diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-02 16:38:27 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-02 16:38:27 -0400 |
| commit | aecdc33e111b2c447b622e287c6003726daa1426 (patch) | |
| tree | 3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6 /kernel/audit.c | |
| parent | a20acf99f75e49271381d65db097c9763060a1e8 (diff) | |
| parent | a3a6cab5ea10cca64d036851fe0d932448f2fe4f (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking changes from David Miller:
1) GRE now works over ipv6, from Dmitry Kozlov.
2) Make SCTP more network namespace aware, from Eric Biederman.
3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.
4) Make openvswitch network namespace aware, from Pravin B Shelar.
5) IPV6 NAT implementation, from Patrick McHardy.
6) Server side support for TCP Fast Open, from Jerry Chu and others.
7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel
Borkmann.
8) Increate the loopback default MTU to 64K, from Eric Dumazet.
9) Use a per-task rather than per-socket page fragment allocator for
outgoing networking traffic. This benefits processes that have very
many mostly idle sockets, which is quite common.
From Eric Dumazet.
10) Use up to 32K for page fragment allocations, with fallbacks to
smaller sizes when higher order page allocations fail. Benefits are
a) less segments for driver to process b) less calls to page
allocator c) less waste of space.
From Eric Dumazet.
11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.
12) VXLAN device driver, one way to handle VLAN issues such as the
limitation of 4096 VLAN IDs yet still have some level of isolation.
From Stephen Hemminger.
13) As usual there is a large boatload of driver changes, with the scale
perhaps tilted towards the wireless side this time around.
Fix up various fairly trivial conflicts, mostly caused by the user
namespace changes.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)
hyperv: Add buffer for extended info after the RNDIS response message.
hyperv: Report actual status in receive completion packet
hyperv: Remove extra allocated space for recv_pkt_list elements
hyperv: Fix page buffer handling in rndis_filter_send_request()
hyperv: Fix the missing return value in rndis_filter_set_packet_filter()
hyperv: Fix the max_xfer_size in RNDIS initialization
vxlan: put UDP socket in correct namespace
vxlan: Depend on CONFIG_INET
sfc: Fix the reported priorities of different filter types
sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP
sfc: Fix loopback self-test with separate_tx_channels=1
sfc: Fix MCDI structure field lookup
sfc: Add parentheses around use of bitfield macro arguments
sfc: Fix null function pointer in efx_sriov_channel_type
vxlan: virtual extensible lan
igmp: export symbol ip_mc_leave_group
netlink: add attributes to fdb interface
tg3: unconditionally select HWMON support when tg3 is enabled.
Revert "net: ti cpsw ethernet: allow reading phy interface mode from DT"
gre: fix sparse warning
...
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 511488a7bc71..4d0ceede3319 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -88,11 +88,11 @@ static int audit_failure = AUDIT_FAIL_PRINTK; | |||
| 88 | 88 | ||
| 89 | /* | 89 | /* |
| 90 | * If audit records are to be written to the netlink socket, audit_pid | 90 | * If audit records are to be written to the netlink socket, audit_pid |
| 91 | * contains the pid of the auditd process and audit_nlk_pid contains | 91 | * contains the pid of the auditd process and audit_nlk_portid contains |
| 92 | * the pid to use to send netlink messages to that process. | 92 | * the portid to use to send netlink messages to that process. |
| 93 | */ | 93 | */ |
| 94 | int audit_pid; | 94 | int audit_pid; |
| 95 | static int audit_nlk_pid; | 95 | static int audit_nlk_portid; |
| 96 | 96 | ||
| 97 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records | 97 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records |
| 98 | * to that number per second. This prevents DoS attacks, but results in | 98 | * to that number per second. This prevents DoS attacks, but results in |
| @@ -402,7 +402,7 @@ static void kauditd_send_skb(struct sk_buff *skb) | |||
| 402 | int err; | 402 | int err; |
| 403 | /* take a reference in case we can't send it and we want to hold it */ | 403 | /* take a reference in case we can't send it and we want to hold it */ |
| 404 | skb_get(skb); | 404 | skb_get(skb); |
| 405 | err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0); | 405 | err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); |
| 406 | if (err < 0) { | 406 | if (err < 0) { |
| 407 | BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */ | 407 | BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */ |
| 408 | printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid); | 408 | printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid); |
| @@ -679,7 +679,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 679 | status_set.backlog_limit = audit_backlog_limit; | 679 | status_set.backlog_limit = audit_backlog_limit; |
| 680 | status_set.lost = atomic_read(&audit_lost); | 680 | status_set.lost = atomic_read(&audit_lost); |
| 681 | status_set.backlog = skb_queue_len(&audit_skb_queue); | 681 | status_set.backlog = skb_queue_len(&audit_skb_queue); |
| 682 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, | 682 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, |
| 683 | &status_set, sizeof(status_set)); | 683 | &status_set, sizeof(status_set)); |
| 684 | break; | 684 | break; |
| 685 | case AUDIT_SET: | 685 | case AUDIT_SET: |
| @@ -707,7 +707,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 707 | sessionid, sid, 1); | 707 | sessionid, sid, 1); |
| 708 | 708 | ||
| 709 | audit_pid = new_pid; | 709 | audit_pid = new_pid; |
| 710 | audit_nlk_pid = NETLINK_CB(skb).pid; | 710 | audit_nlk_portid = NETLINK_CB(skb).portid; |
| 711 | } | 711 | } |
| 712 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { | 712 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { |
| 713 | err = audit_set_rate_limit(status_get->rate_limit, | 713 | err = audit_set_rate_limit(status_get->rate_limit, |
| @@ -750,7 +750,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 750 | size--; | 750 | size--; |
| 751 | audit_log_n_untrustedstring(ab, data, size); | 751 | audit_log_n_untrustedstring(ab, data, size); |
| 752 | } | 752 | } |
| 753 | audit_set_pid(ab, NETLINK_CB(skb).pid); | 753 | audit_set_pid(ab, NETLINK_CB(skb).portid); |
| 754 | audit_log_end(ab); | 754 | audit_log_end(ab); |
| 755 | } | 755 | } |
| 756 | break; | 756 | break; |
| @@ -769,7 +769,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 769 | } | 769 | } |
| 770 | /* fallthrough */ | 770 | /* fallthrough */ |
| 771 | case AUDIT_LIST: | 771 | case AUDIT_LIST: |
| 772 | err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid, | 772 | err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, |
| 773 | seq, data, nlmsg_len(nlh), | 773 | seq, data, nlmsg_len(nlh), |
| 774 | loginuid, sessionid, sid); | 774 | loginuid, sessionid, sid); |
| 775 | break; | 775 | break; |
| @@ -788,7 +788,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 788 | } | 788 | } |
| 789 | /* fallthrough */ | 789 | /* fallthrough */ |
| 790 | case AUDIT_LIST_RULES: | 790 | case AUDIT_LIST_RULES: |
| 791 | err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid, | 791 | err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, |
| 792 | seq, data, nlmsg_len(nlh), | 792 | seq, data, nlmsg_len(nlh), |
| 793 | loginuid, sessionid, sid); | 793 | loginuid, sessionid, sid); |
| 794 | break; | 794 | break; |
| @@ -859,7 +859,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 859 | memcpy(sig_data->ctx, ctx, len); | 859 | memcpy(sig_data->ctx, ctx, len); |
| 860 | security_release_secctx(ctx, len); | 860 | security_release_secctx(ctx, len); |
| 861 | } | 861 | } |
| 862 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, | 862 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_SIGNAL_INFO, |
| 863 | 0, 0, sig_data, sizeof(*sig_data) + len); | 863 | 0, 0, sig_data, sizeof(*sig_data) + len); |
| 864 | kfree(sig_data); | 864 | kfree(sig_data); |
| 865 | break; | 865 | break; |
| @@ -871,7 +871,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 871 | s.enabled = tsk->signal->audit_tty != 0; | 871 | s.enabled = tsk->signal->audit_tty != 0; |
| 872 | spin_unlock_irq(&tsk->sighand->siglock); | 872 | spin_unlock_irq(&tsk->sighand->siglock); |
| 873 | 873 | ||
| 874 | audit_send_reply(NETLINK_CB(skb).pid, seq, | 874 | audit_send_reply(NETLINK_CB(skb).portid, seq, |
| 875 | AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); | 875 | AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); |
| 876 | break; | 876 | break; |
| 877 | } | 877 | } |
| @@ -946,8 +946,7 @@ static int __init audit_init(void) | |||
| 946 | 946 | ||
| 947 | printk(KERN_INFO "audit: initializing netlink socket (%s)\n", | 947 | printk(KERN_INFO "audit: initializing netlink socket (%s)\n", |
| 948 | audit_default ? "enabled" : "disabled"); | 948 | audit_default ? "enabled" : "disabled"); |
| 949 | audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, | 949 | audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, &cfg); |
| 950 | THIS_MODULE, &cfg); | ||
| 951 | if (!audit_sock) | 950 | if (!audit_sock) |
| 952 | audit_panic("cannot initialize netlink socket"); | 951 | audit_panic("cannot initialize netlink socket"); |
| 953 | else | 952 | else |