Merge tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:
 "In the finest of holiday of traditions, I have a number of gifts to
  share today. While most of them are re-gifts from others, unlike the
  typical re-gift, these are things you will want in and around your
  tree; I promise.

  This pull request is perhaps a bit larger than our typical PR, but
  most of it comes from Jan's rework of audit's fanotify code; a very
  welcome improvement. We ran this through our normal regression tests,
  as well as some newly created stress tests and everything looks good.

  Richard added a few patches, mostly cleaning up a few things and and
  shortening some of the audit records that we send to userspace; a
  change the userspace folks are quite happy about.

  Finally YueHaibing and I kick in a few patches to simplify things a
  bit and make the code less prone to errors.

  Lastly, I want to say thanks one more time to everyone who has
  contributed patches, testing, and code reviews for the audit subsystem
  over the past year. The project is what it is due to your help and
  contributions - thank you"

* tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: (22 commits)
  audit: remove duplicated include from audit.c
  audit: shorten PATH cap values when zero
  audit: use current whenever possible
  audit: minimize our use of audit_log_format()
  audit: remove WATCH and TREE config options
  audit: use session_info helper
  audit: localize audit_log_session_info prototype
  audit: Use 'mark' name for fsnotify_mark variables
  audit: Replace chunk attached to mark instead of replacing mark
  audit: Simplify locking around untag_chunk()
  audit: Drop all unused chunk nodes during deletion
  audit: Guarantee forward progress of chunk untagging
  audit: Allocate fsnotify mark independently of chunk
  audit: Provide helper for dropping mark's chunk reference
  audit: Remove pointless check in insert_hash()
  audit: Factor out chunk replacement code
  audit: Make hash table insertion safe against concurrent lookups
  audit: Embed key into chunk
  audit: Fix possible tagging failures
  audit: Fix possible spurious -ENOSPC error
  ...

1 files changed, 31 insertions, 31 deletions

diff --git a/kernel/audit.c b/kernel/audit.c
index 2a8058764aa6..632d36059556 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -60,7 +60,6 @@
 #include <linux/mutex.h>
 #include <linux/gfp.h>
 #include <linux/pid.h>
-#include <linux/slab.h>
 
 #include <linux/audit.h>
 
@@ -400,7 +399,7 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old,
         ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
         if (unlikely(!ab))
                 return rc;
-        audit_log_format(ab, "%s=%u old=%u", function_name, new, old);
+        audit_log_format(ab, "%s=%u old=%u ", function_name, new, old);
         audit_log_session_info(ab);
         rc = audit_log_task_context(ab);
         if (rc)
@@ -1067,7 +1066,7 @@ static void audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
         *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
         if (unlikely(!*ab))
                 return;
-        audit_log_format(*ab, "pid=%d uid=%u", pid, uid);
+        audit_log_format(*ab, "pid=%d uid=%u ", pid, uid);
         audit_log_session_info(*ab);
         audit_log_task_context(*ab);
 }
@@ -1096,10 +1095,11 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 
         if (audit_enabled == AUDIT_OFF)
                 return;
+
         ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_FEATURE_CHANGE);
         if (!ab)
                 return;
-        audit_log_task_info(ab, current);
+        audit_log_task_info(ab);
         audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
                          audit_feature_names[which], !!old_feature, !!new_feature,
                          !!old_lock, !!new_lock, res);
@@ -2042,7 +2042,7 @@ void audit_log_session_info(struct audit_buffer *ab)
         unsigned int sessionid = audit_get_sessionid(current);
         uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
 
-        audit_log_format(ab, " auid=%u ses=%u", auid, sessionid);
+        audit_log_format(ab, "auid=%u ses=%u", auid, sessionid);
 }
 
 void audit_log_key(struct audit_buffer *ab, char *key)
@@ -2058,11 +2058,13 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
 {
         int i;
 
-        audit_log_format(ab, " %s=", prefix);
-        CAP_FOR_EACH_U32(i) {
-                audit_log_format(ab, "%08x",
-                                 cap->cap[CAP_LAST_U32 - i]);
+        if (cap_isclear(*cap)) {
+                audit_log_format(ab, " %s=0", prefix);
+                return;
         }
+        audit_log_format(ab, " %s=", prefix);
+        CAP_FOR_EACH_U32(i)
+                audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
 }
 
 static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
@@ -2177,22 +2179,21 @@ void audit_log_name(struct audit_context *context, struct audit_names *n,
         }
 
         /* log the audit_names record type */
-        audit_log_format(ab, " nametype=");
         switch(n->type) {
         case AUDIT_TYPE_NORMAL:
-                audit_log_format(ab, "NORMAL");
+                audit_log_format(ab, " nametype=NORMAL");
                 break;
         case AUDIT_TYPE_PARENT:
-                audit_log_format(ab, "PARENT");
+                audit_log_format(ab, " nametype=PARENT");
                 break;
         case AUDIT_TYPE_CHILD_DELETE:
-                audit_log_format(ab, "DELETE");
+                audit_log_format(ab, " nametype=DELETE");
                 break;
         case AUDIT_TYPE_CHILD_CREATE:
-                audit_log_format(ab, "CREATE");
+                audit_log_format(ab, " nametype=CREATE");
                 break;
         default:
-                audit_log_format(ab, "UNKNOWN");
+                audit_log_format(ab, " nametype=UNKNOWN");
                 break;
         }
 
@@ -2247,15 +2248,15 @@ out_null:
         audit_log_format(ab, " exe=(null)");
 }
 
-struct tty_struct *audit_get_tty(struct task_struct *tsk)
+struct tty_struct *audit_get_tty(void)
 {
         struct tty_struct *tty = NULL;
         unsigned long flags;
 
-        spin_lock_irqsave(&tsk->sighand->siglock, flags);
-        if (tsk->signal)
-                tty = tty_kref_get(tsk->signal->tty);
-        spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
+        spin_lock_irqsave(&current->sighand->siglock, flags);
+        if (current->signal)
+                tty = tty_kref_get(current->signal->tty);
+        spin_unlock_irqrestore(&current->sighand->siglock, flags);
         return tty;
 }
 
@@ -2264,25 +2265,24 @@ void audit_put_tty(struct tty_struct *tty)
         tty_kref_put(tty);
 }
 
-void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
+void audit_log_task_info(struct audit_buffer *ab)
 {
         const struct cred *cred;
-        char comm[sizeof(tsk->comm)];
+        char comm[sizeof(current->comm)];
         struct tty_struct *tty;
 
         if (!ab)
                 return;
 
-        /* tsk == current */
         cred = current_cred();
-        tty = audit_get_tty(tsk);
+        tty = audit_get_tty();
         audit_log_format(ab,
                          " ppid=%d pid=%d auid=%u uid=%u gid=%u"
                          " euid=%u suid=%u fsuid=%u"
                          " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
-                         task_ppid_nr(tsk),
-                         task_tgid_nr(tsk),
-                         from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
+                         task_ppid_nr(current),
+                         task_tgid_nr(current),
+                         from_kuid(&init_user_ns, audit_get_loginuid(current)),
                          from_kuid(&init_user_ns, cred->uid),
                          from_kgid(&init_user_ns, cred->gid),
                          from_kuid(&init_user_ns, cred->euid),
@@ -2292,11 +2292,11 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                          from_kgid(&init_user_ns, cred->sgid),
                          from_kgid(&init_user_ns, cred->fsgid),
                          tty ? tty_name(tty) : "(none)",
-                         audit_get_sessionid(tsk));
+                         audit_get_sessionid(current));
         audit_put_tty(tty);
         audit_log_format(ab, " comm=");
-        audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
-        audit_log_d_path_exe(ab, tsk->mm);
+        audit_log_untrustedstring(ab, get_task_comm(comm, current));
+        audit_log_d_path_exe(ab, current->mm);
         audit_log_task_context(ab);
 }
 EXPORT_SYMBOL(audit_log_task_info);
@@ -2317,7 +2317,7 @@ void audit_log_link_denied(const char *operation)
         if (!ab)
                 return;
         audit_log_format(ab, "op=%s", operation);
-        audit_log_task_info(ab, current);
+        audit_log_task_info(ab);
         audit_log_format(ab, " res=0");
         audit_log_end(ab);
 }