 /* we have no other options - drop the message */
422 audit_log_lost("kauditd hold queue overflow");
423 kfree_skb(skb);
403} 424}
404 425
405static void kauditd_send_skb(struct sk_buff *skb) 426/**
427 * kauditd_retry_skb - Queue an audit record, attempt to send again to auditd
428 * @skb: audit record
429 *
430 * Description:
431 * Not as serious as kauditd_hold_skb() as we still have a connected auditd,
432 * but for some reason we are having problems sending it audit records so
433 * queue the given record and attempt to resend.
434 */
435static void kauditd_retry_skb(struct sk_buff *skb)
406{ 436{
407 int err; 437 /* NOTE: because records should only live in the retry queue for a
408 int attempts = 0; 438 * short period of time, before either being sent or moved to the hold
409#define AUDITD_RETRIES 5 439 * queue, we don't currently enforce a limit on this queue */
440 skb_queue_tail(&audit_retry_queue, skb);
441}
442
443/**
444 * auditd_reset - Disconnect the auditd connection
445 *
446 * Description:
447 * Break the auditd/kauditd connection and move all the records in the retry
448 * queue into the hold queue in case auditd reconnects. The audit_cmd_mutex
449 * must be held when calling this function.
450 */
451static void auditd_reset(void)
452{
453 struct sk_buff *skb;
454
455 /* break the connection */
456 if (audit_sock) {
457 sock_put(audit_sock);
458 audit_sock = NULL;
459 }
460 audit_pid = 0;
461 audit_nlk_portid = 0;
462
463 /* flush all of the retry queue to the hold queue */
464 while ((skb = skb_dequeue(&audit_retry_queue)))
465 kauditd_hold_skb(skb);
466}
467
468/**
469 * kauditd_send_unicast_skb - Send a record via unicast to auditd
470 * @skb: audit record
471 */
472static int kauditd_send_unicast_skb(struct sk_buff *skb)
473{
474 int rc;
410 475
411restart: 476 /* if we know nothing is connected, don't even try the netlink call */
412 /* take a reference in case we can't send it and we want to hold it */ 477 if (!audit_pid)
478 return -ECONNREFUSED;
479
480 /* get an extra skb reference in case we fail to send */
413 skb_get(skb); 481 skb_get(skb);
414 err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); 482 rc = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
415 if (err < 0) { 483 if (rc >= 0) {
416 pr_err("netlink_unicast sending to audit_pid=%d returned error: %d\n",
417 audit_pid, err);
418 if (audit_pid) {
419 if (err == -ECONNREFUSED || err == -EPERM
420 || ++attempts >= AUDITD_RETRIES) {
421 char s[32];
422
423 snprintf(s, sizeof(s), "audit_pid=%d reset", audit_pid);
424 audit_log_lost(s);
425 audit_pid = 0;
426 audit_sock = NULL;
427 } else {
428 pr_warn("re-scheduling(#%d) write to audit_pid=%d\n",
429 attempts, audit_pid);
430 set_current_state(TASK_INTERRUPTIBLE);
431 schedule();
432 goto restart;
433 }
434 }
435 /* we might get lucky and get this in the next auditd */
436 audit_hold_skb(skb);
437 } else
438 /* drop the extra reference if sent ok */
439 consume_skb(skb); 484 consume_skb(skb);
485 rc = 0;
486 }
487
488 return rc;
440} 489}
441 490
442/* 491/*
443 * kauditd_send_multicast_skb - send the skb to multicast userspace listeners 492 * kauditd_send_multicast_skb - Send a record to any multicast listeners
493 * @skb: audit record
444 * 494 *
495 * Description:
445 * This function doesn't consume an skb as might be expected since it has to 496 * This function doesn't consume an skb as might be expected since it has to
446 * copy it anyways. 497 * copy it anyways.
447 */ 498 */
448static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask) 499static void kauditd_send_multicast_skb(struct sk_buff *skb)
449{ 500{
450 struct sk_buff *copy; 501 struct sk_buff *copy;
451 struct audit_net *aunet = net_generic(&init_net, audit_net_id); 502 struct audit_net *aunet = net_generic(&init_net, audit_net_id);
452 struct sock *sock = aunet->nlsk; 503 struct sock *sock = aunet->nlsk;
504 struct nlmsghdr *nlh;
453 505
454 if (!netlink_has_listeners(sock, AUDIT_NLGRP_READLOG)) 506 if (!netlink_has_listeners(sock, AUDIT_NLGRP_READLOG))
455 return; 507 return;
@@ -464,74 +516,161 @@ static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask)
464 * no reason for new multicast clients to continue with this 516 * no reason for new multicast clients to continue with this
465 * non-compliance. 517 * non-compliance.
466 */ 518 */
467 copy = skb_copy(skb, gfp_mask); 519 copy = skb_copy(skb, GFP_KERNEL);
468 if (!copy) 520 if (!copy)
469 return; 521 return;
522 nlh = nlmsg_hdr(copy);
523 nlh->nlmsg_len = skb->len;
470 524
471 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask); 525 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL);
472} 526}
473 527
474/* 528/**
475 * flush_hold_queue - empty the hold queue if auditd appears 529 * kauditd_wake_condition - Return true when it is time to wake kauditd_thread
476 *
477 * If auditd just started, drain the queue of messages already
478 * sent to syslog/printk. Remember loss here is ok. We already
479 * called audit_log_lost() if it didn't go out normally. so the
480 * race between the skb_dequeue and the next check for audit_pid
481 * doesn't matter.
482 * 530 *
483 * If you ever find kauditd to be too slow we can get a perf win 531 * Description:
484 * by doing our own locking and keeping better track if there 532 * This function is for use by the wait_event_freezable() call in
485 * are messages in this queue. I don't see the need now, but 533 * kauditd_thread().
486 * in 5 years when I want to play with this again I'll see this
487 * note and still have no friggin idea what i'm thinking today.
488 */ 534 */
489static void flush_hold_queue(void) 535static int kauditd_wake_condition(void)
490{ 536{
491 struct sk_buff *skb; 537 static int pid_last = 0;
492 538 int rc;
493 if (!audit_default || !audit_pid) 539 int pid = audit_pid;
494 return;
495
496 skb = skb_dequeue(&audit_skb_hold_queue);
497 if (likely(!skb))
498 return;
499 540
500 while (skb && audit_pid) { 541 /* wake on new messages or a change in the connected auditd */
501 kauditd_send_skb(skb); 542 rc = skb_queue_len(&audit_queue) || (pid && pid != pid_last);
502 skb = skb_dequeue(&audit_skb_hold_queue); 543 if (rc)
503 } 544 pid_last = pid;
504 545
505 /* 546 return rc;
506 * if auditd just disappeared but we
507 * dequeued an skb we need to drop ref
508 */
509 consume_skb(skb);
510} 547}
511 548
512static int kauditd_thread(void *dummy) 549static int kauditd_thread(void *dummy)
513{ 550{
551 int rc;
552 int auditd = 0;
553 int reschedule = 0;
554 struct sk_buff *skb;
555 struct nlmsghdr *nlh;
556
557#define UNICAST_RETRIES 5
558#define AUDITD_BAD(x,y) \
559 ((x) == -ECONNREFUSED || (x) == -EPERM || ++(y) >= UNICAST_RETRIES)
560
561 /* NOTE: we do invalidate the auditd connection flag on any sending
562 * errors, but we only "restore" the connection flag at specific places
563 * in the loop in order to help ensure proper ordering of audit
564 * records */
565
514 set_freezable(); 566 set_freezable();
515 while (!kthread_should_stop()) { 567 while (!kthread_should_stop()) {
516 struct sk_buff *skb; 568 /* NOTE: possible area for future improvement is to look at
517 569 * the hold and retry queues, since only this thread
518 flush_hold_queue(); 570 * has access to these queues we might be able to do
571 * our own queuing and skip some/all of the locking */
572
573 /* NOTE: it might be a fun experiment to split the hold and
574 * retry queue handling to another thread, but the
575 * synchronization issues and other overhead might kill
576 * any performance gains */
577
578 /* attempt to flush the hold queue */
579 while (auditd && (skb = skb_dequeue(&audit_hold_queue))) {
580 rc = kauditd_send_unicast_skb(skb);
581 if (rc) {
582 /* requeue to the same spot */
583 skb_queue_head(&audit_hold_queue, skb);
584
585 auditd = 0;
586 if (AUDITD_BAD(rc, reschedule)) {
587 mutex_lock(&audit_cmd_mutex);
588 auditd_reset();
589 mutex_unlock(&audit_cmd_mutex);
590 reschedule = 0;
591 }
592 } else
593 /* we were able to send successfully */
594 reschedule = 0;
595 }
519 596
520 skb = skb_dequeue(&audit_skb_queue); 597 /* attempt to flush the retry queue */
598 while (auditd && (skb = skb_dequeue(&audit_retry_queue))) {
599 rc = kauditd_send_unicast_skb(skb);
600 if (rc) {
601 auditd = 0;
602 if (AUDITD_BAD(rc, reschedule)) {
603 kauditd_hold_skb(skb);
604 mutex_lock(&audit_cmd_mutex);
605 auditd_reset();
606 mutex_unlock(&audit_cmd_mutex);
607 reschedule = 0;
608 } else
609 /* temporary problem (we hope), queue
610 * to the same spot and retry */
611 skb_queue_head(&audit_retry_queue, skb);
612 } else
613 /* we were able to send successfully */
614 reschedule = 0;
615 }
521 616
617 /* standard queue processing, try to be as quick as possible */
618quick_loop:
619 skb = skb_dequeue(&audit_queue);
522 if (skb) { 620 if (skb) {
523 if (!audit_backlog_limit || 621 /* setup the netlink header, see the comments in
524 (skb_queue_len(&audit_skb_queue) <= audit_backlog_limit)) 622 * kauditd_send_multicast_skb() for length quirks */
525 wake_up(&audit_backlog_wait); 623 nlh = nlmsg_hdr(skb);
526 if (audit_pid) 624 nlh->nlmsg_len = skb->len - NLMSG_HDRLEN;
527 kauditd_send_skb(skb); 625
626 /* attempt to send to any multicast listeners */
627 kauditd_send_multicast_skb(skb);
628
629 /* attempt to send to auditd, queue on failure */
630 if (auditd) {
631 rc = kauditd_send_unicast_skb(skb);
632 if (rc) {
633 auditd = 0;
634 if (AUDITD_BAD(rc, reschedule)) {
635 mutex_lock(&audit_cmd_mutex);
636 auditd_reset();
637 mutex_unlock(&audit_cmd_mutex);
638 reschedule = 0;
639 }
640
641 /* move to the retry queue */
642 kauditd_retry_skb(skb);
643 } else
644 /* everything is working so go fast! */
645 goto quick_loop;
646 } else if (reschedule)
647 /* we are currently having problems, move to
648 * the retry queue */
649 kauditd_retry_skb(skb);
528 else 650 else
529 audit_printk_skb(skb); 651 /* dump the message via printk and hold it */
530 continue; 652 kauditd_hold_skb(skb);
531 } 653 } else {
654 /* we have flushed the backlog so wake everyone */
655 wake_up(&audit_backlog_wait);
656
657 /* if everything is okay with auditd (if present), go
658 * to sleep until there is something new in the queue
659 * or we have a change in the connected auditd;
660 * otherwise simply reschedule to give things a chance
661 * to recover */
662 if (reschedule) {
663 set_current_state(TASK_INTERRUPTIBLE);
664 schedule();
665 } else
666 wait_event_freezable(kauditd_wait,
667 kauditd_wake_condition());
532 668
533 wait_event_freezable(kauditd_wait, skb_queue_len(&audit_skb_queue)); 669 /* update the auditd connection status */
670 auditd = (audit_pid ? 1 : 0);
671 }
534 } 672 }
673
535 return 0; 674 return 0;
536} 675}
537 676
@@ -596,6 +735,7 @@ static int audit_send_reply_thread(void *arg)
596 kfree(reply); 735 kfree(reply);
597 return 0; 736 return 0;
598} 737}
738
599/** 739/**
600 * audit_send_reply - send an audit reply message via netlink 740 * audit_send_reply - send an audit reply message via netlink
601 * @request_skb: skb of request we are replying to (used to target the reply) 741 * @request_skb: skb of request we are replying to (used to target the reply)
@@ -832,16 +972,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
832 if (err) 972 if (err)
833 return err; 973 return err;
834 974
835 /* As soon as there's any sign of userspace auditd,
836 * start kauditd to talk to it */
837 if (!kauditd_task) {
838 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
839 if (IS_ERR(kauditd_task)) {
840 err = PTR_ERR(kauditd_task);
841 kauditd_task = NULL;
842 return err;
843 }
844 }
845 seq = nlh->nlmsg_seq; 975 seq = nlh->nlmsg_seq;
846 data = nlmsg_data(nlh); 976 data = nlmsg_data(nlh);
847 977
@@ -855,9 +985,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
855 s.rate_limit = audit_rate_limit; 985 s.rate_limit = audit_rate_limit;
856 s.backlog_limit = audit_backlog_limit; 986 s.backlog_limit = audit_backlog_limit;
857 s.lost = atomic_read(&audit_lost); 987 s.lost = atomic_read(&audit_lost);
858 s.backlog = skb_queue_len(&audit_skb_queue); 988 s.backlog = skb_queue_len(&audit_queue);
859 s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; 989 s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL;
860 s.backlog_wait_time = audit_backlog_wait_time_master; 990 s.backlog_wait_time = audit_backlog_wait_time;
861 audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); 991 audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s));
862 break; 992 break;
863 } 993 }
@@ -897,9 +1027,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
897 } 1027 }
898 if (audit_enabled != AUDIT_OFF) 1028 if (audit_enabled != AUDIT_OFF)
899 audit_log_config_change("audit_pid", new_pid, audit_pid, 1); 1029 audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
900 audit_pid = new_pid; 1030 if (new_pid) {
901 audit_nlk_portid = NETLINK_CB(skb).portid; 1031 if (audit_sock)
902 audit_sock = skb->sk; 1032 sock_put(audit_sock);
1033 audit_pid = new_pid;
1034 audit_nlk_portid = NETLINK_CB(skb).portid;
1035 sock_hold(skb->sk);
1036 audit_sock = skb->sk;
1037 } else {
1038 auditd_reset();
1039 }
1040 wake_up_interruptible(&kauditd_wait);
903 } 1041 }
904 if (s.mask & AUDIT_STATUS_RATE_LIMIT) { 1042 if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
905 err = audit_set_rate_limit(s.rate_limit); 1043 err = audit_set_rate_limit(s.rate_limit);
@@ -1167,10 +1305,10 @@ static void __net_exit audit_net_exit(struct net *net)
1167{ 1305{
1168 struct audit_net *aunet = net_generic(net, audit_net_id); 1306 struct audit_net *aunet = net_generic(net, audit_net_id);
1169 struct sock *sock = aunet->nlsk; 1307 struct sock *sock = aunet->nlsk;
1170 if (sock == audit_sock) { 1308 mutex_lock(&audit_cmd_mutex);
1171 audit_pid = 0; 1309 if (sock == audit_sock)
1172 audit_sock = NULL; 1310 auditd_reset();
1173 } 1311 mutex_unlock(&audit_cmd_mutex);
1174 1312
1175 netlink_kernel_release(sock); 1313 netlink_kernel_release(sock);
1176 aunet->nlsk = NULL; 1314 aunet->nlsk = NULL;
@@ -1195,17 +1333,24 @@ static int __init audit_init(void)
1195 audit_default ? "enabled" : "disabled"); 1333 audit_default ? "enabled" : "disabled");
1196 register_pernet_subsys(&audit_net_ops); 1334 register_pernet_subsys(&audit_net_ops);
1197 1335
1198 skb_queue_head_init(&audit_skb_queue); 1336 skb_queue_head_init(&audit_queue);
1199 skb_queue_head_init(&audit_skb_hold_queue); 1337 skb_queue_head_init(&audit_retry_queue);
1338 skb_queue_head_init(&audit_hold_queue);
1200 audit_initialized = AUDIT_INITIALIZED; 1339 audit_initialized = AUDIT_INITIALIZED;
1201 audit_enabled = audit_default; 1340 audit_enabled = audit_default;
1202 audit_ever_enabled |= !!audit_default; 1341 audit_ever_enabled |= !!audit_default;
1203 1342
1204 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
1205
1206 for (i = 0; i < AUDIT_INODE_BUCKETS; i++) 1343 for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
1207 INIT_LIST_HEAD(&audit_inode_hash[i]); 1344 INIT_LIST_HEAD(&audit_inode_hash[i]);
1208 1345
1346 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
1347 if (IS_ERR(kauditd_task)) {
1348 int err = PTR_ERR(kauditd_task);
1349 panic("audit: failed to start the kauditd thread (%d)\n", err);
1350 }
1351
1352 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
1353
1209 return 0; 1354 return 0;
1210} 1355}
1211__initcall(audit_init); 1356__initcall(audit_init);
@@ -1338,24 +1483,6 @@ static inline void audit_get_stamp(struct audit_context *ctx,
1338 } 1483 }
1339} 1484}
1340 1485
1341/*
1342 * Wait for auditd to drain the queue a little
1343 */
1344static long wait_for_auditd(long sleep_time)
1345{
1346 DECLARE_WAITQUEUE(wait, current);
1347
1348 if (audit_backlog_limit &&
1349 skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
1350 add_wait_queue_exclusive(&audit_backlog_wait, &wait);
1351 set_current_state(TASK_UNINTERRUPTIBLE);
1352 sleep_time = schedule_timeout(sleep_time);
1353 remove_wait_queue(&audit_backlog_wait, &wait);
1354 }
1355
1356 return sleep_time;
1357}
1358
1359/** 1486/**
1360 * audit_log_start - obtain an audit buffer 1487 * audit_log_start - obtain an audit buffer
1361 * @ctx: audit_context (may be NULL) 1488 * @ctx: audit_context (may be NULL)
@@ -1374,12 +1501,9 @@ static long wait_for_auditd(long sleep_time)
1374struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, 1501struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1375 int type) 1502 int type)
1376{ 1503{
1377 struct audit_buffer *ab = NULL; 1504 struct audit_buffer *ab;
1378 struct timespec t; 1505 struct timespec t;
1379 unsigned int uninitialized_var(serial); 1506 unsigned int uninitialized_var(serial);
1380 int reserve = 5; /* Allow atomic callers to go up to five
1381 entries over the normal backlog limit */
1382 unsigned long timeout_start = jiffies;
1383 1507
1384 if (audit_initialized != AUDIT_INITIALIZED) 1508 if (audit_initialized != AUDIT_INITIALIZED)
1385 return NULL; 1509 return NULL;
@@ -1387,38 +1511,48 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1387 if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE))) 1511 if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE)))
1388 return NULL; 1512 return NULL;
1389 1513
1390 if (gfp_mask & __GFP_DIRECT_RECLAIM) { 1514 /* don't ever fail/sleep on these two conditions:
1391 if (audit_pid && audit_pid == current->tgid) 1515 * 1. auditd generated record - since we need auditd to drain the
1392 gfp_mask &= ~__GFP_DIRECT_RECLAIM; 1516 * queue; also, when we are checking for auditd, compare PIDs using
1393 else 1517 * task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
1394 reserve = 0; 1518 * using a PID anchored in the caller's namespace
1395 } 1519 * 2. audit command message - record types 1000 through 1099 inclusive
1396 1520 * are command messages/records used to manage the kernel subsystem
1397 while (audit_backlog_limit 1521 * and the audit userspace, blocking on these messages could cause
1398 && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) { 1522 * problems under load so don't do it (note: not all of these
1399 if (gfp_mask & __GFP_DIRECT_RECLAIM && audit_backlog_wait_time) { 1523 * command types are valid as record types, but it is quicker to
1400 long sleep_time; 1524 * just check two ints than a series of ints in a if/switch stmt) */
1525 if (!((audit_pid && audit_pid == task_tgid_vnr(current)) ||
1526 (type >= 1000 && type <= 1099))) {
1527 long sleep_time = audit_backlog_wait_time;
1528
1529 while (audit_backlog_limit &&
1530 (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
1531 /* wake kauditd to try and flush the queue */
1532 wake_up_interruptible(&kauditd_wait);
1401 1533
1402 sleep_time = timeout_start + audit_backlog_wait_time - jiffies; 1534 /* sleep if we are allowed and we haven't exhausted our
1403 if (sleep_time > 0) { 1535 * backlog wait limit */
1404 sleep_time = wait_for_auditd(sleep_time); 1536 if ((gfp_mask & __GFP_DIRECT_RECLAIM) &&
1405 if (sleep_time > 0) 1537 (sleep_time > 0)) {
1406 continue; 1538 DECLARE_WAITQUEUE(wait, current);
1539
1540 add_wait_queue_exclusive(&audit_backlog_wait,
1541 &wait);
1542 set_current_state(TASK_UNINTERRUPTIBLE);
1543 sleep_time = schedule_timeout(sleep_time);
1544 remove_wait_queue(&audit_backlog_wait, &wait);
1545 } else {
1546 if (audit_rate_check() && printk_ratelimit())
1547 pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n",
1548 skb_queue_len(&audit_queue),
1549 audit_backlog_limit);
1550 audit_log_lost("backlog limit exceeded");
1551 return NULL;
1407 } 1552 }
1408 } 1553 }
1409 if (audit_rate_check() && printk_ratelimit())
1410 pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n",
1411 skb_queue_len(&audit_skb_queue),
1412 audit_backlog_limit);
1413 audit_log_lost("backlog limit exceeded");
1414 audit_backlog_wait_time = 0;
1415 wake_up(&audit_backlog_wait);
1416 return NULL;
1417 } 1554 }
1418 1555
1419 if (!reserve && !audit_backlog_wait_time)
1420 audit_backlog_wait_time = audit_backlog_wait_time_master;
1421
1422 ab = audit_buffer_alloc(ctx, gfp_mask, type); 1556 ab = audit_buffer_alloc(ctx, gfp_mask, type);
1423 if (!ab) { 1557 if (!ab) {
1424 audit_log_lost("out of memory in audit_log_start"); 1558 audit_log_lost("out of memory in audit_log_start");
@@ -1426,9 +1560,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1426 } 1560 }
1427 1561
1428 audit_get_stamp(ab->ctx, &t, &serial); 1562 audit_get_stamp(ab->ctx, &t, &serial);
1429
1430 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 1563 audit_log_format(ab, "audit(%lu.%03lu:%u): ",
1431 t.tv_sec, t.tv_nsec/1000000, serial); 1564 t.tv_sec, t.tv_nsec/1000000, serial);
1565
1432 return ab; 1566 return ab;
1433} 1567}
1434 1568
@@ -1978,10 +2112,10 @@ out:
1978 * audit_log_end - end one audit record 2112 * audit_log_end - end one audit record
1979 * @ab: the audit_buffer 2113 * @ab: the audit_buffer
1980 * 2114 *
1981 * netlink_unicast() cannot be called inside an irq context because it blocks 2115 * We can not do a netlink send inside an irq context because it blocks (last
1982 * (last arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed 2116 * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a
1983 * on a queue and a tasklet is scheduled to remove them from the queue outside 2117 * queue and a tasklet is scheduled to remove them from the queue outside the
1984 * the irq context. May be called in any context. 2118 * irq context. May be called in any context.
1985 */ 2119 */
1986void audit_log_end(struct audit_buffer *ab) 2120void audit_log_end(struct audit_buffer *ab)
1987{ 2121{
@@ -1990,28 +2124,8 @@ void audit_log_end(struct audit_buffer *ab)
1990 if (!audit_rate_check()) { 2124 if (!audit_rate_check()) {
1991 audit_log_lost("rate limit exceeded"); 2125 audit_log_lost("rate limit exceeded");
1992 } else { 2126 } else {
1993 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); 2127 skb_queue_tail(&audit_queue, ab->skb);
1994 2128 wake_up_interruptible(&kauditd_wait);
1995 nlh->nlmsg_len = ab->skb->len;
1996 kauditd_send_multicast_skb(ab->skb, ab->gfp_mask);
1997
1998 /*
1999 * The original kaudit unicast socket sends up messages with
2000 * nlmsg_len set to the payload length rather than the entire
2001 * message length. This breaks the standard set by netlink.
2002 * The existing auditd daemon assumes this breakage. Fixing
2003 * this would require co-ordinating a change in the established
2004 * protocol between the kaudit kernel subsystem and the auditd
2005 * userspace code.
2006 */
2007 nlh->nlmsg_len -= NLMSG_HDRLEN;
2008
2009 if (audit_pid) {
2010 skb_queue_tail(&audit_skb_queue, ab->skb);
2011 wake_up_interruptible(&kauditd_wait);
2012 } else {
2013 audit_printk_skb(ab->skb);
2014 }
2015 ab->skb = NULL; 2129 ab->skb = NULL;
2016 } 2130 }
2017 audit_buffer_free(ab); 2131 audit_buffer_free(ab);
diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index f84f8d06e1f6..f75154889aa9 100644
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -130,10 +130,9 @@ static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, c
130 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 130 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
131 if (unlikely(!ab)) 131 if (unlikely(!ab))
132 return; 132 return;
133 audit_log_format(ab, "auid=%u ses=%u op=", 133 audit_log_format(ab, "auid=%u ses=%u op=%s",
134 from_kuid(&init_user_ns, audit_get_loginuid(current)), 134 from_kuid(&init_user_ns, audit_get_loginuid(current)),
135 audit_get_sessionid(current)); 135 audit_get_sessionid(current), op);
136 audit_log_string(ab, op);
137 audit_log_format(ab, " path="); 136 audit_log_format(ab, " path=");
138 audit_log_untrustedstring(ab, audit_mark->path); 137 audit_log_untrustedstring(ab, audit_mark->path);
139 audit_log_key(ab, rule->filterkey); 138 audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 25772476fa4a..055f11b0a50f 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -458,8 +458,7 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule)
458 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 458 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
459 if (unlikely(!ab)) 459 if (unlikely(!ab))
460 return; 460 return;
461 audit_log_format(ab, "op="); 461 audit_log_format(ab, "op=remove_rule");
462 audit_log_string(ab, "remove_rule");
463 audit_log_format(ab, " dir="); 462 audit_log_format(ab, " dir=");
464 audit_log_untrustedstring(ab, rule->tree->pathname); 463 audit_log_untrustedstring(ab, rule->tree->pathname);
465 audit_log_key(ab, rule->filterkey); 464 audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 0d302a87f21b..686e068ec3da 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -242,10 +242,9 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
242 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 242 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
243 if (unlikely(!ab)) 243 if (unlikely(!ab))
244 return; 244 return;
245 audit_log_format(ab, "auid=%u ses=%u op=", 245 audit_log_format(ab, "auid=%u ses=%u op=%s",
246 from_kuid(&init_user_ns, audit_get_loginuid(current)), 246 from_kuid(&init_user_ns, audit_get_loginuid(current)),
247 audit_get_sessionid(current)); 247 audit_get_sessionid(current), op);
248 audit_log_string(ab, op);
249 audit_log_format(ab, " path="); 248 audit_log_format(ab, " path=");
250 audit_log_untrustedstring(ab, w->path); 249 audit_log_untrustedstring(ab, w->path);
251 audit_log_key(ab, r->filterkey); 250 audit_log_key(ab, r->filterkey);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 85d9cac497e4..880519d6cf2a 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -363,6 +363,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
363 case AUDIT_EXIT: 363 case AUDIT_EXIT:
364 case AUDIT_SUCCESS: 364 case AUDIT_SUCCESS:
365 case AUDIT_INODE: 365 case AUDIT_INODE:
366 case AUDIT_SESSIONID:
366 /* bit ops are only useful on syscall args */ 367 /* bit ops are only useful on syscall args */
367 if (f->op == Audit_bitmask || f->op == Audit_bittest) 368 if (f->op == Audit_bitmask || f->op == Audit_bittest)
368 return -EINVAL; 369 return -EINVAL;
@@ -476,6 +477,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
476 if (!gid_valid(f->gid)) 477 if (!gid_valid(f->gid))
477 goto exit_free; 478 goto exit_free;
478 break; 479 break;
480 case AUDIT_SESSIONID:
479 case AUDIT_ARCH: 481 case AUDIT_ARCH:
480 entry->rule.arch_f = f; 482 entry->rule.arch_f = f;
481 break; 483 break;
@@ -1074,8 +1076,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
1074 return; 1076 return;
1075 audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid); 1077 audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);
1076 audit_log_task_context(ab); 1078 audit_log_task_context(ab);
1077 audit_log_format(ab, " op="); 1079 audit_log_format(ab, " op=%s", action);
1078 audit_log_string(ab, action);
1079 audit_log_key(ab, rule->filterkey); 1080 audit_log_key(ab, rule->filterkey);
1080 audit_log_format(ab, " list=%d res=%d", rule->listnr, res); 1081 audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1081 audit_log_end(ab); 1082 audit_log_end(ab);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2cd5256dbff7..cf1fa43512c1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -446,6 +446,7 @@ static int audit_filter_rules(struct task_struct *tsk,
446 const struct cred *cred; 446 const struct cred *cred;
447 int i, need_sid = 1; 447 int i, need_sid = 1;
448 u32 sid; 448 u32 sid;
449 unsigned int sessionid;
449 450
450 cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); 451 cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
451 452
@@ -508,6 +509,10 @@ static int audit_filter_rules(struct task_struct *tsk,
508 case AUDIT_FSGID: 509 case AUDIT_FSGID:
509 result = audit_gid_comparator(cred->fsgid, f->op, f->gid); 510 result = audit_gid_comparator(cred->fsgid, f->op, f->gid);
510 break; 511 break;
512 case AUDIT_SESSIONID:
513 sessionid = audit_get_sessionid(current);
514 result = audit_comparator(sessionid, f->op, f->val);
515 break;
511 case AUDIT_PERS: 516 case AUDIT_PERS:
512 result = audit_comparator(tsk->personality, f->op, f->val); 517 result = audit_comparator(tsk->personality, f->op, f->val);
513 break; 518 break;
@@ -1000,7 +1005,7 @@ static void audit_log_execve_info(struct audit_context *context,
1000 long len_rem; 1005 long len_rem;
1001 long len_full; 1006 long len_full;
1002 long len_buf; 1007 long len_buf;
1003 long len_abuf; 1008 long len_abuf = 0;
1004 long len_tmp; 1009 long len_tmp;
1005 bool require_data; 1010 bool require_data;
1006 bool encode; 1011 bool encode;
@@ -2025,8 +2030,11 @@ int audit_set_loginuid(kuid_t loginuid)
2025 goto out; 2030 goto out;
2026 2031
2027 /* are we setting or clearing? */ 2032 /* are we setting or clearing? */
2028 if (uid_valid(loginuid)) 2033 if (uid_valid(loginuid)) {
2029 sessionid = (unsigned int)atomic_inc_return(&session_id); 2034 sessionid = (unsigned int)atomic_inc_return(&session_id);
2035 if (unlikely(sessionid == (unsigned int)-1))
2036 sessionid = (unsigned int)atomic_inc_return(&session_id);
2037 }
2030 2038
2031 task->sessionid = sessionid; 2039 task->sessionid = sessionid;
2032 task->loginuid = loginuid; 2040 task->loginuid = loginuid;
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 50fdc1b59777..3c4bbec39713 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -218,16 +218,15 @@ static void rtnl_net_notifyid(struct net *net, int cmd, int id);
218 */ 218 */
219int peernet2id_alloc(struct net *net, struct net *peer) 219int peernet2id_alloc(struct net *net, struct net *peer)
220{ 220{
221 unsigned long flags;
222 bool alloc; 221 bool alloc;
223 int id; 222 int id;
224 223
225 if (atomic_read(&net->count) == 0) 224 if (atomic_read(&net->count) == 0)
226 return NETNSA_NSID_NOT_ASSIGNED; 225 return NETNSA_NSID_NOT_ASSIGNED;
227 spin_lock_irqsave(&net->nsid_lock, flags); 226 spin_lock_bh(&net->nsid_lock);
228 alloc = atomic_read(&peer->count) == 0 ? false : true; 227 alloc = atomic_read(&peer->count) == 0 ? false : true;
229 id = __peernet2id_alloc(net, peer, &alloc); 228 id = __peernet2id_alloc(net, peer, &alloc);
230 spin_unlock_irqrestore(&net->nsid_lock, flags); 229 spin_unlock_bh(&net->nsid_lock);
231 if (alloc && id >= 0) 230 if (alloc && id >= 0)
232 rtnl_net_notifyid(net, RTM_NEWNSID, id); 231 rtnl_net_notifyid(net, RTM_NEWNSID, id);
233 return id; 232 return id;
@@ -236,12 +235,11 @@ int peernet2id_alloc(struct net *net, struct net *peer)
236/* This function returns, if assigned, the id of a peer netns. */ 235/* This function returns, if assigned, the id of a peer netns. */
237int peernet2id(struct net *net, struct net *peer) 236int peernet2id(struct net *net, struct net *peer)
238{ 237{
239 unsigned long flags;
240 int id; 238 int id;
241 239
242 spin_lock_irqsave(&net->nsid_lock, flags); 240 spin_lock_bh(&net->nsid_lock);
243 id = __peernet2id(net, peer); 241 id = __peernet2id(net, peer);
244 spin_unlock_irqrestore(&net->nsid_lock, flags); 242 spin_unlock_bh(&net->nsid_lock);
245 return id; 243 return id;
246} 244}
247EXPORT_SYMBOL(peernet2id); 245EXPORT_SYMBOL(peernet2id);
@@ -256,18 +254,17 @@ bool peernet_has_id(struct net *net, struct net *peer)
256 254
257struct net *get_net_ns_by_id(struct net *net, int id) 255struct net *get_net_ns_by_id(struct net *net, int id)
258{ 256{
259 unsigned long flags;
260 struct net *peer; 257 struct net *peer;
261 258
262 if (id < 0) 259 if (id < 0)
263 return NULL; 260 return NULL;
264 261
265 rcu_read_lock(); 262 rcu_read_lock();
266 spin_lock_irqsave(&net->nsid_lock, flags); 263 spin_lock_bh(&net->nsid_lock);
267 peer = idr_find(&net->netns_ids, id); 264 peer = idr_find(&net->netns_ids, id);
268 if (peer) 265 if (peer)
269 get_net(peer); 266 get_net(peer);
270 spin_unlock_irqrestore(&net->nsid_lock, flags); 267 spin_unlock_bh(&net->nsid_lock);
271 rcu_read_unlock(); 268 rcu_read_unlock();
272 269
273 return peer; 270 return peer;
@@ -437,17 +434,17 @@ static void cleanup_net(struct work_struct *work)
437 for_each_net(tmp) { 434 for_each_net(tmp) {
438 int id; 435 int id;
439 436
440 spin_lock_irq(&tmp->nsid_lock); 437 spin_lock_bh(&tmp->nsid_lock);
441 id = __peernet2id(tmp, net); 438 id = __peernet2id(tmp, net);
442 if (id >= 0) 439 if (id >= 0)
443 idr_remove(&tmp->netns_ids, id); 440 idr_remove(&tmp->netns_ids, id);
444 spin_unlock_irq(&tmp->nsid_lock); 441 spin_unlock_bh(&tmp->nsid_lock);
445 if (id >= 0) 442 if (id >= 0)
446 rtnl_net_notifyid(tmp, RTM_DELNSID, id); 443 rtnl_net_notifyid(tmp, RTM_DELNSID, id);
447 } 444 }
448 spin_lock_irq(&net->nsid_lock); 445 spin_lock_bh(&net->nsid_lock);
449 idr_destroy(&net->netns_ids); 446 idr_destroy(&net->netns_ids);
450 spin_unlock_irq(&net->nsid_lock); 447 spin_unlock_bh(&net->nsid_lock);
451 448
452 } 449 }
453 rtnl_unlock(); 450 rtnl_unlock();
@@ -576,7 +573,6 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
576{ 573{
577 struct net *net = sock_net(skb->sk); 574 struct net *net = sock_net(skb->sk);
578 struct nlattr *tb[NETNSA_MAX + 1]; 575 struct nlattr *tb[NETNSA_MAX + 1];
579 unsigned long flags;
580 struct net *peer; 576 struct net *peer;
581 int nsid, err; 577 int nsid, err;
582 578
@@ -597,15 +593,15 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
597 if (IS_ERR(peer)) 593 if (IS_ERR(peer))
598 return PTR_ERR(peer); 594 return PTR_ERR(peer);
599 595
600 spin_lock_irqsave(&net->nsid_lock, flags); 596 spin_lock_bh(&net->nsid_lock);
601 if (__peernet2id(net, peer) >= 0) { 597 if (__peernet2id(net, peer) >= 0) {
602 spin_unlock_irqrestore(&net->nsid_lock, flags); 598 spin_unlock_bh(&net->nsid_lock);
603 err = -EEXIST; 599 err = -EEXIST;
604 goto out; 600 goto out;
605 } 601 }
606 602
607 err = alloc_netid(net, peer, nsid); 603 err = alloc_netid(net, peer, nsid);
608 spin_unlock_irqrestore(&net->nsid_lock, flags); 604 spin_unlock_bh(&net->nsid_lock);
609 if (err >= 0) { 605 if (err >= 0) {
610 rtnl_net_notifyid(net, RTM_NEWNSID, err); 606 rtnl_net_notifyid(net, RTM_NEWNSID, err);
611 err = 0; 607 err = 0;
@@ -727,11 +723,10 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb)
727 .idx = 0, 723 .idx = 0,
728 .s_idx = cb->args[0], 724 .s_idx = cb->args[0],
729 }; 725 };
730 unsigned long flags;
731 726
732 spin_lock_irqsave(&net->nsid_lock, flags); 727 spin_lock_bh(&net->nsid_lock);
733 idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb); 728 idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb);
734 spin_unlock_irqrestore(&net->nsid_lock, flags); 729 spin_unlock_bh(&net->nsid_lock);
735 730
736 cb->args[0] = net_cb.idx; 731 cb->args[0] = net_cb.idx;
737 return skb->len; 732 return skb->len;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-05 07:46:28 -0500