aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-12-23 21:13:16 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2014-12-23 21:13:16 -0500
commit66b3f4f0a0fcc197a1e432c3d2134f5c6a5275b9 (patch)
tree00a5b55daae62443f4242c2036dcdaadb346ba83
parent53262d12d1658669029ab39a63e3d314108abe66 (diff)
parent041d7b98ffe59c59fdd639931dea7d74f9aa9a59 (diff)
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
Pull audit fixes from Paul Moore: "Four patches to fix various problems with the audit subsystem, all are fairly small and straightforward. One patch fixes a problem where we weren't using the correct gfp allocation flags (GFP_KERNEL regardless of context, oops), one patch fixes a problem with old userspace tools (this was broken for a while), one patch fixes a problem where we weren't recording pathnames correctly, and one fixes a problem with PID based filters. In general I don't think there is anything controversial with this patchset, and it fixes some rather unfortunate bugs; the allocation flag one can be particularly scary looking for users" * 'upstream' of git://git.infradead.org/users/pcmoore/audit: audit: restore AUDIT_LOGINUID unset ABI audit: correctly record file names with different path name types audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb audit: don't attempt to lookup PIDs when changing PID filtering audit rules
Diffstat
-rw-r--r--include/linux/audit.h4
-rw-r--r--kernel/audit.c8
-rw-r--r--kernel/auditfilter.c23
-rw-r--r--kernel/auditsc.c14
4 files changed, 28 insertions, 21 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 0c04917c2f12..af84234e1f6e 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -47,6 +47,7 @@ struct sk_buff;
47 47
48struct audit_krule { 48struct audit_krule {
49 int vers_ops; 49 int vers_ops;
50 u32 pflags;
50 u32 flags; 51 u32 flags;
51 u32 listnr; 52 u32 listnr;
52 u32 action; 53 u32 action;
@@ -64,6 +65,9 @@ struct audit_krule {
64 u64 prio; 65 u64 prio;
65}; 66};
66 67
68/* Flag to indicate legacy AUDIT_LOGINUID unset usage */
69#define AUDIT_LOGINUID_LEGACY 0x1
70
67struct audit_field { 71struct audit_field {
68 u32 type; 72 u32 type;
69 union { 73 union {
diff --git a/kernel/audit.c b/kernel/audit.c
index f8f203e8018c..231b7dcb154b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -429,7 +429,7 @@ static void kauditd_send_skb(struct sk_buff *skb)
429 * This function doesn't consume an skb as might be expected since it has to 429 * This function doesn't consume an skb as might be expected since it has to
430 * copy it anyways. 430 * copy it anyways.
431 */ 431 */
432static void kauditd_send_multicast_skb(struct sk_buff *skb) 432static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask)
433{ 433{
434 struct sk_buff *copy; 434 struct sk_buff *copy;
435 struct audit_net *aunet = net_generic(&init_net, audit_net_id); 435 struct audit_net *aunet = net_generic(&init_net, audit_net_id);
@@ -448,11 +448,11 @@ static void kauditd_send_multicast_skb(struct sk_buff *skb)
448 * no reason for new multicast clients to continue with this 448 * no reason for new multicast clients to continue with this
449 * non-compliance. 449 * non-compliance.
450 */ 450 */
451 copy = skb_copy(skb, GFP_KERNEL); 451 copy = skb_copy(skb, gfp_mask);
452 if (!copy) 452 if (!copy)
453 return; 453 return;
454 454
455 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL); 455 nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask);
456} 456}
457 457
458/* 458/*
@@ -1940,7 +1940,7 @@ void audit_log_end(struct audit_buffer *ab)
1940 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); 1940 struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
1941 1941
1942 nlh->nlmsg_len = ab->skb->len; 1942 nlh->nlmsg_len = ab->skb->len;
1943 kauditd_send_multicast_skb(ab->skb); 1943 kauditd_send_multicast_skb(ab->skb, ab->gfp_mask);
1944 1944
1945 /* 1945 /*
1946 * The original kaudit unicast socket sends up messages with 1946 * The original kaudit unicast socket sends up messages with
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3598e13f2a65..4f68a326d92e 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -442,19 +442,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
442 if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { 442 if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) {
443 f->type = AUDIT_LOGINUID_SET; 443 f->type = AUDIT_LOGINUID_SET;
444 f->val = 0; 444 f->val = 0;
445 } 445 entry->rule.pflags |= AUDIT_LOGINUID_LEGACY;
446
447 if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) {
448 struct pid *pid;
449 rcu_read_lock();
450 pid = find_vpid(f->val);
451 if (!pid) {
452 rcu_read_unlock();
453 err = -ESRCH;
454 goto exit_free;
455 }
456 f->val = pid_nr(pid);
457 rcu_read_unlock();
458 } 446 }
459 447
460 err = audit_field_valid(entry, f); 448 err = audit_field_valid(entry, f);
@@ -630,6 +618,13 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
630 data->buflen += data->values[i] = 618 data->buflen += data->values[i] =
631 audit_pack_string(&bufp, krule->filterkey); 619 audit_pack_string(&bufp, krule->filterkey);
632 break; 620 break;
621 case AUDIT_LOGINUID_SET:
622 if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) {
623 data->fields[i] = AUDIT_LOGINUID;
624 data->values[i] = AUDIT_UID_UNSET;
625 break;
626 }
627 /* fallthrough if set */
633 default: 628 default:
634 data->values[i] = f->val; 629 data->values[i] = f->val;
635 } 630 }
@@ -646,6 +641,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
646 int i; 641 int i;
647 642
648 if (a->flags != b->flags || 643 if (a->flags != b->flags ||
644 a->pflags != b->pflags ||
649 a->listnr != b->listnr || 645 a->listnr != b->listnr ||
650 a->action != b->action || 646 a->action != b->action ||
651 a->field_count != b->field_count) 647 a->field_count != b->field_count)
@@ -764,6 +760,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old)
764 new = &entry->rule; 760 new = &entry->rule;
765 new->vers_ops = old->vers_ops; 761 new->vers_ops = old->vers_ops;
766 new->flags = old->flags; 762 new->flags = old->flags;
763 new->pflags = old->pflags;
767 new->listnr = old->listnr; 764 new->listnr = old->listnr;
768 new->action = old->action; 765 new->action = old->action;
769 for (i = 0; i < AUDIT_BITMASK_SIZE; i++) 766 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c75522a83678..37c69ab561da 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1877,12 +1877,18 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
1877 } 1877 }
1878 1878
1879out_alloc: 1879out_alloc:
1880 /* unable to find the name from a previous getname(). Allocate a new 1880 /* unable to find an entry with both a matching name and type */
1881 * anonymous entry. 1881 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN);
1882 */
1883 n = audit_alloc_name(context, AUDIT_TYPE_NORMAL);
1884 if (!n) 1882 if (!n)
1885 return; 1883 return;
1884 if (name)
1885 /* since name is not NULL we know there is already a matching
1886 * name record, see audit_getname(), so there must be a type
1887 * mismatch; reuse the string path since the original name
1888 * record will keep the string valid until we free it in
1889 * audit_free_names() */
1890 n->name = name;
1891
1886out: 1892out:
1887 if (parent) { 1893 if (parent) {
1888 n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL; 1894 n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-27 15:03:57 -0500