audit: move audit_aux_data_execve contents into audit_context union

audit_bprm() was being called to add an AUDIT_EXECVE record to the audit context every time search_binary_handler() was recursively called. Only one reference is necessary, so just update it. Move the the contents of audit_aux_data_execve into the union in audit_context, removing dependence on a kmalloc along the way. Reported-by: Oleg Nesterov <onestero@redhat.com> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Richard Guy Briggs <rgb@redhat.com> 2013-10-30 17:56:13 -0400
committer: Eric Paris <eparis@redhat.com> 2013-11-05 11:09:36 -0500
commit: d9cfea91e97d5d19f9d69beaa844f5fe56a6adc6 (patch)
tree: 057dfc9534cdb15ac38b440057dff35e131a1d42 /kernel/auditsc.c
parent: 9462dc59817580419ef1f2504e32f861c290f251 (diff)
1 files changed, 12 insertions, 29 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 11078f32d13e..425a8939be1a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -95,12 +95,6 @@ struct audit_aux_data {
 /* Number of target pids per aux struct. */
 #define AUDIT_AUX_PIDS  16
-struct audit_aux_data_execve {
-        struct audit_aux_data   d;
-        int argc;
-        struct mm_struct *mm;
-};
 struct audit_aux_data_pids {
        struct audit_aux_data   d;
        pid_t                   target_pid[AUDIT_AUX_PIDS];
@@ -1144,20 +1138,19 @@ static int audit_log_single_execve_arg(struct audit_context *context,
 }
 static void audit_log_execve_info(struct audit_context *context,
-                                  struct audit_buffer **ab,
+                                  struct audit_buffer **ab)
-                                  struct audit_aux_data_execve *axi)
 {
        int i, len;
        size_t len_sent = 0;
        const char __user *p;
        char *buf;
-        if (axi->mm != current->mm)
+        if (context->execve.mm != current->mm)
                return; /* execve failed, no additional info */
-        p = (const char __user *)axi->mm->arg_start;
+        p = (const char __user *)current->mm->arg_start;
-        audit_log_format(*ab, "argc=%d", axi->argc);
+        audit_log_format(*ab, "argc=%d", context->execve.argc);
        /*
         * we need some kernel buffer to hold the userspace args.  Just
@@ -1171,7 +1164,7 @@ static void audit_log_execve_info(struct audit_context *context,
                return;
        }
-        for (i = 0; i < axi->argc; i++) {
+        for (i = 0; i < context->execve.argc; i++) {
                len = audit_log_single_execve_arg(context, ab, i,
                                                  &len_sent, p, buf);
                if (len <= 0)
@@ -1274,6 +1267,9 @@ static void show_special(struct audit_context *context, int *call_panic)
                audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
                                 context->mmap.flags);
                break; }
+        case AUDIT_EXECVE: {
+                audit_log_execve_info(context, &ab);
+                break; }
        }
        audit_log_end(ab);
 }
@@ -1320,11 +1316,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                switch (aux->type) {
-                case AUDIT_EXECVE: {
-                        struct audit_aux_data_execve *axi = (void *)aux;
-                        audit_log_execve_info(context, &ab, axi);
-                        break; }
                case AUDIT_BPRM_FCAPS: {
                        struct audit_aux_data_bprm_fcaps *axs = (void *)aux;
                        audit_log_format(ab, "fver=%x", axs->fcap_ver);
@@ -2147,21 +2138,13 @@ void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mo
        context->ipc.has_perm = 1;
 }
-int __audit_bprm(struct linux_binprm *bprm)
+void __audit_bprm(struct linux_binprm *bprm)
 {
-        struct audit_aux_data_execve *ax;
        struct audit_context *context = current->audit_context;
-        ax = kmalloc(sizeof(*ax), GFP_KERNEL);
+        context->type = AUDIT_EXECVE;
-        if (!ax)
+        context->execve.argc = bprm->argc;
-                return -ENOMEM;
+        context->execve.mm = bprm->mm;
-        ax->argc = bprm->argc;
-        ax->mm = bprm->mm;
-        ax->d.type = AUDIT_EXECVE;
-        ax->d.next = context->aux;
-        context->aux = (void *)ax;
-        return 0;
 }
author	Richard Guy Briggs <rgb@redhat.com>	2013-10-30 17:56:13 -0400
committer	Eric Paris <eparis@redhat.com>	2013-11-05 11:09:36 -0500
commit	d9cfea91e97d5d19f9d69beaa844f5fe56a6adc6 (patch)
tree	057dfc9534cdb15ac38b440057dff35e131a1d42 /kernel/auditsc.c
parent	9462dc59817580419ef1f2504e32f861c290f251 (diff)