aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c248
1 files changed, 115 insertions, 133 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index d596e5355f1..0a1355ca3d7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -45,7 +45,7 @@
45#include <asm/types.h> 45#include <asm/types.h>
46#include <linux/atomic.h> 46#include <linux/atomic.h>
47#include <linux/mm.h> 47#include <linux/mm.h>
48#include <linux/export.h> 48#include <linux/module.h>
49#include <linux/slab.h> 49#include <linux/slab.h>
50#include <linux/err.h> 50#include <linux/err.h>
51#include <linux/kthread.h> 51#include <linux/kthread.h>
@@ -61,7 +61,6 @@
61#include <linux/netlink.h> 61#include <linux/netlink.h>
62#include <linux/freezer.h> 62#include <linux/freezer.h>
63#include <linux/tty.h> 63#include <linux/tty.h>
64#include <linux/pid_namespace.h>
65 64
66#include "audit.h" 65#include "audit.h"
67 66
@@ -88,11 +87,11 @@ static int audit_failure = AUDIT_FAIL_PRINTK;
88 87
89/* 88/*
90 * If audit records are to be written to the netlink socket, audit_pid 89 * If audit records are to be written to the netlink socket, audit_pid
91 * contains the pid of the auditd process and audit_nlk_portid contains 90 * contains the pid of the auditd process and audit_nlk_pid contains
92 * the portid to use to send netlink messages to that process. 91 * the pid to use to send netlink messages to that process.
93 */ 92 */
94int audit_pid; 93int audit_pid;
95static int audit_nlk_portid; 94static int audit_nlk_pid;
96 95
97/* If audit_rate_limit is non-zero, limit the rate of sending audit records 96/* If audit_rate_limit is non-zero, limit the rate of sending audit records
98 * to that number per second. This prevents DoS attacks, but results in 97 * to that number per second. This prevents DoS attacks, but results in
@@ -105,7 +104,7 @@ static int audit_backlog_wait_time = 60 * HZ;
105static int audit_backlog_wait_overflow = 0; 104static int audit_backlog_wait_overflow = 0;
106 105
107/* The identity of the user shutting down the audit system. */ 106/* The identity of the user shutting down the audit system. */
108kuid_t audit_sig_uid = INVALID_UID; 107uid_t audit_sig_uid = -1;
109pid_t audit_sig_pid = -1; 108pid_t audit_sig_pid = -1;
110u32 audit_sig_sid = 0; 109u32 audit_sig_sid = 0;
111 110
@@ -265,17 +264,15 @@ void audit_log_lost(const char *message)
265} 264}
266 265
267static int audit_log_config_change(char *function_name, int new, int old, 266static int audit_log_config_change(char *function_name, int new, int old,
268 kuid_t loginuid, u32 sessionid, u32 sid, 267 uid_t loginuid, u32 sessionid, u32 sid,
269 int allow_changes) 268 int allow_changes)
270{ 269{
271 struct audit_buffer *ab; 270 struct audit_buffer *ab;
272 int rc = 0; 271 int rc = 0;
273 272
274 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 273 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
275 if (unlikely(!ab))
276 return rc;
277 audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, 274 audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
278 old, from_kuid(&init_user_ns, loginuid), sessionid); 275 old, loginuid, sessionid);
279 if (sid) { 276 if (sid) {
280 char *ctx = NULL; 277 char *ctx = NULL;
281 u32 len; 278 u32 len;
@@ -295,7 +292,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
295} 292}
296 293
297static int audit_do_config_change(char *function_name, int *to_change, 294static int audit_do_config_change(char *function_name, int *to_change,
298 int new, kuid_t loginuid, u32 sessionid, 295 int new, uid_t loginuid, u32 sessionid,
299 u32 sid) 296 u32 sid)
300{ 297{
301 int allow_changes, rc = 0, old = *to_change; 298 int allow_changes, rc = 0, old = *to_change;
@@ -322,21 +319,21 @@ static int audit_do_config_change(char *function_name, int *to_change,
322 return rc; 319 return rc;
323} 320}
324 321
325static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid, 322static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
326 u32 sid) 323 u32 sid)
327{ 324{
328 return audit_do_config_change("audit_rate_limit", &audit_rate_limit, 325 return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
329 limit, loginuid, sessionid, sid); 326 limit, loginuid, sessionid, sid);
330} 327}
331 328
332static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid, 329static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
333 u32 sid) 330 u32 sid)
334{ 331{
335 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, 332 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
336 limit, loginuid, sessionid, sid); 333 limit, loginuid, sessionid, sid);
337} 334}
338 335
339static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid) 336static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
340{ 337{
341 int rc; 338 int rc;
342 if (state < AUDIT_OFF || state > AUDIT_LOCKED) 339 if (state < AUDIT_OFF || state > AUDIT_LOCKED)
@@ -351,7 +348,7 @@ static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid)
351 return rc; 348 return rc;
352} 349}
353 350
354static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid) 351static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
355{ 352{
356 if (state != AUDIT_FAIL_SILENT 353 if (state != AUDIT_FAIL_SILENT
357 && state != AUDIT_FAIL_PRINTK 354 && state != AUDIT_FAIL_PRINTK
@@ -387,7 +384,7 @@ static void audit_hold_skb(struct sk_buff *skb)
387static void audit_printk_skb(struct sk_buff *skb) 384static void audit_printk_skb(struct sk_buff *skb)
388{ 385{
389 struct nlmsghdr *nlh = nlmsg_hdr(skb); 386 struct nlmsghdr *nlh = nlmsg_hdr(skb);
390 char *data = nlmsg_data(nlh); 387 char *data = NLMSG_DATA(nlh);
391 388
392 if (nlh->nlmsg_type != AUDIT_EOE) { 389 if (nlh->nlmsg_type != AUDIT_EOE) {
393 if (printk_ratelimit()) 390 if (printk_ratelimit())
@@ -404,7 +401,7 @@ static void kauditd_send_skb(struct sk_buff *skb)
404 int err; 401 int err;
405 /* take a reference in case we can't send it and we want to hold it */ 402 /* take a reference in case we can't send it and we want to hold it */
406 skb_get(skb); 403 skb_get(skb);
407 err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); 404 err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0);
408 if (err < 0) { 405 if (err < 0) {
409 BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */ 406 BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */
410 printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid); 407 printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
@@ -470,6 +467,24 @@ static int kauditd_thread(void *dummy)
470 return 0; 467 return 0;
471} 468}
472 469
470static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
471{
472 struct task_struct *tsk;
473 int err;
474
475 rcu_read_lock();
476 tsk = find_task_by_vpid(pid);
477 if (!tsk) {
478 rcu_read_unlock();
479 return -ESRCH;
480 }
481 get_task_struct(tsk);
482 rcu_read_unlock();
483 err = tty_audit_push_task(tsk, loginuid, sessionid);
484 put_task_struct(tsk);
485 return err;
486}
487
473int audit_send_list(void *_dest) 488int audit_send_list(void *_dest)
474{ 489{
475 struct audit_netlink_list *dest = _dest; 490 struct audit_netlink_list *dest = _dest;
@@ -501,15 +516,14 @@ struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
501 if (!skb) 516 if (!skb)
502 return NULL; 517 return NULL;
503 518
504 nlh = nlmsg_put(skb, pid, seq, t, size, flags); 519 nlh = NLMSG_NEW(skb, pid, seq, t, size, flags);
505 if (!nlh) 520 data = NLMSG_DATA(nlh);
506 goto out_kfree_skb;
507 data = nlmsg_data(nlh);
508 memcpy(data, payload, size); 521 memcpy(data, payload, size);
509 return skb; 522 return skb;
510 523
511out_kfree_skb: 524nlmsg_failure: /* Used by NLMSG_NEW */
512 kfree_skb(skb); 525 if (skb)
526 kfree_skb(skb);
513 return NULL; 527 return NULL;
514} 528}
515 529
@@ -573,11 +587,6 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
573{ 587{
574 int err = 0; 588 int err = 0;
575 589
576 /* Only support the initial namespaces for now. */
577 if ((current_user_ns() != &init_user_ns) ||
578 (task_active_pid_ns(current) != &init_pid_ns))
579 return -EPERM;
580
581 switch (msg_type) { 590 switch (msg_type) {
582 case AUDIT_GET: 591 case AUDIT_GET:
583 case AUDIT_LIST: 592 case AUDIT_LIST:
@@ -592,13 +601,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
592 case AUDIT_TTY_SET: 601 case AUDIT_TTY_SET:
593 case AUDIT_TRIM: 602 case AUDIT_TRIM:
594 case AUDIT_MAKE_EQUIV: 603 case AUDIT_MAKE_EQUIV:
595 if (!capable(CAP_AUDIT_CONTROL)) 604 if (security_netlink_recv(skb, CAP_AUDIT_CONTROL))
596 err = -EPERM; 605 err = -EPERM;
597 break; 606 break;
598 case AUDIT_USER: 607 case AUDIT_USER:
599 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: 608 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
600 case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: 609 case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
601 if (!capable(CAP_AUDIT_WRITE)) 610 if (security_netlink_recv(skb, CAP_AUDIT_WRITE))
602 err = -EPERM; 611 err = -EPERM;
603 break; 612 break;
604 default: /* bad msg */ 613 default: /* bad msg */
@@ -609,7 +618,8 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
609} 618}
610 619
611static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, 620static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
612 kuid_t auid, u32 ses, u32 sid) 621 u32 pid, u32 uid, uid_t auid, u32 ses,
622 u32 sid)
613{ 623{
614 int rc = 0; 624 int rc = 0;
615 char *ctx = NULL; 625 char *ctx = NULL;
@@ -621,12 +631,8 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
621 } 631 }
622 632
623 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 633 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
624 if (unlikely(!*ab)) 634 audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",
625 return rc; 635 pid, uid, auid, ses);
626 audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
627 task_tgid_vnr(current),
628 from_kuid(&init_user_ns, current_uid()),
629 from_kuid(&init_user_ns, auid), ses);
630 if (sid) { 636 if (sid) {
631 rc = security_secid_to_secctx(sid, &ctx, &len); 637 rc = security_secid_to_secctx(sid, &ctx, &len);
632 if (rc) 638 if (rc)
@@ -642,13 +648,13 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
642 648
643static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 649static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
644{ 650{
645 u32 seq, sid; 651 u32 uid, pid, seq, sid;
646 void *data; 652 void *data;
647 struct audit_status *status_get, status_set; 653 struct audit_status *status_get, status_set;
648 int err; 654 int err;
649 struct audit_buffer *ab; 655 struct audit_buffer *ab;
650 u16 msg_type = nlh->nlmsg_type; 656 u16 msg_type = nlh->nlmsg_type;
651 kuid_t loginuid; /* loginuid of sender */ 657 uid_t loginuid; /* loginuid of sender */
652 u32 sessionid; 658 u32 sessionid;
653 struct audit_sig_info *sig_data; 659 struct audit_sig_info *sig_data;
654 char *ctx = NULL; 660 char *ctx = NULL;
@@ -668,11 +674,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
668 return err; 674 return err;
669 } 675 }
670 676
677 pid = NETLINK_CREDS(skb)->pid;
678 uid = NETLINK_CREDS(skb)->uid;
671 loginuid = audit_get_loginuid(current); 679 loginuid = audit_get_loginuid(current);
672 sessionid = audit_get_sessionid(current); 680 sessionid = audit_get_sessionid(current);
673 security_task_getsecid(current, &sid); 681 security_task_getsecid(current, &sid);
674 seq = nlh->nlmsg_seq; 682 seq = nlh->nlmsg_seq;
675 data = nlmsg_data(nlh); 683 data = NLMSG_DATA(nlh);
676 684
677 switch (msg_type) { 685 switch (msg_type) {
678 case AUDIT_GET: 686 case AUDIT_GET:
@@ -683,7 +691,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
683 status_set.backlog_limit = audit_backlog_limit; 691 status_set.backlog_limit = audit_backlog_limit;
684 status_set.lost = atomic_read(&audit_lost); 692 status_set.lost = atomic_read(&audit_lost);
685 status_set.backlog = skb_queue_len(&audit_skb_queue); 693 status_set.backlog = skb_queue_len(&audit_skb_queue);
686 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, 694 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
687 &status_set, sizeof(status_set)); 695 &status_set, sizeof(status_set));
688 break; 696 break;
689 case AUDIT_SET: 697 case AUDIT_SET:
@@ -711,7 +719,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
711 sessionid, sid, 1); 719 sessionid, sid, 1);
712 720
713 audit_pid = new_pid; 721 audit_pid = new_pid;
714 audit_nlk_portid = NETLINK_CB(skb).portid; 722 audit_nlk_pid = NETLINK_CB(skb).pid;
715 } 723 }
716 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { 724 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) {
717 err = audit_set_rate_limit(status_get->rate_limit, 725 err = audit_set_rate_limit(status_get->rate_limit,
@@ -729,16 +737,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
729 if (!audit_enabled && msg_type != AUDIT_USER_AVC) 737 if (!audit_enabled && msg_type != AUDIT_USER_AVC)
730 return 0; 738 return 0;
731 739
732 err = audit_filter_user(); 740 err = audit_filter_user(&NETLINK_CB(skb));
733 if (err == 1) { 741 if (err == 1) {
734 err = 0; 742 err = 0;
735 if (msg_type == AUDIT_USER_TTY) { 743 if (msg_type == AUDIT_USER_TTY) {
736 err = tty_audit_push_task(current, loginuid, 744 err = audit_prepare_user_tty(pid, loginuid,
737 sessionid); 745 sessionid);
738 if (err) 746 if (err)
739 break; 747 break;
740 } 748 }
741 audit_log_common_recv_msg(&ab, msg_type, 749 audit_log_common_recv_msg(&ab, msg_type, pid, uid,
742 loginuid, sessionid, sid); 750 loginuid, sessionid, sid);
743 751
744 if (msg_type != AUDIT_USER_TTY) 752 if (msg_type != AUDIT_USER_TTY)
@@ -754,7 +762,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
754 size--; 762 size--;
755 audit_log_n_untrustedstring(ab, data, size); 763 audit_log_n_untrustedstring(ab, data, size);
756 } 764 }
757 audit_set_pid(ab, NETLINK_CB(skb).portid); 765 audit_set_pid(ab, pid);
758 audit_log_end(ab); 766 audit_log_end(ab);
759 } 767 }
760 break; 768 break;
@@ -763,8 +771,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
763 if (nlmsg_len(nlh) < sizeof(struct audit_rule)) 771 if (nlmsg_len(nlh) < sizeof(struct audit_rule))
764 return -EINVAL; 772 return -EINVAL;
765 if (audit_enabled == AUDIT_LOCKED) { 773 if (audit_enabled == AUDIT_LOCKED) {
766 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 774 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
767 loginuid, sessionid, sid); 775 uid, loginuid, sessionid, sid);
768 776
769 audit_log_format(ab, " audit_enabled=%d res=0", 777 audit_log_format(ab, " audit_enabled=%d res=0",
770 audit_enabled); 778 audit_enabled);
@@ -773,8 +781,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
773 } 781 }
774 /* fallthrough */ 782 /* fallthrough */
775 case AUDIT_LIST: 783 case AUDIT_LIST:
776 err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, 784 err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
777 seq, data, nlmsg_len(nlh), 785 uid, seq, data, nlmsg_len(nlh),
778 loginuid, sessionid, sid); 786 loginuid, sessionid, sid);
779 break; 787 break;
780 case AUDIT_ADD_RULE: 788 case AUDIT_ADD_RULE:
@@ -782,8 +790,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
782 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) 790 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
783 return -EINVAL; 791 return -EINVAL;
784 if (audit_enabled == AUDIT_LOCKED) { 792 if (audit_enabled == AUDIT_LOCKED) {
785 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 793 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
786 loginuid, sessionid, sid); 794 uid, loginuid, sessionid, sid);
787 795
788 audit_log_format(ab, " audit_enabled=%d res=0", 796 audit_log_format(ab, " audit_enabled=%d res=0",
789 audit_enabled); 797 audit_enabled);
@@ -792,15 +800,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
792 } 800 }
793 /* fallthrough */ 801 /* fallthrough */
794 case AUDIT_LIST_RULES: 802 case AUDIT_LIST_RULES:
795 err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, 803 err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
796 seq, data, nlmsg_len(nlh), 804 uid, seq, data, nlmsg_len(nlh),
797 loginuid, sessionid, sid); 805 loginuid, sessionid, sid);
798 break; 806 break;
799 case AUDIT_TRIM: 807 case AUDIT_TRIM:
800 audit_trim_trees(); 808 audit_trim_trees();
801 809
802 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 810 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
803 loginuid, sessionid, sid); 811 uid, loginuid, sessionid, sid);
804 812
805 audit_log_format(ab, " op=trim res=1"); 813 audit_log_format(ab, " op=trim res=1");
806 audit_log_end(ab); 814 audit_log_end(ab);
@@ -831,8 +839,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
831 /* OK, here comes... */ 839 /* OK, here comes... */
832 err = audit_tag_tree(old, new); 840 err = audit_tag_tree(old, new);
833 841
834 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 842 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
835 loginuid, sessionid, sid); 843 uid, loginuid, sessionid, sid);
836 844
837 audit_log_format(ab, " op=make_equiv old="); 845 audit_log_format(ab, " op=make_equiv old=");
838 audit_log_untrustedstring(ab, old); 846 audit_log_untrustedstring(ab, old);
@@ -857,41 +865,53 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
857 security_release_secctx(ctx, len); 865 security_release_secctx(ctx, len);
858 return -ENOMEM; 866 return -ENOMEM;
859 } 867 }
860 sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); 868 sig_data->uid = audit_sig_uid;
861 sig_data->pid = audit_sig_pid; 869 sig_data->pid = audit_sig_pid;
862 if (audit_sig_sid) { 870 if (audit_sig_sid) {
863 memcpy(sig_data->ctx, ctx, len); 871 memcpy(sig_data->ctx, ctx, len);
864 security_release_secctx(ctx, len); 872 security_release_secctx(ctx, len);
865 } 873 }
866 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_SIGNAL_INFO, 874 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
867 0, 0, sig_data, sizeof(*sig_data) + len); 875 0, 0, sig_data, sizeof(*sig_data) + len);
868 kfree(sig_data); 876 kfree(sig_data);
869 break; 877 break;
870 case AUDIT_TTY_GET: { 878 case AUDIT_TTY_GET: {
871 struct audit_tty_status s; 879 struct audit_tty_status s;
872 struct task_struct *tsk = current; 880 struct task_struct *tsk;
873 881 unsigned long flags;
874 spin_lock_irq(&tsk->sighand->siglock); 882
875 s.enabled = tsk->signal->audit_tty != 0; 883 rcu_read_lock();
876 spin_unlock_irq(&tsk->sighand->siglock); 884 tsk = find_task_by_vpid(pid);
877 885 if (tsk && lock_task_sighand(tsk, &flags)) {
878 audit_send_reply(NETLINK_CB(skb).portid, seq, 886 s.enabled = tsk->signal->audit_tty != 0;
879 AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); 887 unlock_task_sighand(tsk, &flags);
888 } else
889 err = -ESRCH;
890 rcu_read_unlock();
891
892 if (!err)
893 audit_send_reply(NETLINK_CB(skb).pid, seq,
894 AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
880 break; 895 break;
881 } 896 }
882 case AUDIT_TTY_SET: { 897 case AUDIT_TTY_SET: {
883 struct audit_tty_status *s; 898 struct audit_tty_status *s;
884 struct task_struct *tsk = current; 899 struct task_struct *tsk;
900 unsigned long flags;
885 901
886 if (nlh->nlmsg_len < sizeof(struct audit_tty_status)) 902 if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
887 return -EINVAL; 903 return -EINVAL;
888 s = data; 904 s = data;
889 if (s->enabled != 0 && s->enabled != 1) 905 if (s->enabled != 0 && s->enabled != 1)
890 return -EINVAL; 906 return -EINVAL;
891 907 rcu_read_lock();
892 spin_lock_irq(&tsk->sighand->siglock); 908 tsk = find_task_by_vpid(pid);
893 tsk->signal->audit_tty = s->enabled != 0; 909 if (tsk && lock_task_sighand(tsk, &flags)) {
894 spin_unlock_irq(&tsk->sighand->siglock); 910 tsk->signal->audit_tty = s->enabled != 0;
911 unlock_task_sighand(tsk, &flags);
912 } else
913 err = -ESRCH;
914 rcu_read_unlock();
895 break; 915 break;
896 } 916 }
897 default: 917 default:
@@ -941,16 +961,14 @@ static void audit_receive(struct sk_buff *skb)
941static int __init audit_init(void) 961static int __init audit_init(void)
942{ 962{
943 int i; 963 int i;
944 struct netlink_kernel_cfg cfg = {
945 .input = audit_receive,
946 };
947 964
948 if (audit_initialized == AUDIT_DISABLED) 965 if (audit_initialized == AUDIT_DISABLED)
949 return 0; 966 return 0;
950 967
951 printk(KERN_INFO "audit: initializing netlink socket (%s)\n", 968 printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
952 audit_default ? "enabled" : "disabled"); 969 audit_default ? "enabled" : "disabled");
953 audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, &cfg); 970 audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
971 audit_receive, NULL, THIS_MODULE);
954 if (!audit_sock) 972 if (!audit_sock)
955 audit_panic("cannot initialize netlink socket"); 973 audit_panic("cannot initialize netlink socket");
956 else 974 else
@@ -1042,15 +1060,13 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
1042 1060
1043 ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask); 1061 ab->skb = nlmsg_new(AUDIT_BUFSIZ, gfp_mask);
1044 if (!ab->skb) 1062 if (!ab->skb)
1045 goto err; 1063 goto nlmsg_failure;
1046 1064
1047 nlh = nlmsg_put(ab->skb, 0, 0, type, 0, 0); 1065 nlh = NLMSG_NEW(ab->skb, 0, 0, type, 0, 0);
1048 if (!nlh)
1049 goto out_kfree_skb;
1050 1066
1051 return ab; 1067 return ab;
1052 1068
1053out_kfree_skb: 1069nlmsg_failure: /* Used by NLMSG_NEW */
1054 kfree_skb(ab->skb); 1070 kfree_skb(ab->skb);
1055 ab->skb = NULL; 1071 ab->skb = NULL;
1056err: 1072err:
@@ -1101,23 +1117,6 @@ static inline void audit_get_stamp(struct audit_context *ctx,
1101 } 1117 }
1102} 1118}
1103 1119
1104/*
1105 * Wait for auditd to drain the queue a little
1106 */
1107static void wait_for_auditd(unsigned long sleep_time)
1108{
1109 DECLARE_WAITQUEUE(wait, current);
1110 set_current_state(TASK_INTERRUPTIBLE);
1111 add_wait_queue(&audit_backlog_wait, &wait);
1112
1113 if (audit_backlog_limit &&
1114 skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
1115 schedule_timeout(sleep_time);
1116
1117 __set_current_state(TASK_RUNNING);
1118 remove_wait_queue(&audit_backlog_wait, &wait);
1119}
1120
1121/* Obtain an audit buffer. This routine does locking to obtain the 1120/* Obtain an audit buffer. This routine does locking to obtain the
1122 * audit buffer, but then no locking is required for calls to 1121 * audit buffer, but then no locking is required for calls to
1123 * audit_log_*format. If the tsk is a task that is currently in a 1122 * audit_log_*format. If the tsk is a task that is currently in a
@@ -1163,13 +1162,20 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
1163 1162
1164 while (audit_backlog_limit 1163 while (audit_backlog_limit
1165 && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) { 1164 && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
1166 if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time) { 1165 if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time
1167 unsigned long sleep_time; 1166 && time_before(jiffies, timeout_start + audit_backlog_wait_time)) {
1167
1168 /* Wait for auditd to drain the queue a little */
1169 DECLARE_WAITQUEUE(wait, current);
1170 set_current_state(TASK_INTERRUPTIBLE);
1171 add_wait_queue(&audit_backlog_wait, &wait);
1168 1172
1169 sleep_time = timeout_start + audit_backlog_wait_time - 1173 if (audit_backlog_limit &&
1170 jiffies; 1174 skb_queue_len(&audit_skb_queue) > audit_backlog_limit)
1171 if ((long)sleep_time > 0) 1175 schedule_timeout(timeout_start + audit_backlog_wait_time - jiffies);
1172 wait_for_auditd(sleep_time); 1176
1177 __set_current_state(TASK_RUNNING);
1178 remove_wait_queue(&audit_backlog_wait, &wait);
1173 continue; 1179 continue;
1174 } 1180 }
1175 if (audit_rate_check() && printk_ratelimit()) 1181 if (audit_rate_check() && printk_ratelimit())
@@ -1254,13 +1260,12 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
1254 avail = audit_expand(ab, 1260 avail = audit_expand(ab,
1255 max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); 1261 max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
1256 if (!avail) 1262 if (!avail)
1257 goto out_va_end; 1263 goto out;
1258 len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2); 1264 len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);
1259 } 1265 }
1266 va_end(args2);
1260 if (len > 0) 1267 if (len > 0)
1261 skb_put(skb, len); 1268 skb_put(skb, len);
1262out_va_end:
1263 va_end(args2);
1264out: 1269out:
1265 return; 1270 return;
1266} 1271}
@@ -1412,12 +1417,12 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
1412 1417
1413/* This is a helper-function to print the escaped d_path */ 1418/* This is a helper-function to print the escaped d_path */
1414void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 1419void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
1415 const struct path *path) 1420 struct path *path)
1416{ 1421{
1417 char *p, *pathname; 1422 char *p, *pathname;
1418 1423
1419 if (prefix) 1424 if (prefix)
1420 audit_log_format(ab, "%s", prefix); 1425 audit_log_format(ab, " %s", prefix);
1421 1426
1422 /* We will allow 11 spaces for ' (deleted)' to be appended */ 1427 /* We will allow 11 spaces for ' (deleted)' to be appended */
1423 pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); 1428 pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
@@ -1444,29 +1449,6 @@ void audit_log_key(struct audit_buffer *ab, char *key)
1444} 1449}
1445 1450
1446/** 1451/**
1447 * audit_log_link_denied - report a link restriction denial
1448 * @operation: specific link opreation
1449 * @link: the path that triggered the restriction
1450 */
1451void audit_log_link_denied(const char *operation, struct path *link)
1452{
1453 struct audit_buffer *ab;
1454
1455 ab = audit_log_start(current->audit_context, GFP_KERNEL,
1456 AUDIT_ANOM_LINK);
1457 if (!ab)
1458 return;
1459 audit_log_format(ab, "op=%s action=denied", operation);
1460 audit_log_format(ab, " pid=%d comm=", current->pid);
1461 audit_log_untrustedstring(ab, current->comm);
1462 audit_log_d_path(ab, " path=", link);
1463 audit_log_format(ab, " dev=");
1464 audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
1465 audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
1466 audit_log_end(ab);
1467}
1468
1469/**
1470 * audit_log_end - end one audit record 1452 * audit_log_end - end one audit record
1471 * @ab: the audit_buffer 1453 * @ab: the audit_buffer
1472 * 1454 *
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-10 17:02:58 -0400