Merge git://git.infradead.org/users/eparis/audit

Pull audit updates from Eric Paris: "So this change across a whole bunch of arches really solves one basic problem. We want to audit when seccomp is killing a process. seccomp hooks in before the audit syscall entry code. audit_syscall_entry took as an argument the arch of the given syscall. Since the arch is part of what makes a syscall number meaningful it's an important part of the record, but it isn't available when seccomp shoots the syscall... For most arch's we have a better way to get the arch (syscall_get_arch) So the solution was two fold: Implement syscall_get_arch() everywhere there is audit which didn't have it. Use syscall_get_arch() in the seccomp audit code. Having syscall_get_arch() everywhere meant it was a useless flag on the stack and we could get rid of it for the typical syscall entry. The other changes inside the audit system aren't grand, fixed some records that had invalid spaces. Better locking around the task comm field. Removing some dead functions and structs. Make some things static. Really minor stuff" * git://git.infradead.org/users/eparis/audit: (31 commits) audit: rename audit_log_remove_rule to disambiguate for trees audit: cull redundancy in audit_rule_change audit: WARN if audit_rule_change called illegally audit: put rule existence check in canonical order next: openrisc: Fix build audit: get comm using lock to avoid race in string printing audit: remove open_arg() function that is never used audit: correct AUDIT_GET_FEATURE return message type audit: set nlmsg_len for multicast messages. audit: use union for audit_field values since they are mutually exclusive audit: invalid op= values for rules audit: use atomic_t to simplify audit_serial() kernel/audit.c: use ARRAY_SIZE instead of sizeof/sizeof[0] audit: reduce scope of audit_log_fcaps audit: reduce scope of audit_net_id audit: arm64: Remove the audit arch argument to audit_syscall_entry arm64: audit: Add audit hook in syscall_trace_enter/exit() audit: x86: drop arch from __audit_syscall_entry() interface sparc: implement is_32bit_task sparc: properly conditionalize use of TIF_32BIT ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-10-19 19:25:56 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-10-19 19:25:56 -0400
commit: ab074ade9c33b3585da86d62e87bcb3e897a3f54 (patch)
tree: 142b42182889c64813af997b8701707a3397e834 /include/linux
parent: 61ed53deb1c6a4386d8710dbbfcee8779c381931 (diff)
parent: 2991dd2b0117e864f394c826af6df144206ce0db (diff)
1 files changed, 15 insertions, 10 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 22cfddb75566..36dffeccebdb 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -66,12 +66,16 @@ struct audit_krule {
 struct audit_field {
        u32                             type;
-        u32                             val;
+        union {
-        kuid_t                          uid;
+                u32                     val;
-        kgid_t                          gid;
+                kuid_t                  uid;
+                kgid_t                  gid;
+                struct {
+                        char            *lsm_str;
+                        void            *lsm_rule;
+                };
+        };
        u32                             op;
-        char                            *lsm_str;
-        void                            *lsm_rule;
 };
 extern int is_audit_feature_set(int which);
@@ -109,12 +113,13 @@ extern void audit_log_session_info(struct audit_buffer *ab);
 #endif
 #ifdef CONFIG_AUDITSYSCALL
+#include <asm/syscall.h> /* for syscall_get_arch() */
 /* These are defined in auditsc.c */
                                /* Public API */
 extern int  audit_alloc(struct task_struct *task);
 extern void __audit_free(struct task_struct *task);
-extern void __audit_syscall_entry(int arch,
+extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
-                                  int major, unsigned long a0, unsigned long a1,
                                  unsigned long a2, unsigned long a3);
 extern void __audit_syscall_exit(int ret_success, long ret_value);
 extern struct filename *__audit_reusename(const __user char *uptr);
@@ -141,12 +146,12 @@ static inline void audit_free(struct task_struct *task)
        if (unlikely(task->audit_context))
                __audit_free(task);
 }
-static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
+static inline void audit_syscall_entry(int major, unsigned long a0,
                                       unsigned long a1, unsigned long a2,
                                       unsigned long a3)
 {
        if (unlikely(current->audit_context))
-                __audit_syscall_entry(arch, major, a0, a1, a2, a3);
+                __audit_syscall_entry(major, a0, a1, a2, a3);
 }
 static inline void audit_syscall_exit(void *pt_regs)
 {
@@ -322,7 +327,7 @@ static inline int audit_alloc(struct task_struct *task)
 }
 static inline void audit_free(struct task_struct *task)
 { }
-static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
+static inline void audit_syscall_entry(int major, unsigned long a0,
                                       unsigned long a1, unsigned long a2,
                                       unsigned long a3)
 { }
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-10-19 19:25:56 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-10-19 19:25:56 -0400
commit	ab074ade9c33b3585da86d62e87bcb3e897a3f54 (patch)
tree	142b42182889c64813af997b8701707a3397e834 /include/linux
parent	61ed53deb1c6a4386d8710dbbfcee8779c381931 (diff)
parent	2991dd2b0117e864f394c826af6df144206ce0db (diff)