diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2013-08-14 11:32:45 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-01-13 22:26:52 -0500 |
| commit | f9441639e6319f0c0e12bd63fa2f58990af0a9d2 (patch) | |
| tree | 3fc0c477d498240e517c471f76efa2deee81ce5d /kernel/audit.c | |
| parent | ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7 (diff) | |
audit: fix netlink portid naming and types
Normally, netlink ports use the PID of the userspace process as the port ID.
If the PID is already in use by a port, the kernel will allocate another port
ID to avoid conflict. Re-name all references to netlink ports from pid to
portid to reflect this reality and avoid confusion with actual PIDs. Ports
use the __u32 type, so re-type all portids accordingly.
(This patch is very similar to ebiederman's 5deadd69)
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 906ae5a0233a..3d3747be7c52 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -93,7 +93,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK; | |||
| 93 | * the portid to use to send netlink messages to that process. | 93 | * the portid to use to send netlink messages to that process. |
| 94 | */ | 94 | */ |
| 95 | int audit_pid; | 95 | int audit_pid; |
| 96 | static int audit_nlk_portid; | 96 | static __u32 audit_nlk_portid; |
| 97 | 97 | ||
| 98 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records | 98 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records |
| 99 | * to that number per second. This prevents DoS attacks, but results in | 99 | * to that number per second. This prevents DoS attacks, but results in |
| @@ -175,15 +175,15 @@ struct audit_buffer { | |||
| 175 | }; | 175 | }; |
| 176 | 176 | ||
| 177 | struct audit_reply { | 177 | struct audit_reply { |
| 178 | int pid; | 178 | __u32 portid; |
| 179 | struct sk_buff *skb; | 179 | struct sk_buff *skb; |
| 180 | }; | 180 | }; |
| 181 | 181 | ||
| 182 | static void audit_set_pid(struct audit_buffer *ab, pid_t pid) | 182 | static void audit_set_portid(struct audit_buffer *ab, __u32 portid) |
| 183 | { | 183 | { |
| 184 | if (ab) { | 184 | if (ab) { |
| 185 | struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); | 185 | struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); |
| 186 | nlh->nlmsg_pid = pid; | 186 | nlh->nlmsg_pid = portid; |
| 187 | } | 187 | } |
| 188 | } | 188 | } |
| 189 | 189 | ||
| @@ -482,7 +482,7 @@ static int kauditd_thread(void *dummy) | |||
| 482 | int audit_send_list(void *_dest) | 482 | int audit_send_list(void *_dest) |
| 483 | { | 483 | { |
| 484 | struct audit_netlink_list *dest = _dest; | 484 | struct audit_netlink_list *dest = _dest; |
| 485 | int pid = dest->pid; | 485 | __u32 portid = dest->portid; |
| 486 | struct sk_buff *skb; | 486 | struct sk_buff *skb; |
| 487 | 487 | ||
| 488 | /* wait for parent to finish and send an ACK */ | 488 | /* wait for parent to finish and send an ACK */ |
| @@ -490,14 +490,14 @@ int audit_send_list(void *_dest) | |||
| 490 | mutex_unlock(&audit_cmd_mutex); | 490 | mutex_unlock(&audit_cmd_mutex); |
| 491 | 491 | ||
| 492 | while ((skb = __skb_dequeue(&dest->q)) != NULL) | 492 | while ((skb = __skb_dequeue(&dest->q)) != NULL) |
| 493 | netlink_unicast(audit_sock, skb, pid, 0); | 493 | netlink_unicast(audit_sock, skb, portid, 0); |
| 494 | 494 | ||
| 495 | kfree(dest); | 495 | kfree(dest); |
| 496 | 496 | ||
| 497 | return 0; | 497 | return 0; |
| 498 | } | 498 | } |
| 499 | 499 | ||
| 500 | struct sk_buff *audit_make_reply(int pid, int seq, int type, int done, | 500 | struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done, |
| 501 | int multi, const void *payload, int size) | 501 | int multi, const void *payload, int size) |
| 502 | { | 502 | { |
| 503 | struct sk_buff *skb; | 503 | struct sk_buff *skb; |
| @@ -510,7 +510,7 @@ struct sk_buff *audit_make_reply(int pid, int seq, int type, int done, | |||
| 510 | if (!skb) | 510 | if (!skb) |
| 511 | return NULL; | 511 | return NULL; |
| 512 | 512 | ||
| 513 | nlh = nlmsg_put(skb, pid, seq, t, size, flags); | 513 | nlh = nlmsg_put(skb, portid, seq, t, size, flags); |
| 514 | if (!nlh) | 514 | if (!nlh) |
| 515 | goto out_kfree_skb; | 515 | goto out_kfree_skb; |
| 516 | data = nlmsg_data(nlh); | 516 | data = nlmsg_data(nlh); |
| @@ -531,13 +531,13 @@ static int audit_send_reply_thread(void *arg) | |||
| 531 | 531 | ||
| 532 | /* Ignore failure. It'll only happen if the sender goes away, | 532 | /* Ignore failure. It'll only happen if the sender goes away, |
| 533 | because our timeout is set to infinite. */ | 533 | because our timeout is set to infinite. */ |
| 534 | netlink_unicast(audit_sock, reply->skb, reply->pid, 0); | 534 | netlink_unicast(audit_sock, reply->skb, reply->portid, 0); |
| 535 | kfree(reply); | 535 | kfree(reply); |
| 536 | return 0; | 536 | return 0; |
| 537 | } | 537 | } |
| 538 | /** | 538 | /** |
| 539 | * audit_send_reply - send an audit reply message via netlink | 539 | * audit_send_reply - send an audit reply message via netlink |
| 540 | * @pid: process id to send reply to | 540 | * @portid: netlink port to which to send reply |
| 541 | * @seq: sequence number | 541 | * @seq: sequence number |
| 542 | * @type: audit message type | 542 | * @type: audit message type |
| 543 | * @done: done (last) flag | 543 | * @done: done (last) flag |
| @@ -545,11 +545,11 @@ static int audit_send_reply_thread(void *arg) | |||
| 545 | * @payload: payload data | 545 | * @payload: payload data |
| 546 | * @size: payload size | 546 | * @size: payload size |
| 547 | * | 547 | * |
| 548 | * Allocates an skb, builds the netlink message, and sends it to the pid. | 548 | * Allocates an skb, builds the netlink message, and sends it to the port id. |
| 549 | * No failure notifications. | 549 | * No failure notifications. |
| 550 | */ | 550 | */ |
| 551 | static void audit_send_reply(int pid, int seq, int type, int done, int multi, | 551 | static void audit_send_reply(__u32 portid, int seq, int type, int done, |
| 552 | const void *payload, int size) | 552 | int multi, const void *payload, int size) |
| 553 | { | 553 | { |
| 554 | struct sk_buff *skb; | 554 | struct sk_buff *skb; |
| 555 | struct task_struct *tsk; | 555 | struct task_struct *tsk; |
| @@ -559,11 +559,11 @@ static void audit_send_reply(int pid, int seq, int type, int done, int multi, | |||
| 559 | if (!reply) | 559 | if (!reply) |
| 560 | return; | 560 | return; |
| 561 | 561 | ||
| 562 | skb = audit_make_reply(pid, seq, type, done, multi, payload, size); | 562 | skb = audit_make_reply(portid, seq, type, done, multi, payload, size); |
| 563 | if (!skb) | 563 | if (!skb) |
| 564 | goto out; | 564 | goto out; |
| 565 | 565 | ||
| 566 | reply->pid = pid; | 566 | reply->portid = portid; |
| 567 | reply->skb = skb; | 567 | reply->skb = skb; |
| 568 | 568 | ||
| 569 | tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply"); | 569 | tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply"); |
| @@ -839,7 +839,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 839 | size--; | 839 | size--; |
| 840 | audit_log_n_untrustedstring(ab, data, size); | 840 | audit_log_n_untrustedstring(ab, data, size); |
| 841 | } | 841 | } |
| 842 | audit_set_pid(ab, NETLINK_CB(skb).portid); | 842 | audit_set_portid(ab, NETLINK_CB(skb).portid); |
| 843 | audit_log_end(ab); | 843 | audit_log_end(ab); |
| 844 | } | 844 | } |
| 845 | break; | 845 | break; |