3 files changed, 36 insertions, 46 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index a79702bcdcd0..f333c95c4189 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -565,7 +565,7 @@ struct xfrm_audit
 };
 #ifdef CONFIG_AUDITSYSCALL
-static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
+static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 secid)
 {
        struct audit_buffer *audit_buf = NULL;
        char *secctx;
@@ -578,8 +578,8 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
        audit_log_format(audit_buf, "auid=%u", auid);
-        if (sid != 0 &&
+        if (secid != 0 &&
-            security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
+            security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
                audit_log_format(audit_buf, " subj=%s", secctx);
                security_release_secctx(secctx, secctx_len);
        } else
@@ -588,13 +588,13 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
 }
 extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                                  u32 auid, u32 sid);
+                                  u32 auid, u32 secid);
 extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                                  u32 auid, u32 sid);
+                                  u32 auid, u32 secid);
 extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                                 u32 auid, u32 sid);
+                                 u32 auid, u32 secid);
 extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                                    u32 auid, u32 sid);
+                                    u32 auid, u32 secid);
 #else
 #define xfrm_audit_policy_add(x, r, a, s)       do { ; } while (0)
 #define xfrm_audit_policy_delete(x, r, a, s)    do { ; } while (0)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 74807a7d3d69..abc3e39b115b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -24,6 +24,7 @@
 #include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/cache.h>
+#include <linux/audit.h>
 #include <net/dst.h>
 #include <net/xfrm.h>
 #include <net/ip.h>
@@ -2401,15 +2402,14 @@ static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
        }
 }
-void
+void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid)
+                           u32 auid, u32 secid)
 {
        struct audit_buffer *audit_buf;
-        extern int audit_enabled;
        if (audit_enabled == 0)
                return;
-        audit_buf = xfrm_audit_start(auid, sid);
+        audit_buf = xfrm_audit_start(auid, secid);
        if (audit_buf == NULL)
                return;
        audit_log_format(audit_buf, " op=SPD-add res=%u", result);
@@ -2418,15 +2418,14 @@ xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid)
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
-void
+void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, u32 auid, u32 sid)
+                              u32 auid, u32 secid)
 {
        struct audit_buffer *audit_buf;
-        extern int audit_enabled;
        if (audit_enabled == 0)
                return;
-        audit_buf = xfrm_audit_start(auid, sid);
+        audit_buf = xfrm_audit_start(auid, secid);
        if (audit_buf == NULL)
                return;
        audit_log_format(audit_buf, " op=SPD-delete res=%u", result);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f7c0951c9fd9..9e57378c51df 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -19,6 +19,7 @@
 #include <linux/ipsec.h>
 #include <linux/module.h>
 #include <linux/cache.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include "xfrm_hash.h"
@@ -1998,69 +1999,59 @@ void __init xfrm_state_init(void)
 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
                                               struct audit_buffer *audit_buf)
 {
-        if (x->security)
+        struct xfrm_sec_ctx *ctx = x->security;
+        u32 spi = ntohl(x->id.spi);
+        if (ctx)
                audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
-                                 x->security->ctx_alg, x->security->ctx_doi,
+                                 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
-                                 x->security->ctx_str);
        switch(x->props.family) {
        case AF_INET:
-                audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
+                audit_log_format(audit_buf,
+                                 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
                                 NIPQUAD(x->props.saddr.a4),
                                 NIPQUAD(x->id.daddr.a4));
                break;
        case AF_INET6:
-                {
+                audit_log_format(audit_buf,
-                        struct in6_addr saddr6, daddr6;
+                                 " src=" NIP6_FMT " dst=" NIP6_FMT,
+                                 NIP6(*(struct in6_addr *)x->props.saddr.a6),
-                        memcpy(&saddr6, x->props.saddr.a6,
+                                 NIP6(*(struct in6_addr *)x->id.daddr.a6));
-                                sizeof(struct in6_addr));
-                        memcpy(&daddr6, x->id.daddr.a6,
-                                sizeof(struct in6_addr));
-                        audit_log_format(audit_buf,
-                                         " src=" NIP6_FMT " dst=" NIP6_FMT,
-                                         NIP6(saddr6), NIP6(daddr6));
-                }
                break;
        }
+        audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
 }
-void
+void xfrm_audit_state_add(struct xfrm_state *x, int result,
-xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
+                          u32 auid, u32 secid)
 {
        struct audit_buffer *audit_buf;
-        u32 spi;
-        extern int audit_enabled;
        if (audit_enabled == 0)
                return;
-        audit_buf = xfrm_audit_start(auid, sid);
+        audit_buf = xfrm_audit_start(auid, secid);
        if (audit_buf == NULL)
                return;
-        audit_log_format(audit_buf, " op=SAD-add res=%u",result);
+        audit_log_format(audit_buf, " op=SAD-add res=%u", result);
        xfrm_audit_common_stateinfo(x, audit_buf);
-        spi = ntohl(x->id.spi);
-        audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
        audit_log_end(audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
-void
+void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
+                             u32 auid, u32 secid)
 {
        struct audit_buffer *audit_buf;
-        u32 spi;
-        extern int audit_enabled;
        if (audit_enabled == 0)
                return;
-        audit_buf = xfrm_audit_start(auid, sid);
+        audit_buf = xfrm_audit_start(auid, secid);
        if (audit_buf == NULL)
                return;
-        audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
+        audit_log_format(audit_buf, " op=SAD-delete res=%u", result);
        xfrm_audit_common_stateinfo(x, audit_buf);
-        spi = ntohl(x->id.spi);
-        audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
        audit_log_end(audit_buf);
 }
 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);

diff --git a/include/net/xfrm.h b/include/net/xfrm.h index a79702bcdcd0..f333c95c4189 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h
@@ -565,7 +565,7 @@ struct xfrm_audit
565	};	565	};
566		566
567	#ifdef CONFIG_AUDITSYSCALL	567	#ifdef CONFIG_AUDITSYSCALL
568	static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)	568	static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 secid)
569	{	569	{
570	struct audit_buffer *audit_buf = NULL;	570	struct audit_buffer *audit_buf = NULL;
571	char *secctx;	571	char *secctx;
@@ -578,8 +578,8 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
578		578
579	audit_log_format(audit_buf, "auid=%u", auid);	579	audit_log_format(audit_buf, "auid=%u", auid);
580		580
581	if (sid != 0 &&	581	if (secid != 0 &&
582	security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {	582	security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
583	audit_log_format(audit_buf, " subj=%s", secctx);	583	audit_log_format(audit_buf, " subj=%s", secctx);
584	security_release_secctx(secctx, secctx_len);	584	security_release_secctx(secctx, secctx_len);
585	} else	585	} else
@@ -588,13 +588,13 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
588	}	588	}
589		589
590	extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,	590	extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
591	u32 auid, u32 sid);	591	u32 auid, u32 secid);
592	extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,	592	extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
593	u32 auid, u32 sid);	593	u32 auid, u32 secid);
594	extern void xfrm_audit_state_add(struct xfrm_state *x, int result,	594	extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
595	u32 auid, u32 sid);	595	u32 auid, u32 secid);
596	extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,	596	extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
597	u32 auid, u32 sid);	597	u32 auid, u32 secid);
598	#else	598	#else
599	#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)	599	#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)
600	#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)	600	#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 74807a7d3d69..abc3e39b115b 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -24,6 +24,7 @@
24	#include <linux/netfilter.h>	24	#include <linux/netfilter.h>
25	#include <linux/module.h>	25	#include <linux/module.h>
26	#include <linux/cache.h>	26	#include <linux/cache.h>
		27	#include <linux/audit.h>
27	#include <net/dst.h>	28	#include <net/dst.h>
28	#include <net/xfrm.h>	29	#include <net/xfrm.h>
29	#include <net/ip.h>	30	#include <net/ip.h>
@@ -2401,15 +2402,14 @@ static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2401	}	2402	}
2402	}	2403	}
2403		2404
2404	void	2405	void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2405	xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid)	2406	u32 auid, u32 secid)
2406	{	2407	{
2407	struct audit_buffer *audit_buf;	2408	struct audit_buffer *audit_buf;
2408	extern int audit_enabled;
2409		2409
2410	if (audit_enabled == 0)	2410	if (audit_enabled == 0)
2411	return;	2411	return;
2412	audit_buf = xfrm_audit_start(auid, sid);	2412	audit_buf = xfrm_audit_start(auid, secid);
2413	if (audit_buf == NULL)	2413	if (audit_buf == NULL)
2414	return;	2414	return;
2415	audit_log_format(audit_buf, " op=SPD-add res=%u", result);	2415	audit_log_format(audit_buf, " op=SPD-add res=%u", result);
@@ -2418,15 +2418,14 @@ xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid)
2418	}	2418	}
2419	EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);	2419	EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2420		2420
2421	void	2421	void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2422	xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, u32 auid, u32 sid)	2422	u32 auid, u32 secid)
2423	{	2423	{
2424	struct audit_buffer *audit_buf;	2424	struct audit_buffer *audit_buf;
2425	extern int audit_enabled;
2426		2425
2427	if (audit_enabled == 0)	2426	if (audit_enabled == 0)
2428	return;	2427	return;
2429	audit_buf = xfrm_audit_start(auid, sid);	2428	audit_buf = xfrm_audit_start(auid, secid);
2430	if (audit_buf == NULL)	2429	if (audit_buf == NULL)
2431	return;	2430	return;
2432	audit_log_format(audit_buf, " op=SPD-delete res=%u", result);	2431	audit_log_format(audit_buf, " op=SPD-delete res=%u", result);


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f7c0951c9fd9..9e57378c51df 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -19,6 +19,7 @@
19	#include <linux/ipsec.h>	19	#include <linux/ipsec.h>
20	#include <linux/module.h>	20	#include <linux/module.h>
21	#include <linux/cache.h>	21	#include <linux/cache.h>
		22	#include <linux/audit.h>
22	#include <asm/uaccess.h>	23	#include <asm/uaccess.h>
23		24
24	#include "xfrm_hash.h"	25	#include "xfrm_hash.h"
@@ -1998,69 +1999,59 @@ void __init xfrm_state_init(void)
1998	static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,	1999	static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1999	struct audit_buffer *audit_buf)	2000	struct audit_buffer *audit_buf)
2000	{	2001	{
2001	if (x->security)	2002	struct xfrm_sec_ctx *ctx = x->security;
		2003	u32 spi = ntohl(x->id.spi);
		2004
		2005	if (ctx)
2002	audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",	2006	audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2003	x->security->ctx_alg, x->security->ctx_doi,	2007	ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2004	x->security->ctx_str);
2005		2008
2006	switch(x->props.family) {	2009	switch(x->props.family) {
2007	case AF_INET:	2010	case AF_INET:
2008	audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",	2011	audit_log_format(audit_buf,
		2012	" src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2009	NIPQUAD(x->props.saddr.a4),	2013	NIPQUAD(x->props.saddr.a4),
2010	NIPQUAD(x->id.daddr.a4));	2014	NIPQUAD(x->id.daddr.a4));
2011	break;	2015	break;
2012	case AF_INET6:	2016	case AF_INET6:
2013	{	2017	audit_log_format(audit_buf,
2014	struct in6_addr saddr6, daddr6;	2018	" src=" NIP6_FMT " dst=" NIP6_FMT,
2015		2019	NIP6((struct in6_addr )x->props.saddr.a6),
2016	memcpy(&saddr6, x->props.saddr.a6,	2020	NIP6((struct in6_addr )x->id.daddr.a6));
2017	sizeof(struct in6_addr));
2018	memcpy(&daddr6, x->id.daddr.a6,
2019	sizeof(struct in6_addr));
2020	audit_log_format(audit_buf,
2021	" src=" NIP6_FMT " dst=" NIP6_FMT,
2022	NIP6(saddr6), NIP6(daddr6));
2023	}
2024	break;	2021	break;
2025	}	2022	}
		2023
		2024	audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2026	}	2025	}
2027		2026
2028	void	2027	void xfrm_audit_state_add(struct xfrm_state *x, int result,
2029	xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)	2028	u32 auid, u32 secid)
2030	{	2029	{
2031	struct audit_buffer *audit_buf;	2030	struct audit_buffer *audit_buf;
2032	u32 spi;
2033	extern int audit_enabled;
2034		2031
2035	if (audit_enabled == 0)	2032	if (audit_enabled == 0)
2036	return;	2033	return;
2037	audit_buf = xfrm_audit_start(auid, sid);	2034	audit_buf = xfrm_audit_start(auid, secid);
2038	if (audit_buf == NULL)	2035	if (audit_buf == NULL)
2039	return;	2036	return;
2040	audit_log_format(audit_buf, " op=SAD-add res=%u",result);	2037	audit_log_format(audit_buf, " op=SAD-add res=%u", result);
2041	xfrm_audit_common_stateinfo(x, audit_buf);	2038	xfrm_audit_common_stateinfo(x, audit_buf);
2042	spi = ntohl(x->id.spi);
2043	audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2044	audit_log_end(audit_buf);	2039	audit_log_end(audit_buf);
2045	}	2040	}
2046	EXPORT_SYMBOL_GPL(xfrm_audit_state_add);	2041	EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2047		2042
2048	void	2043	void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2049	xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)	2044	u32 auid, u32 secid)
2050	{	2045	{
2051	struct audit_buffer *audit_buf;	2046	struct audit_buffer *audit_buf;
2052	u32 spi;
2053	extern int audit_enabled;
2054		2047
2055	if (audit_enabled == 0)	2048	if (audit_enabled == 0)
2056	return;	2049	return;
2057	audit_buf = xfrm_audit_start(auid, sid);	2050	audit_buf = xfrm_audit_start(auid, secid);
2058	if (audit_buf == NULL)	2051	if (audit_buf == NULL)
2059	return;	2052	return;
2060	audit_log_format(audit_buf, " op=SAD-delete res=%u",result);	2053	audit_log_format(audit_buf, " op=SAD-delete res=%u", result);
2061	xfrm_audit_common_stateinfo(x, audit_buf);	2054	xfrm_audit_common_stateinfo(x, audit_buf);
2062	spi = ntohl(x->id.spi);
2063	audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2064	audit_log_end(audit_buf);	2055	audit_log_end(audit_buf);
2065	}	2056	}
2066	EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);	2057	EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);