aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/proc/base.c2
-rw-r--r--include/uapi/linux/audit.h5
-rw-r--r--kernel/audit.c532
-rw-r--r--kernel/audit_fsnotify.c5
-rw-r--r--kernel/audit_tree.c3
-rw-r--r--kernel/audit_watch.c5
-rw-r--r--kernel/auditfilter.c5
-rw-r--r--kernel/auditsc.c12
-rw-r--r--net/core/net_namespace.c35
9 files changed, 361 insertions, 243 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 2e5b2e379cdf..5ea836362870 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1246,7 +1246,7 @@ static const struct file_operations proc_oom_score_adj_operations = {
1246}; 1246};
1247 1247
1248#ifdef CONFIG_AUDITSYSCALL 1248#ifdef CONFIG_AUDITSYSCALL
1249#define TMPBUFLEN 21 1249#define TMPBUFLEN 11
1250static ssize_t proc_loginuid_read(struct file * file, char __user * buf, 1250static ssize_t proc_loginuid_read(struct file * file, char __user * buf,
1251 size_t count, loff_t *ppos) 1251 size_t count, loff_t *ppos)
1252{ 1252{
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 208df7b44e90..1c107cb1c83f 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -254,6 +254,7 @@
254#define AUDIT_OBJ_LEV_LOW 22 254#define AUDIT_OBJ_LEV_LOW 22
255#define AUDIT_OBJ_LEV_HIGH 23 255#define AUDIT_OBJ_LEV_HIGH 23
256#define AUDIT_LOGINUID_SET 24 256#define AUDIT_LOGINUID_SET 24
257#define AUDIT_SESSIONID 25 /* Session ID */
257 258
258 /* These are ONLY useful when checking 259 /* These are ONLY useful when checking
259 * at syscall exit time (AUDIT_AT_EXIT). */ 260 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -330,10 +331,12 @@ enum {
330#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 331#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002
331#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 332#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004
332#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008 333#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008
334#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010
333#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ 335#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
334 AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ 336 AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
335 AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \ 337 AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
336 AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND) 338 AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
339 AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
337 340
338/* deprecated: AUDIT_VERSION_* */ 341/* deprecated: AUDIT_VERSION_* */
339#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL 342#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL
diff --git a/kernel/audit.c b/kernel/audit.c
index 67b9fbd871be..91bff3c0b368 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -107,7 +107,6 @@ static u32 audit_rate_limit;
107 * When set to zero, this means unlimited. */ 107 * When set to zero, this means unlimited. */
108static u32 audit_backlog_limit = 64; 108static u32 audit_backlog_limit = 64;
109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) 109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
110static u32 audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME;
111static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; 110static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
112 111
113/* The identity of the user shutting down the audit system. */ 112/* The identity of the user shutting down the audit system. */
@@ -138,11 +137,18 @@ static DEFINE_SPINLOCK(audit_freelist_lock);
138static int audit_freelist_count; 137static int audit_freelist_count;
139static LIST_HEAD(audit_freelist); 138static LIST_HEAD(audit_freelist);
140 139
141static struct sk_buff_head audit_skb_queue; 140/* queue msgs to send via kauditd_task */
142/* queue of skbs to send to auditd when/if it comes back */ 141static struct sk_buff_head audit_queue;
143static struct sk_buff_head audit_skb_hold_queue; 142/* queue msgs due to temporary unicast send problems */
143static struct sk_buff_head audit_retry_queue;
144/* queue msgs waiting for new auditd connection */
145static struct sk_buff_head audit_hold_queue;
146
147/* queue servicing thread */
144static struct task_struct *kauditd_task; 148static struct task_struct *kauditd_task;
145static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); 149static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
150
151/* waitqueue for callers who are blocked on the audit backlog */
146static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait); 152static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
147 153
148static struct audit_features af = {.vers = AUDIT_FEATURE_VERSION, 154static struct audit_features af = {.vers = AUDIT_FEATURE_VERSION,
@@ -338,7 +344,7 @@ static int audit_set_backlog_limit(u32 limit)
338static int audit_set_backlog_wait_time(u32 timeout) 344static int audit_set_backlog_wait_time(u32 timeout)
339{ 345{
340 return audit_do_config_change("audit_backlog_wait_time", 346 return audit_do_config_change("audit_backlog_wait_time",
341 &audit_backlog_wait_time_master, timeout); 347 &audit_backlog_wait_time, timeout);
342} 348}
343 349
344static int audit_set_enabled(u32 state) 350static int audit_set_enabled(u32 state)
@@ -365,29 +371,10 @@ static int audit_set_failure(u32 state)
365} 371}
366 372
367/* 373/*
368 * Queue skbs to be sent to auditd when/if it comes back. These skbs should
369 * already have been sent via prink/syslog and so if these messages are dropped
370 * it is not a huge concern since we already passed the audit_log_lost()
371 * notification and stuff. This is just nice to get audit messages during
372 * boot before auditd is running or messages generated while auditd is stopped.
373 * This only holds messages is audit_default is set, aka booting with audit=1
374 * or building your kernel that way.
375 */
376static void audit_hold_skb(struct sk_buff *skb)
377{
378 if (audit_default &&
379 (!audit_backlog_limit ||
380 skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
381 skb_queue_tail(&audit_skb_hold_queue, skb);
382 else
383 kfree_skb(skb);
384}
385
386/*
387 * For one reason or another this nlh isn't getting delivered to the userspace 374 * For one reason or another this nlh isn't getting delivered to the userspace
388 * audit daemon, just send it to printk. 375 * audit daemon, just send it to printk.
389 */ 376 */
390static void audit_printk_skb(struct sk_buff *skb) 377static void kauditd_printk_skb(struct sk_buff *skb)
391{ 378{
392 struct nlmsghdr *nlh = nlmsg_hdr(skb); 379 struct nlmsghdr *nlh = nlmsg_hdr(skb);
393 char *data = nlmsg_data(nlh); 380 char *data = nlmsg_data(nlh);
@@ -398,58 +385,123 @@ static void audit_printk_skb(struct sk_buff *skb)
398 else 385 else
399 audit_log_lost("printk limit exceeded"); 386 audit_log_lost("printk limit exceeded");
400 } 387 }
388}
389
390/**
391 * kauditd_hold_skb - Queue an audit record, waiting for auditd
392 * @skb: audit record
393 *
394 * Description:
395 * Queue the audit record, waiting for an instance of auditd. When this
396 * function is called we haven't given up yet on sending the record, but things
397 * are not looking good. The first thing we want to do is try to write the
398 * record via printk and then see if we want to try and hold on to the record
399 * and queue it, if we have room. If we want to hold on to the record, but we
400 * don't have room, record a record lost message.
401 */
402static void kauditd_hold_skb(struct sk_buff *skb)
403{
404 /* at this point it is uncertain if we will ever send this to auditd so
405 * try to send the message via printk before we go any further */
406 kauditd_printk_skb(skb);
407
408 /* can we just silently drop the message? */
409 if (!audit_default) {
410 kfree_skb(skb);
411 return;
412 }
413
414 /* if we have room, queue the message */
415 if (!audit_backlog_limit ||
416 skb_queue_len(&audit_hold_queue) < audit_backlog_limit) {
417 skb_queue_tail(&audit_hold_queue, skb);
418 return;
419 }
401 420
402 audit_hold_skb(skb); 421 /* we have no other options - drop the message */
422 audit_log_lost("kauditd hold queue overflow");
423 kfree_skb(skb);
403} 424}
404 425
405static void kauditd_send_skb(struct sk_buff *skb) 426/**
427 * kauditd_retry_skb - Queue an audit record, attempt to send again to auditd
428 * @skb: audit record
429 *
430 * Description:
431 * Not as serious as kauditd_hold_skb() as we still have a connected auditd,
432 * but for some reason we are having problems sending it audit records so
433 * queue the given record and attempt to resend.
434 */
435static void kauditd_retry_skb(struct sk_buff *skb)
406{ 436{
407 int err; 437 /* NOTE: because records should only live in the retry queue for a
408 int attempts = 0; 438 * short period of time, before either being sent or moved to the hold
409#define AUDITD_RETRIES 5 439 * queue, we don't currently enforce a limit on this queue */
440 skb_queue_tail(&audit_retry_queue, skb);
441}
442
443/**
444 * auditd_reset - Disconnect the auditd connection
445 *
446 * Description:
447 * Break the auditd/kauditd connection and move all the records in the retry
448 * queue into the hold queue in case auditd reconnects. The audit_cmd_mutex
449 * must be held when calling this function.
450 */
451static void auditd_reset(void)
452{
453 struct sk_buff *skb;
454
455 /* break the connection */
456 if (audit_sock) {
457 sock_put(audit_sock);
458 audit_sock = NULL;
459 }
460 audit_pid = 0;
461 audit_nlk_portid = 0;
462
463 /* flush all of the retry queue to the hold queue */
464 while ((skb = skb_dequeue(&audit_retry_queue)))
465 kauditd_hold_skb(skb);
466}
467
468/**
469 * kauditd_send_unicast_skb - Send a record via unicast to auditd
470 * @skb: audit record
471 */
472static int kauditd_send_unicast_skb(struct sk_buff *skb)
473{
474 int rc;
410 475
411restart: 476 /* if we know nothing is connected, don't even try the netlink call */
412 /* take a reference in case we can't send it and we want to hold it */ 477 if (!audit_pid)
478 return -ECONNREFUSED;
479
480 /* get an extra skb reference in case we fail to send */
413 skb_get(skb); 481 skb_get(skb);
414 err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); 482 rc = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
415 if (err < 0) { 483 if (rc >= 0) {
416 pr_err("netlink_unicast sending to audit_pid=%d returned error: %d\n",
417 audit_pid, err);
418 if (audit_pid) {
419 if (err == -ECONNREFUSED || err == -EPERM
420 || ++attempts >= AUDITD_RETRIES) {
421 char s[32];
422
423 snprintf(s, sizeof(s), "audit_pid=%d reset", audit_pid);
424 audit_log_lost(s);
425 audit_pid = 0;
426 audit_sock = NULL;
427 } else {
428 pr_warn("re-scheduling(#%d) write to audit_pid=%d\n",
429 attempts, audit_pid);
430 set_current_state(TASK_INTERRUPTIBLE);
431 schedule();
432 goto restart;
433 }
434 }
435 /* we might get lucky and get this in the next auditd */
436 audit_hold_skb(skb);
437 } else
438 /* drop the extra reference if sent ok */
439 consume_skb(skb); 484 consume_skb(skb);
485 rc = 0;
486 }
487
488 return rc;
440} 489}
441 490
442/* 491/*
443 * kauditd_send_multicast_skb - send the skb to multicast userspace listeners 492 * kauditd_send_multicast_skb - Send a record to any multicast listeners
493 * @skb: audit record
444 * 494 *
495 * Description:
445 * This function doesn't consume an skb as might be expected since it has to 496 * This function doesn't consume an skb as might be expected since it has to
446 * copy it anyways. 497 * copy it anyways.
447 */ 498 */
448static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask) 499static void kauditd_send_multicast_skb(struct sk_buff *skb)
449{ 500{
450 struct sk_buff *copy; 501 struct sk_buff *copy;
451 struct audit_net *aunet = net_generic(&init_net, audit_net_id); 502 struct audit_net *aunet = net_generic(&init_net, audit_net_id);
452 struct sock *sock = aunet->nlsk; 503 struct sock *sock = aunet->nlsk;
504 struct nlmsghdr *nlh;
453 505
454 if (!netlink_has_listeners(sock, AUDIT_NLGRP_READLOG)) 506 if (!netlink_has_listeners(sock, AUDIT_NLGRP_READLOG))
455 return; 507 return;
@@ -464,74 +516,161 @@ static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask)
464 * no reason for new multicast clients to continue with this 516 * no reason for new multicast clients to continue with this
465 * non-compliance. 517 * non-compliance.
466 */ 518 */
467 copy = skb_copy(skb, gfp_mask); 519 copy = skb_copy(skb, GFP_KERNEL);
468 if (!copy) 520 if (!copy)
469 return; 521 return;
522 nlh = nlmsg_hdr(copy);
523 nlh->nlmsg_len = skb->len;
470 524
471 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask); 525 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL);
472} 526}
473 527
474/* 528/**
475 * flush_hold_queue - empty the hold queue if auditd appears 529 * kauditd_wake_condition - Return true when it is time to wake kauditd_thread
476 *
477 * If auditd just started, drain the queue of messages already
478 * sent to syslog/printk. Remember loss here is ok. We already
479 * called audit_log_lost() if it didn't go out normally. so the
480 * race between the skb_dequeue and the next check for audit_pid
481 * doesn't matter.
482 * 530 *
483 * If you ever find kauditd to be too slow we can get a perf win 531 * Description:
484 * by doing our own locking and keeping better track if there 532 * This function is for use by the wait_event_freezable() call in
485 * are messages in this queue. I don't see the need now, but 533 * kauditd_thread().
486 * in 5 years when I want to play with this again I'll see this
487 * note and still have no friggin idea what i'm thinking today.
488 */ 534 */
489static void flush_hold_queue(void) 535static int kauditd_wake_condition(void)
490{ 536{
491 struct sk_buff *skb; 537 static int pid_last = 0;
492 538 int rc;
493 if (!audit_default || !audit_pid) 539 int pid = audit_pid;
494 return;
495
496 skb = skb_dequeue(&audit_skb_hold_queue);
497 if (likely(!skb))
498 return;
499 540
500 while (skb && audit_pid) { 541 /* wake on new messages or a change in the connected auditd */
501 kauditd_send_skb(skb); 542 rc = skb_queue_len(&audit_queue) || (pid && pid != pid_last);
502 skb = skb_dequeue(&audit_skb_hold_queue); 543 if (rc)
503 } 544 pid_last = pid;
504 545
505 /* 546 return rc;
506 * if auditd just disappeared but we
507 * dequeued an skb we need to drop ref
508 */
509 consume_skb(skb);
510} 547}
511 548
512static int kauditd_thread(void *dummy) 549static int kauditd_thread(void *dummy)
513{ 550{
551 int rc;
552 int auditd = 0;
553 int reschedule = 0;
554 struct sk_buff *skb;
555 struct nlmsghdr *nlh;
556
557#define UNICAST_RETRIES 5
558#define AUDITD_BAD(x,y) \
559 ((x) == -ECONNREFUSED || (x) == -EPERM || ++(y) >= UNICAST_RETRIES)
560
561 /* NOTE: we do invalidate the auditd connection flag on any sending
562 * errors, but we only "restore" the connection flag at specific places
563 * in the loop in order to help ensure proper ordering of audit
564 * records */
565
514 set_freezable(); 566 set_freezable();
515 while (!kthread_should_stop()) { 567 while (!kthread_should_stop()) {
516 struct sk_buff *skb; 568 /* NOTE: possible area for future improvement is to look at
517 569 * the hold and retry queues, since only this thread
518 flush_hold_queue(); 570 * has access to these queues we might be able to do
571 * our own queuing and skip some/all of the locking */
572
573 /* NOTE: it might be a fun experiment to split the hold and
574 * retry queue handling to another thread, but the
575 * synchronization issues and other overhead might kill
576 * any performance gains */
577
578 /* attempt to flush the hold queue */
579 while (auditd && (skb = skb_dequeue(&audit_hold_queue))) {
580 rc = kauditd_send_unicast_skb(skb);
581 if (rc) {
582 /* requeue to the same spot */
583 skb_queue_head(&audit_hold_queue, skb);
584
585 auditd = 0;
586 if (AUDITD_BAD(rc, reschedule)) {
587 mutex_lock(&audit_cmd_mutex);
588 auditd_reset();
589 mutex_unlock(&audit_cmd_mutex);
590 reschedule = 0;
591 }
592 } else
593 /* we were able to send successfully */
594 reschedule = 0;
595 }
519 596
520 skb = skb_dequeue(&audit_skb_queue); 597 /* attempt to flush the retry queue */
598 while (auditd && (skb = skb_dequeue(&audit_retry_queue))) {
599 rc = kauditd_send_unicast_skb(skb);
600 if (rc) {
601 auditd = 0;
602 if (AUDITD_BAD(rc, reschedule)) {
603 kauditd_hold_skb(skb);
604 mutex_lock(&audit_cmd_mutex);
605 auditd_reset();
606 mutex_unlock(&audit_cmd_mutex);
607 reschedule = 0;
608 } else
609 /* temporary problem (we hope), queue
610 * to the same spot and retry */
611 skb_queue_head(&audit_retry_queue, skb);
612 } else
613 /* we were able to send successfully */
614 reschedule = 0;
615 }
521 616
617 /* standard queue processing, try to be as quick as possible */
618quick_loop:
619 skb = skb_dequeue(&audit_queue);
522 if (skb) { 620 if (skb) {
523 if (!audit_backlog_limit || 621 /* setup the netlink header, see the comments in
524 (skb_queue_len(&audit_skb_queue) <= audit_backlog_limit)) 622 * kauditd_send_multicast_skb() for length quirks */
525 wake_up(&audit_backlog_wait); 623 nlh = nlmsg_hdr(skb);
526 if (audit_pid) 624 nlh->nlmsg_len = skb->len - NLMSG_HDRLEN;
527 kauditd_send_skb(skb); 625
626 /* attempt to send to any multicast listeners */
627 kauditd_send_multicast_skb(skb);
628
629 /* attempt to send to auditd, queue on failure */
630 if (auditd) {
631 rc = kauditd_send_unicast_skb(skb);
632 if (rc) {
633 auditd = 0;
634 if (AUDITD_BAD(rc, reschedule)) {
635 mutex_lock(&audit_cmd_mutex);
636 auditd_reset();
637 mutex_unlock(&audit_cmd_mutex);
638 reschedule = 0;
639 }
640
641 /* move to the retry queue */
642 kauditd_retry_skb(skb);
643 } else
644 /* everything is working so go fast! */
645 goto quick_loop;
646 } else if (reschedule)
647 /* we are currently having problems, move to
648 * the retry queue */
649 kauditd_retry_skb(skb);
528 else 650 else
529 audit_printk_skb(skb); 651 /* dump the message via printk and hold it */
530 continue; 652 kauditd_hold_skb(skb);
531 } 653 } else {
654 /* we have flushed the backlog so wake everyone */
655 wake_up(&audit_backlog_wait);
656
657 /* if everything is okay with auditd (if present), go
658 * to sleep until there is something new in the queue
659 * or we have a change in the connected auditd;
660 * otherwise simply reschedule to give things a chance
661 * to recover */
662 if (reschedule) {
663 set_current_state(TASK_INTERRUPTIBLE);
664 schedule();
665 } else
666 wait_event_freezable(kauditd_wait,
667 kauditd_wake_condition());
532 668
533 wait_event_freezable(kauditd_wait, skb_queue_len(&audit_skb_queue)); 669 /* update the auditd connection status */
670 auditd = (audit_pid ? 1 : 0);
671 }
534 } 672 }
673
535 return 0; 674 return 0;
536} 675}
537 676
@@ -596,6 +735,7 @@ static int audit_send_reply_thread(void *arg)
596 kfree(reply); 735 kfree(reply);
597 return 0; 736 return 0;
598} 737}
738
599/** 739/**
600 * audit_send_reply - send an audit reply message via netlink 740 * audit_send_reply - send an audit reply message via netlink
601 * @request_skb: skb of request we are replying to (used to target the reply) 741 * @request_skb: skb of request we are replying to (used to target the reply)
@@ -832,16 +972,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
832 if (err) 972 if (err)
833 return err; 973 return err;
834 974
835 /* As soon as there's any sign of userspace auditd,
836 * start kauditd to talk to it */
837 if (!kauditd_task) {
838 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
839 if (IS_ERR(kauditd_task)) {
840 err = PTR_ERR(kauditd_task);
841 kauditd_task = NULL;
842 return err;
843 }
844 }
845 seq = nlh->nlmsg_seq; 975 seq = nlh->nlmsg_seq;
846 data = nlmsg_data(nlh); 976 data = nlmsg_data(nlh);
847 977
@@ -855,9 +985,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
855 s.rate_limit = audit_rate_limit; 985 s.rate_limit = audit_rate_limit;
856 s.backlog_limit = audit_backlog_limit; 986 s.backlog_limit = audit_backlog_limit;
857 s.lost = atomic_read(&audit_lost); 987 s.lost = atomic_read(&audit_lost);
858 s.backlog = skb_queue_len(&audit_skb_queue); 988 s.backlog = skb_queue_len(&audit_queue);
859 s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; 989 s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL;
860 s.backlog_wait_time = audit_backlog_wait_time_master; 990 s.backlog_wait_time = audit_backlog_wait_time;
861 audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); 991 audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s));
862 break; 992 break;
863 } 993 }
@@ -897,9 +1027,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
897 } 1027 }
898 if (audit_enabled != AUDIT_OFF) 1028 if (audit_enabled != AUDIT_OFF)
899 audit_log_config_change("audit_pid", new_pid, audit_pid, 1); 1029 audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
900 audit_pid = new_pid; 1030 if (new_pid) {
901 audit_nlk_portid = NETLINK_CB(skb).portid; 1031 if (audit_sock)
902 audit_sock = skb->sk; 1032 sock_put(audit_sock);
1033 audit_pid = new_pid;
1034 audit_nlk_portid = NETLINK_CB(skb).portid;
1035 sock_hold(skb->sk);
1036 audit_sock = skb->sk;
1037 } else {
1038 auditd_reset();
1039 }
1040 wake_up_interruptible(&kauditd_wait);
903 } 1041 }
904 if (s.mask & AUDIT_STATUS_RATE_LIMIT) { 1042 if (s.mask & AUDIT_STATUS_RATE_LIMIT) {
905 err = audit_set_rate_limit(s.rate_limit); 1043 err = audit_set_rate_limit(s.rate_limit);
@@ -1167,10 +1305,10 @@ static void __net_exit audit_net_exit(struct net *net)
1167{ 1305{
1168 struct audit_net *aunet = net_generic(net, audit_net_id); 1306 struct audit_net *aunet = net_generic(net, audit_net_id);
1169 struct sock *sock = aunet->nlsk; 1307 struct sock *sock = aunet->nlsk;
1170 if (sock == audit_sock) { 1308 mutex_lock(&audit_cmd_mutex);
1171 audit_pid = 0; 1309 if (sock == audit_sock)
1172 audit_sock = NULL; 1310 auditd_reset();
1173 } 1311 mutex_unlock(&audit_cmd_mutex);
1174 1312
1175 netlink_kernel_release(sock); 1313 netlink_kernel_release(sock);
1176 aunet->nlsk = NULL; 1314 aunet->nlsk = NULL;
@@ -1195,17 +1333,24 @@ static int __init audit_init(void)
1195 audit_default ? "enabled" : "disabled"); 1333 audit_default ? "enabled" : "disabled");
1196 register_pernet_subsys(&audit_net_ops); 1334 register_pernet_subsys(&audit_net_ops);
1197 1335
1198 skb_queue_head_init(&audit_skb_queue); 1336 skb_queue_head_init(&audit_queue);
1199 skb_queue_head_init(&audit_skb_hold_queue); 1337 skb_queue_head_init(&audit_retry_queue);
1338 skb_queue_head_init(&audit_hold_queue);
1200 audit_initialized = AUDIT_INITIALIZED; 1339 audit_initialized = AUDIT_INITIALIZED;
1201 audit_enabled = audit_default; 1340 audit_enabled = audit_default;
1202 audit_ever_enabled |= !!audit_default; 1341 audit_ever_enabled |= !!audit_default;
1203 1342
1204 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
1205
1206 for (i = 0; i < AUDIT_INODE_BUCKETS; i++) 1343 for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
1207 INIT_LIST_HEAD(&audit_inode_hash[i]); 1344 INIT_LIST_HEAD(&audit_inode_hash[i]);
1208 1345
1346 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
1347 if (IS_ERR(kauditd_task)) {
1348 int err = PTR_ERR(kauditd_task);
1349 panic("audit: failed to start the kauditd thread (%d)\n", err);
1350 }
1351
1352 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
1353
1209 return 0; 1354 return 0;
1210} 1355}
1211__initcall(audit_init); 1356__initcall(audit_init);
@@ -1338,24 +1483,6 @@ static inline void audit_get_stamp(struct audit_context *ctx,
1338 } 1483 }
1339} 1484}
1340 1485
1341/*
1342 * Wait for auditd to drain the queue a little
1343 */
1344static long wait_for_auditd(long sleep_time)
1345{
1346 DECLARE_WAITQUEUE(wait, current);
1347
1348 if (audit_backlog_limit &&
1349 skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
1350 add_wait_queue_exclusive(&audit_backlog_wait, &wait);
1351 set_current_state(TASK_UNINTERRUPTIBLE);
1352 sleep_time = schedule_timeout(sleep_time);
1353 remove_wait_queue(&audit_backlog_wait, &wait);
1354 }
1355
1356 return sleep_time;
1357}
1358
1359/** 1486/**
1360 * audit_log_start - obtain an audit buffer 1487 * audit_log_start - obtain an audit buffer
1361 * @ctx: audit_context (may be NULL) 1488 * @ctx: audit_context (may be NULL)
@@ -1374,12 +1501,9 @@ static long wait_for_auditd(long sleep_time)
1374struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, 1501struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1375 int type) 1502 int type)
1376{ 1503{
1377 struct audit_buffer *ab = NULL; 1504 struct audit_buffer *ab;
1378 struct timespec t; 1505 struct timespec t;
1379 unsigned int uninitialized_var(serial); 1506 unsigned int uninitialized_var(serial);
1380 int reserve = 5; /* Allow atomic callers to go up to five
1381 entries over the normal backlog limit */
1382 unsigned long timeout_start = jiffies;
1383 1507
1384 if (audit_initialized != AUDIT_INITIALIZED) 1508 if (audit_initialized != AUDIT_INITIALIZED)
1385 return NULL; 1509 return NULL;
@@ -1387,38 +1511,48 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1387 if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE))) 1511 if (unlikely(!audit_filter(type, AUDIT_FILTER_TYPE)))
1388 return NULL; 1512 return NULL;
1389 1513
1390 if (gfp_mask & __GFP_DIRECT_RECLAIM) { 1514 /* don't ever fail/sleep on these two conditions:
1391 if (audit_pid && audit_pid == current->tgid) 1515 * 1. auditd generated record - since we need auditd to drain the
1392 gfp_mask &= ~__GFP_DIRECT_RECLAIM; 1516 * queue; also, when we are checking for auditd, compare PIDs using
1393 else 1517 * task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
1394 reserve = 0; 1518 * using a PID anchored in the caller's namespace
1395 } 1519 * 2. audit command message - record types 1000 through 1099 inclusive
1396 1520 * are command messages/records used to manage the kernel subsystem
1397 while (audit_backlog_limit 1521 * and the audit userspace, blocking on these messages could cause
1398 && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) { 1522 * problems under load so don't do it (note: not all of these
1399 if (gfp_mask & __GFP_DIRECT_RECLAIM && audit_backlog_wait_time) { 1523 * command types are valid as record types, but it is quicker to
1400 long sleep_time; 1524 * just check two ints than a series of ints in a if/switch stmt) */
1525 if (!((audit_pid && audit_pid == task_tgid_vnr(current)) ||
1526 (type >= 1000 && type <= 1099))) {
1527 long sleep_time = audit_backlog_wait_time;
1528
1529 while (audit_backlog_limit &&
1530 (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
1531 /* wake kauditd to try and flush the queue */
1532 wake_up_interruptible(&kauditd_wait);
1401 1533
1402 sleep_time = timeout_start + audit_backlog_wait_time - jiffies; 1534 /* sleep if we are allowed and we haven't exhausted our
1403 if (sleep_time > 0) { 1535 * backlog wait limit */
1404 sleep_time = wait_for_auditd(sleep_time); 1536 if ((gfp_mask & __GFP_DIRECT_RECLAIM) &&
1405 if (sleep_time > 0) 1537 (sleep_time > 0)) {
1406 continue; 1538 DECLARE_WAITQUEUE(wait, current);
1539
1540 add_wait_queue_exclusive(&audit_backlog_wait,
1541 &wait);
1542 set_current_state(TASK_UNINTERRUPTIBLE);
1543 sleep_time = schedule_timeout(sleep_time);
1544 remove_wait_queue(&audit_backlog_wait, &wait);
1545 } else {
1546 if (audit_rate_check() && printk_ratelimit())
1547 pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n",
1548 skb_queue_len(&audit_queue),
1549 audit_backlog_limit);
1550 audit_log_lost("backlog limit exceeded");
1551 return NULL;
1407 } 1552 }
1408 } 1553 }
1409 if (audit_rate_check() && printk_ratelimit())
1410 pr_warn("audit_backlog=%d > audit_backlog_limit=%d\n",
1411 skb_queue_len(&audit_skb_queue),
1412 audit_backlog_limit);
1413 audit_log_lost("backlog limit exceeded");
1414 audit_backlog_wait_time = 0;
1415 wake_up(&audit_backlog_wait);
1416 return NULL;
1417 } 1554 }
1418 1555
1419 if (!reserve && !audit_backlog_wait_time)
1420 audit_backlog_wait_time = audit_backlog_wait_time_master;
1421
1422 ab = audit_buffer_alloc(ctx, gfp_mask, type); 1556 ab = audit_buffer_alloc(ctx, gfp_mask, type);
1423 if (!ab) { 1557 if (!ab) {
1424 audit_log_lost("out of memory in audit_log_start"); 1558 audit_log_lost("out of memory in audit_log_start");
@@ -1426,9 +1560,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1426 } 1560 }
1427 1561
1428 audit_get_stamp(ab->ctx, &t, &serial); 1562 audit_get_stamp(ab->ctx, &t, &serial);
1429
1430 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 1563 audit_log_format(ab, "audit(%lu.%03lu:%u): ",
1431 t.tv_sec, t.tv_nsec/1000000, serial); 1564 t.tv_sec, t.tv_nsec/1000000, serial);
1565
1432 return ab; 1566 return ab;
1433} 1567}
1434 1568
@@ -1978,10 +2112,10 @@ out:
1978 * audit_log_end - end one audit record 2112 * audit_log_end - end one audit record
1979 * @ab: the audit_buffer 2113 * @ab: the audit_buffer
1980 * 2114 *
1981 * netlink_unicast() cannot be called inside an irq context because it blocks 2115 * We can not do a netlink send inside an irq context because it blocks (last
1982 * (last arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed 2116 * arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a
1983 * on a queue and a tasklet is scheduled to remove them from the queue outside 2117 * queue and a tasklet is scheduled to remove them from the queue outside the
1984 * the irq context. May be called in any context. 2118 * irq context. May be called in any context.
1985 */ 2119 */
1986void audit_log_end(struct audit_buffer *ab) 2120void audit_log_end(struct audit_buffer *ab)
1987{ 2121{
@@ -1990,28 +2124,8 @@ void audit_log_end(struct audit_buffer *ab)
1990 if (!audit_rate_check()) { 2124 if (!audit_rate_check()) {
1991 audit_log_lost("rate limit exceeded"); 2125 audit_log_lost("rate limit exceeded");
1992 } else { 2126 } else {
1993 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); 2127 skb_queue_tail(&audit_queue, ab->skb);
1994 2128 wake_up_interruptible(&kauditd_wait);
1995 nlh->nlmsg_len = ab->skb->len;
1996 kauditd_send_multicast_skb(ab->skb, ab->gfp_mask);
1997
1998 /*
1999 * The original kaudit unicast socket sends up messages with
2000 * nlmsg_len set to the payload length rather than the entire
2001 * message length. This breaks the standard set by netlink.
2002 * The existing auditd daemon assumes this breakage. Fixing
2003 * this would require co-ordinating a change in the established
2004 * protocol between the kaudit kernel subsystem and the auditd
2005 * userspace code.
2006 */
2007 nlh->nlmsg_len -= NLMSG_HDRLEN;
2008
2009 if (audit_pid) {
2010 skb_queue_tail(&audit_skb_queue, ab->skb);
2011 wake_up_interruptible(&kauditd_wait);
2012 } else {
2013 audit_printk_skb(ab->skb);
2014 }
2015 ab->skb = NULL; 2129 ab->skb = NULL;
2016 } 2130 }
2017 audit_buffer_free(ab); 2131 audit_buffer_free(ab);
diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index f84f8d06e1f6..f75154889aa9 100644
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -130,10 +130,9 @@ static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, c
130 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 130 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
131 if (unlikely(!ab)) 131 if (unlikely(!ab))
132 return; 132 return;
133 audit_log_format(ab, "auid=%u ses=%u op=", 133 audit_log_format(ab, "auid=%u ses=%u op=%s",
134 from_kuid(&init_user_ns, audit_get_loginuid(current)), 134 from_kuid(&init_user_ns, audit_get_loginuid(current)),
135 audit_get_sessionid(current)); 135 audit_get_sessionid(current), op);
136 audit_log_string(ab, op);
137 audit_log_format(ab, " path="); 136 audit_log_format(ab, " path=");
138 audit_log_untrustedstring(ab, audit_mark->path); 137 audit_log_untrustedstring(ab, audit_mark->path);
139 audit_log_key(ab, rule->filterkey); 138 audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 25772476fa4a..055f11b0a50f 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -458,8 +458,7 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule)
458 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 458 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
459 if (unlikely(!ab)) 459 if (unlikely(!ab))
460 return; 460 return;
461 audit_log_format(ab, "op="); 461 audit_log_format(ab, "op=remove_rule");
462 audit_log_string(ab, "remove_rule");
463 audit_log_format(ab, " dir="); 462 audit_log_format(ab, " dir=");
464 audit_log_untrustedstring(ab, rule->tree->pathname); 463 audit_log_untrustedstring(ab, rule->tree->pathname);
465 audit_log_key(ab, rule->filterkey); 464 audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 0d302a87f21b..686e068ec3da 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -242,10 +242,9 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
242 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 242 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE);
243 if (unlikely(!ab)) 243 if (unlikely(!ab))
244 return; 244 return;
245 audit_log_format(ab, "auid=%u ses=%u op=", 245 audit_log_format(ab, "auid=%u ses=%u op=%s",
246 from_kuid(&init_user_ns, audit_get_loginuid(current)), 246 from_kuid(&init_user_ns, audit_get_loginuid(current)),
247 audit_get_sessionid(current)); 247 audit_get_sessionid(current), op);
248 audit_log_string(ab, op);
249 audit_log_format(ab, " path="); 248 audit_log_format(ab, " path=");
250 audit_log_untrustedstring(ab, w->path); 249 audit_log_untrustedstring(ab, w->path);
251 audit_log_key(ab, r->filterkey); 250 audit_log_key(ab, r->filterkey);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 85d9cac497e4..880519d6cf2a 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -363,6 +363,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
363 case AUDIT_EXIT: 363 case AUDIT_EXIT:
364 case AUDIT_SUCCESS: 364 case AUDIT_SUCCESS:
365 case AUDIT_INODE: 365 case AUDIT_INODE:
366 case AUDIT_SESSIONID:
366 /* bit ops are only useful on syscall args */ 367 /* bit ops are only useful on syscall args */
367 if (f->op == Audit_bitmask || f->op == Audit_bittest) 368 if (f->op == Audit_bitmask || f->op == Audit_bittest)
368 return -EINVAL; 369 return -EINVAL;
@@ -476,6 +477,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
476 if (!gid_valid(f->gid)) 477 if (!gid_valid(f->gid))
477 goto exit_free; 478 goto exit_free;
478 break; 479 break;
480 case AUDIT_SESSIONID:
479 case AUDIT_ARCH: 481 case AUDIT_ARCH:
480 entry->rule.arch_f = f; 482 entry->rule.arch_f = f;
481 break; 483 break;
@@ -1074,8 +1076,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
1074 return; 1076 return;
1075 audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid); 1077 audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);
1076 audit_log_task_context(ab); 1078 audit_log_task_context(ab);
1077 audit_log_format(ab, " op="); 1079 audit_log_format(ab, " op=%s", action);
1078 audit_log_string(ab, action);
1079 audit_log_key(ab, rule->filterkey); 1080 audit_log_key(ab, rule->filterkey);
1080 audit_log_format(ab, " list=%d res=%d", rule->listnr, res); 1081 audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1081 audit_log_end(ab); 1082 audit_log_end(ab);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2cd5256dbff7..cf1fa43512c1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -446,6 +446,7 @@ static int audit_filter_rules(struct task_struct *tsk,
446 const struct cred *cred; 446 const struct cred *cred;
447 int i, need_sid = 1; 447 int i, need_sid = 1;
448 u32 sid; 448 u32 sid;
449 unsigned int sessionid;
449 450
450 cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); 451 cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
451 452
@@ -508,6 +509,10 @@ static int audit_filter_rules(struct task_struct *tsk,
508 case AUDIT_FSGID: 509 case AUDIT_FSGID:
509 result = audit_gid_comparator(cred->fsgid, f->op, f->gid); 510 result = audit_gid_comparator(cred->fsgid, f->op, f->gid);
510 break; 511 break;
512 case AUDIT_SESSIONID:
513 sessionid = audit_get_sessionid(current);
514 result = audit_comparator(sessionid, f->op, f->val);
515 break;
511 case AUDIT_PERS: 516 case AUDIT_PERS:
512 result = audit_comparator(tsk->personality, f->op, f->val); 517 result = audit_comparator(tsk->personality, f->op, f->val);
513 break; 518 break;
@@ -1000,7 +1005,7 @@ static void audit_log_execve_info(struct audit_context *context,
1000 long len_rem; 1005 long len_rem;
1001 long len_full; 1006 long len_full;
1002 long len_buf; 1007 long len_buf;
1003 long len_abuf; 1008 long len_abuf = 0;
1004 long len_tmp; 1009 long len_tmp;
1005 bool require_data; 1010 bool require_data;
1006 bool encode; 1011 bool encode;
@@ -2025,8 +2030,11 @@ int audit_set_loginuid(kuid_t loginuid)
2025 goto out; 2030 goto out;
2026 2031
2027 /* are we setting or clearing? */ 2032 /* are we setting or clearing? */
2028 if (uid_valid(loginuid)) 2033 if (uid_valid(loginuid)) {
2029 sessionid = (unsigned int)atomic_inc_return(&session_id); 2034 sessionid = (unsigned int)atomic_inc_return(&session_id);
2035 if (unlikely(sessionid == (unsigned int)-1))
2036 sessionid = (unsigned int)atomic_inc_return(&session_id);
2037 }
2030 2038
2031 task->sessionid = sessionid; 2039 task->sessionid = sessionid;
2032 task->loginuid = loginuid; 2040 task->loginuid = loginuid;
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 50fdc1b59777..3c4bbec39713 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -218,16 +218,15 @@ static void rtnl_net_notifyid(struct net *net, int cmd, int id);
218 */ 218 */
219int peernet2id_alloc(struct net *net, struct net *peer) 219int peernet2id_alloc(struct net *net, struct net *peer)
220{ 220{
221 unsigned long flags;
222 bool alloc; 221 bool alloc;
223 int id; 222 int id;
224 223
225 if (atomic_read(&net->count) == 0) 224 if (atomic_read(&net->count) == 0)
226 return NETNSA_NSID_NOT_ASSIGNED; 225 return NETNSA_NSID_NOT_ASSIGNED;
227 spin_lock_irqsave(&net->nsid_lock, flags); 226 spin_lock_bh(&net->nsid_lock);
228 alloc = atomic_read(&peer->count) == 0 ? false : true; 227 alloc = atomic_read(&peer->count) == 0 ? false : true;
229 id = __peernet2id_alloc(net, peer, &alloc); 228 id = __peernet2id_alloc(net, peer, &alloc);
230 spin_unlock_irqrestore(&net->nsid_lock, flags); 229 spin_unlock_bh(&net->nsid_lock);
231 if (alloc && id >= 0) 230 if (alloc && id >= 0)
232 rtnl_net_notifyid(net, RTM_NEWNSID, id); 231 rtnl_net_notifyid(net, RTM_NEWNSID, id);
233 return id; 232 return id;
@@ -236,12 +235,11 @@ int peernet2id_alloc(struct net *net, struct net *peer)
236/* This function returns, if assigned, the id of a peer netns. */ 235/* This function returns, if assigned, the id of a peer netns. */
237int peernet2id(struct net *net, struct net *peer) 236int peernet2id(struct net *net, struct net *peer)
238{ 237{
239 unsigned long flags;
240 int id; 238 int id;
241 239
242 spin_lock_irqsave(&net->nsid_lock, flags); 240 spin_lock_bh(&net->nsid_lock);
243 id = __peernet2id(net, peer); 241 id = __peernet2id(net, peer);
244 spin_unlock_irqrestore(&net->nsid_lock, flags); 242 spin_unlock_bh(&net->nsid_lock);
245 return id; 243 return id;
246} 244}
247EXPORT_SYMBOL(peernet2id); 245EXPORT_SYMBOL(peernet2id);
@@ -256,18 +254,17 @@ bool peernet_has_id(struct net *net, struct net *peer)
256 254
257struct net *get_net_ns_by_id(struct net *net, int id) 255struct net *get_net_ns_by_id(struct net *net, int id)
258{ 256{
259 unsigned long flags;
260 struct net *peer; 257 struct net *peer;
261 258
262 if (id < 0) 259 if (id < 0)
263 return NULL; 260 return NULL;
264 261
265 rcu_read_lock(); 262 rcu_read_lock();
266 spin_lock_irqsave(&net->nsid_lock, flags); 263 spin_lock_bh(&net->nsid_lock);
267 peer = idr_find(&net->netns_ids, id); 264 peer = idr_find(&net->netns_ids, id);
268 if (peer) 265 if (peer)
269 get_net(peer); 266 get_net(peer);
270 spin_unlock_irqrestore(&net->nsid_lock, flags); 267 spin_unlock_bh(&net->nsid_lock);
271 rcu_read_unlock(); 268 rcu_read_unlock();
272 269
273 return peer; 270 return peer;
@@ -437,17 +434,17 @@ static void cleanup_net(struct work_struct *work)
437 for_each_net(tmp) { 434 for_each_net(tmp) {
438 int id; 435 int id;
439 436
440 spin_lock_irq(&tmp->nsid_lock); 437 spin_lock_bh(&tmp->nsid_lock);
441 id = __peernet2id(tmp, net); 438 id = __peernet2id(tmp, net);
442 if (id >= 0) 439 if (id >= 0)
443 idr_remove(&tmp->netns_ids, id); 440 idr_remove(&tmp->netns_ids, id);
444 spin_unlock_irq(&tmp->nsid_lock); 441 spin_unlock_bh(&tmp->nsid_lock);
445 if (id >= 0) 442 if (id >= 0)
446 rtnl_net_notifyid(tmp, RTM_DELNSID, id); 443 rtnl_net_notifyid(tmp, RTM_DELNSID, id);
447 } 444 }
448 spin_lock_irq(&net->nsid_lock); 445 spin_lock_bh(&net->nsid_lock);
449 idr_destroy(&net->netns_ids); 446 idr_destroy(&net->netns_ids);
450 spin_unlock_irq(&net->nsid_lock); 447 spin_unlock_bh(&net->nsid_lock);
451 448
452 } 449 }
453 rtnl_unlock(); 450 rtnl_unlock();
@@ -576,7 +573,6 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
576{ 573{
577 struct net *net = sock_net(skb->sk); 574 struct net *net = sock_net(skb->sk);
578 struct nlattr *tb[NETNSA_MAX + 1]; 575 struct nlattr *tb[NETNSA_MAX + 1];
579 unsigned long flags;
580 struct net *peer; 576 struct net *peer;
581 int nsid, err; 577 int nsid, err;
582 578
@@ -597,15 +593,15 @@ static int rtnl_net_newid(struct sk_buff *skb, struct nlmsghdr *nlh)
597 if (IS_ERR(peer)) 593 if (IS_ERR(peer))
598 return PTR_ERR(peer); 594 return PTR_ERR(peer);
599 595
600 spin_lock_irqsave(&net->nsid_lock, flags); 596 spin_lock_bh(&net->nsid_lock);
601 if (__peernet2id(net, peer) >= 0) { 597 if (__peernet2id(net, peer) >= 0) {
602 spin_unlock_irqrestore(&net->nsid_lock, flags); 598 spin_unlock_bh(&net->nsid_lock);
603 err = -EEXIST; 599 err = -EEXIST;
604 goto out; 600 goto out;
605 } 601 }
606 602
607 err = alloc_netid(net, peer, nsid); 603 err = alloc_netid(net, peer, nsid);
608 spin_unlock_irqrestore(&net->nsid_lock, flags); 604 spin_unlock_bh(&net->nsid_lock);
609 if (err >= 0) { 605 if (err >= 0) {
610 rtnl_net_notifyid(net, RTM_NEWNSID, err); 606 rtnl_net_notifyid(net, RTM_NEWNSID, err);
611 err = 0; 607 err = 0;
@@ -727,11 +723,10 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb)
727 .idx = 0, 723 .idx = 0,
728 .s_idx = cb->args[0], 724 .s_idx = cb->args[0],
729 }; 725 };
730 unsigned long flags;
731 726
732 spin_lock_irqsave(&net->nsid_lock, flags); 727 spin_lock_bh(&net->nsid_lock);
733 idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb); 728 idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb);
734 spin_unlock_irqrestore(&net->nsid_lock, flags); 729 spin_unlock_bh(&net->nsid_lock);
735 730
736 cb->args[0] = net_cb.idx; 731 cb->args[0] = net_cb.idx;
737 return skb->len; 732 return skb->len;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-05 07:49:16 -0500