Merge branch 'audit.b64' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b64' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: audit mmap audit: make link()/linkat() match "attribute change" predicate audit: Use rcu for task lookup protection audit: Do not send uninitialized data for AUDIT_TTY_GET audit: Call tty_audit_push_task() outside preempt disabled in untag_chunk() we need to do alloc_chunk() a bit earlier audit: make functions static Audit: add support to match lsm labels on user audit messages
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-30 11:35:35 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-30 11:35:35 -0400
commit: 847f877600313e65c5659476b30d74a6f66e388e (patch)
tree: b4390fb56dc3c9a47cb51f3a086515a376cffc0c /kernel
parent: 79346507ad48895f41b438fa562b1965721f36b9 (diff)
parent: 120a795da07c9a02221ca23464c28a7c6ad7de1d (diff)
6 files changed, 68 insertions, 45 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index d96045789b54..77770a034d59 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
        struct task_struct *tsk;
        int err;
-        read_lock(&tasklist_lock);
+        rcu_read_lock();
        tsk = find_task_by_vpid(pid);
-        err = -ESRCH;
+        if (!tsk) {
-        if (!tsk)
+                rcu_read_unlock();
-                goto out;
+                return -ESRCH;
-        err = 0;
+        }
+        get_task_struct(tsk);
-        spin_lock_irq(&tsk->sighand->siglock);
+        rcu_read_unlock();
-        if (!tsk->signal->audit_tty)
+        err = tty_audit_push_task(tsk, loginuid, sessionid);
-                err = -EPERM;
+        put_task_struct(tsk);
-        spin_unlock_irq(&tsk->sighand->siglock);
-        if (err)
-                goto out;
-        tty_audit_push_task(tsk, loginuid, sessionid);
-out:
-        read_unlock(&tasklist_lock);
        return err;
 }
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
 }
 struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
-                                 int multi, void *payload, int size)
+                                 int multi, const void *payload, int size)
 {
        struct sk_buff  *skb;
        struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
 * Allocates an skb, builds the netlink message, and sends it to the pid.
 * No failure notifications.
 */
-void audit_send_reply(int pid, int seq, int type, int done, int multi,
+static void audit_send_reply(int pid, int seq, int type, int done, int multi,
-                      void *payload, int size)
+                             const void *payload, int size)
 {
        struct sk_buff *skb;
        struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_TTY_GET: {
                struct audit_tty_status s;
                struct task_struct *tsk;
+                unsigned long flags;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        s.enabled = tsk->signal->audit_tty != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
-                audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,
+                rcu_read_unlock();
-                                 &s, sizeof(s));
+                if (!err)
+                        audit_send_reply(NETLINK_CB(skb).pid, seq,
+                                         AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
                break;
        }
        case AUDIT_TTY_SET: {
                struct audit_tty_status *s;
                struct task_struct *tsk;
+                unsigned long flags;
                if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
                        return -EINVAL;
                s = data;
                if (s->enabled != 0 && s->enabled != 1)
                        return -EINVAL;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        tsk->signal->audit_tty = s->enabled != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
+                rcu_read_unlock();
                break;
        }
        default:
diff --git a/kernel/audit.h b/kernel/audit.h
index f7206db4e13d..91e7071c4d2c 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char *dname, const char *path,
                                    int *dirlen);
 extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
                                             int done, int multi,
-                                             void *payload, int size);
+                                             const void *payload, int size);
-extern void                 audit_send_reply(int pid, int seq, int type,
-                                             int done, int multi,
-                                             void *payload, int size);
 extern void                 audit_panic(const char *message);
 struct audit_netlink_list {
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 7f18d3a4527e..37b2bea170c8 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
 {
        struct audit_chunk *chunk = find_chunk(p);
        struct fsnotify_mark *entry = &chunk->mark;
-        struct audit_chunk *new;
+        struct audit_chunk *new = NULL;
        struct audit_tree *owner;
        int size = chunk->count - 1;
        int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
        spin_unlock(&hash_lock);
+        if (size)
+                new = alloc_chunk(size);
        spin_lock(&entry->lock);
        if (chunk->dead || !entry->i.inode) {
                spin_unlock(&entry->lock);
+                if (new)
+                        free_chunk(new);
                goto out;
        }
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
                goto out;
        }
-        new = alloc_chunk(size);
        if (!new)
                goto Fallback;
        fsnotify_duplicate_mark(&new->mark, entry);
        if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
                free_chunk(new);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index f0c9b2e7542d..d2e3c7866460 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
 };
 /* fsnotify handle. */
-struct fsnotify_group *audit_watch_group;
+static struct fsnotify_group *audit_watch_group;
 /* fsnotify events we care about. */
 #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
        }
 }
-void audit_remove_watch(struct audit_watch *watch)
+static void audit_remove_watch(struct audit_watch *watch)
 {
        list_del(&watch->wlist);
        audit_put_parent(watch->parent);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index eb7675499fb5..add2819af71b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
                case AUDIT_LOGINUID:
                        result = audit_comparator(cb->loginuid, f->op, f->val);
                        break;
+                case AUDIT_SUBJ_USER:
+                case AUDIT_SUBJ_ROLE:
+                case AUDIT_SUBJ_TYPE:
+                case AUDIT_SUBJ_SEN:
+                case AUDIT_SUBJ_CLR:
+                        if (f->lsm_rule)
+                                result = security_audit_rule_match(cb->sid,
+                                                                   f->type,
+                                                                   f->op,
+                                                                   f->lsm_rule,
+                                                                   NULL);
+                        break;
                }
                if (!result)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1b31c130d034..f49a0318c2ed 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
                        pid_t                   pid;
                        struct audit_cap_data   cap;
                } capset;
+                struct {
+                        int                     fd;
+                        int                     flags;
+                } mmap;
        };
        int fds[2];
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic)
                audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
                audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
                break; }
+        case AUDIT_MMAP: {
+                audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
+                                 context->mmap.flags);
+                break; }
        }
        audit_log_end(ab);
 }
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
        context->type = AUDIT_CAPSET;
 }
+void __audit_mmap_fd(int fd, int flags)
+{
+        struct audit_context *context = current->audit_context;
+        context->mmap.fd = fd;
+        context->mmap.flags = flags;
+        context->type = AUDIT_MMAP;
+}
 /**
 * audit_core_dumps - record information about processes that end abnormally
 * @signr: signal value
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-30 11:35:35 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-30 11:35:35 -0400
commit	847f877600313e65c5659476b30d74a6f66e388e (patch)
tree	b4390fb56dc3c9a47cb51f3a086515a376cffc0c /kernel
parent	79346507ad48895f41b438fa562b1965721f36b9 (diff)
parent	120a795da07c9a02221ca23464c28a7c6ad7de1d (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index d96045789b54..77770a034d59 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
467	struct task_struct *tsk;	467	struct task_struct *tsk;
468	int err;	468	int err;
469		469
470	read_lock(&tasklist_lock);	470	rcu_read_lock();
471	tsk = find_task_by_vpid(pid);	471	tsk = find_task_by_vpid(pid);
472	err = -ESRCH;	472	if (!tsk) {
473	if (!tsk)	473	rcu_read_unlock();
474	goto out;	474	return -ESRCH;
475	err = 0;	475	}
476		476	get_task_struct(tsk);
477	spin_lock_irq(&tsk->sighand->siglock);	477	rcu_read_unlock();
478	if (!tsk->signal->audit_tty)	478	err = tty_audit_push_task(tsk, loginuid, sessionid);
479	err = -EPERM;	479	put_task_struct(tsk);
480	spin_unlock_irq(&tsk->sighand->siglock);
481	if (err)
482	goto out;
483
484	tty_audit_push_task(tsk, loginuid, sessionid);
485	out:
486	read_unlock(&tasklist_lock);
487	return err;	480	return err;
488	}	481	}
489		482
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
506	}	499	}
507		500
508	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,	501	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
509	int multi, void *payload, int size)	502	int multi, const void *payload, int size)
510	{	503	{
511	struct sk_buff *skb;	504	struct sk_buff *skb;
512	struct nlmsghdr *nlh;	505	struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
555	* Allocates an skb, builds the netlink message, and sends it to the pid.	548	* Allocates an skb, builds the netlink message, and sends it to the pid.
556	* No failure notifications.	549	* No failure notifications.
557	*/	550	*/
558	void audit_send_reply(int pid, int seq, int type, int done, int multi,	551	static void audit_send_reply(int pid, int seq, int type, int done, int multi,
559	void *payload, int size)	552	const void *payload, int size)
560	{	553	{
561	struct sk_buff *skb;	554	struct sk_buff *skb;
562	struct task_struct *tsk;	555	struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
880	case AUDIT_TTY_GET: {	873	case AUDIT_TTY_GET: {
881	struct audit_tty_status s;	874	struct audit_tty_status s;
882	struct task_struct *tsk;	875	struct task_struct *tsk;
		876	unsigned long flags;
883		877
884	read_lock(&tasklist_lock);	878	rcu_read_lock();
885	tsk = find_task_by_vpid(pid);	879	tsk = find_task_by_vpid(pid);
886	if (!tsk)	880	if (tsk && lock_task_sighand(tsk, &flags)) {
887	err = -ESRCH;
888	else {
889	spin_lock_irq(&tsk->sighand->siglock);
890	s.enabled = tsk->signal->audit_tty != 0;	881	s.enabled = tsk->signal->audit_tty != 0;
891	spin_unlock_irq(&tsk->sighand->siglock);	882	unlock_task_sighand(tsk, &flags);
892	}	883	} else
893	read_unlock(&tasklist_lock);	884	err = -ESRCH;
894	audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,	885	rcu_read_unlock();
895	&s, sizeof(s));	886
		887	if (!err)
		888	audit_send_reply(NETLINK_CB(skb).pid, seq,
		889	AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
896	break;	890	break;
897	}	891	}
898	case AUDIT_TTY_SET: {	892	case AUDIT_TTY_SET: {
899	struct audit_tty_status *s;	893	struct audit_tty_status *s;
900	struct task_struct *tsk;	894	struct task_struct *tsk;
		895	unsigned long flags;
901		896
902	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))	897	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
903	return -EINVAL;	898	return -EINVAL;
904	s = data;	899	s = data;
905	if (s->enabled != 0 && s->enabled != 1)	900	if (s->enabled != 0 && s->enabled != 1)
906	return -EINVAL;	901	return -EINVAL;
907	read_lock(&tasklist_lock);	902	rcu_read_lock();
908	tsk = find_task_by_vpid(pid);	903	tsk = find_task_by_vpid(pid);
909	if (!tsk)	904	if (tsk && lock_task_sighand(tsk, &flags)) {
910	err = -ESRCH;
911	else {
912	spin_lock_irq(&tsk->sighand->siglock);
913	tsk->signal->audit_tty = s->enabled != 0;	905	tsk->signal->audit_tty = s->enabled != 0;
914	spin_unlock_irq(&tsk->sighand->siglock);	906	unlock_task_sighand(tsk, &flags);
915	}	907	} else
916	read_unlock(&tasklist_lock);	908	err = -ESRCH;
		909	rcu_read_unlock();
917	break;	910	break;
918	}	911	}
919	default:	912	default:


diff --git a/kernel/audit.h b/kernel/audit.h index f7206db4e13d..91e7071c4d2c 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char dname, const char path,
84	int *dirlen);	84	int *dirlen);
85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,	85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
86	int done, int multi,	86	int done, int multi,
87	void *payload, int size);	87	const void *payload, int size);
88	extern void audit_send_reply(int pid, int seq, int type,
89	int done, int multi,
90	void *payload, int size);
91	extern void audit_panic(const char *message);	88	extern void audit_panic(const char *message);
92		89
93	struct audit_netlink_list {	90	struct audit_netlink_list {


diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 7f18d3a4527e..37b2bea170c8 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
223	{	223	{
224	struct audit_chunk *chunk = find_chunk(p);	224	struct audit_chunk *chunk = find_chunk(p);
225	struct fsnotify_mark *entry = &chunk->mark;	225	struct fsnotify_mark *entry = &chunk->mark;
226	struct audit_chunk *new;	226	struct audit_chunk *new = NULL;
227	struct audit_tree *owner;	227	struct audit_tree *owner;
228	int size = chunk->count - 1;	228	int size = chunk->count - 1;
229	int i, j;	229	int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
232		232
233	spin_unlock(&hash_lock);	233	spin_unlock(&hash_lock);
234		234
		235	if (size)
		236	new = alloc_chunk(size);
		237
235	spin_lock(&entry->lock);	238	spin_lock(&entry->lock);
236	if (chunk->dead \|\| !entry->i.inode) {	239	if (chunk->dead \|\| !entry->i.inode) {
237	spin_unlock(&entry->lock);	240	spin_unlock(&entry->lock);
		241	if (new)
		242	free_chunk(new);
238	goto out;	243	goto out;
239	}	244	}
240		245
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
255	goto out;	260	goto out;
256	}	261	}
257		262
258	new = alloc_chunk(size);
259	if (!new)	263	if (!new)
260	goto Fallback;	264	goto Fallback;
		265
261	fsnotify_duplicate_mark(&new->mark, entry);	266	fsnotify_duplicate_mark(&new->mark, entry);
262	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {	267	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
263	free_chunk(new);	268	free_chunk(new);


diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index f0c9b2e7542d..d2e3c7866460 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
60	};	60	};
61		61
62	/* fsnotify handle. */	62	/* fsnotify handle. */
63	struct fsnotify_group *audit_watch_group;	63	static struct fsnotify_group *audit_watch_group;
64		64
65	/* fsnotify events we care about. */	65	/* fsnotify events we care about. */
66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\	66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
123	}	123	}
124	}	124	}
125		125
126	void audit_remove_watch(struct audit_watch *watch)	126	static void audit_remove_watch(struct audit_watch *watch)
127	{	127	{
128	list_del(&watch->wlist);	128	list_del(&watch->wlist);
129	audit_put_parent(watch->parent);	129	audit_put_parent(watch->parent);


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index eb7675499fb5..add2819af71b 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1252	case AUDIT_LOGINUID:	1252	case AUDIT_LOGINUID:
1253	result = audit_comparator(cb->loginuid, f->op, f->val);	1253	result = audit_comparator(cb->loginuid, f->op, f->val);
1254	break;	1254	break;
		1255	case AUDIT_SUBJ_USER:
		1256	case AUDIT_SUBJ_ROLE:
		1257	case AUDIT_SUBJ_TYPE:
		1258	case AUDIT_SUBJ_SEN:
		1259	case AUDIT_SUBJ_CLR:
		1260	if (f->lsm_rule)
		1261	result = security_audit_rule_match(cb->sid,
		1262	f->type,
		1263	f->op,
		1264	f->lsm_rule,
		1265	NULL);
		1266	break;
1255	}	1267	}
1256		1268
1257	if (!result)	1269	if (!result)


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b31c130d034..f49a0318c2ed 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
241	pid_t pid;	241	pid_t pid;
242	struct audit_cap_data cap;	242	struct audit_cap_data cap;
243	} capset;	243	} capset;
		244	struct {
		245	int fd;
		246	int flags;
		247	} mmap;
244	};	248	};
245	int fds[2];	249	int fds[2];
246		250
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context context, int call_panic)
1305	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);	1309	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
1306	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);	1310	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
1307	break; }	1311	break; }
		1312	case AUDIT_MMAP: {
		1313	audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
		1314	context->mmap.flags);
		1315	break; }
1308	}	1316	}
1309	audit_log_end(ab);	1317	audit_log_end(ab);
1310	}	1318	}
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
2476	context->type = AUDIT_CAPSET;	2484	context->type = AUDIT_CAPSET;
2477	}	2485	}
2478		2486
		2487	void __audit_mmap_fd(int fd, int flags)
		2488	{
		2489	struct audit_context *context = current->audit_context;
		2490	context->mmap.fd = fd;
		2491	context->mmap.flags = flags;
		2492	context->type = AUDIT_MMAP;
		2493	}
		2494
2479	/**	2495	/**
2480	* audit_core_dumps - record information about processes that end abnormally	2496	* audit_core_dumps - record information about processes that end abnormally
2481	* @signr: signal value	2497	* @signr: signal value