12 files changed, 118 insertions, 59 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 1b8ee590b4ca..f64582b0f623 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -188,25 +188,43 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch)
 }
 /**
- *      tty_audit_push_task     -       Flush task's pending audit data
+ * tty_audit_push_task  -       Flush task's pending audit data
+ * @tsk:                task pointer
+ * @loginuid:           sender login uid
+ * @sessionid:          sender session id
+ *
+ * Called with a ref on @tsk held. Try to lock sighand and get a
+ * reference to the tty audit buffer if available.
+ * Flush the buffer or return an appropriate error code.
 */
-void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
+int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
 {
-        struct tty_audit_buf *buf;
+        struct tty_audit_buf *buf = ERR_PTR(-EPERM);
+        unsigned long flags;
-        spin_lock_irq(&tsk->sighand->siglock);
+        if (!lock_task_sighand(tsk, &flags))
-        buf = tsk->signal->tty_audit_buf;
+                return -ESRCH;
-        if (buf)
-                atomic_inc(&buf->count);
+        if (tsk->signal->audit_tty) {
-        spin_unlock_irq(&tsk->sighand->siglock);
+                buf = tsk->signal->tty_audit_buf;
-        if (!buf)
+                if (buf)
-                return;
+                        atomic_inc(&buf->count);
+        }
+        unlock_task_sighand(tsk, &flags);
+        /*
+         * Return 0 when signal->audit_tty set
+         * but tsk->signal->tty_audit_buf == NULL.
+         */
+        if (!buf || IS_ERR(buf))
+                return PTR_ERR(buf);
        mutex_lock(&buf->mutex);
        tty_audit_buf_push(tsk, loginuid, sessionid, buf);
        mutex_unlock(&buf->mutex);
        tty_audit_buf_put(buf);
+        return 0;
 }
 /**
diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h
index 50764550a60c..bcbab3e4a3be 100644
--- a/include/asm-generic/audit_change_attr.h
+++ b/include/asm-generic/audit_change_attr.h
@@ -20,3 +20,7 @@ __NR_chown32,
 __NR_fchown32,
 __NR_lchown32,
 #endif
+__NR_link,
+#ifdef __NR_linkat
+__NR_linkat,
+#endif
diff --git a/include/linux/audit.h b/include/linux/audit.h
index e24afabc548f..8b5c0620abf9 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -102,6 +102,7 @@
 #define AUDIT_EOE               1320    /* End of multi-record event */
 #define AUDIT_BPRM_FCAPS        1321    /* Information about fcaps increasing perms */
 #define AUDIT_CAPSET            1322    /* Record showing argument to sys_capset */
+#define AUDIT_MMAP              1323    /* Record showing descriptor and flags in mmap */
 #define AUDIT_AVC               1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR       1401    /* Internal SE Linux Errors */
@@ -478,6 +479,7 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
                                  const struct cred *new,
                                  const struct cred *old);
 extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
+extern void __audit_mmap_fd(int fd, int flags);
 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
@@ -531,6 +533,12 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new,
                __audit_log_capset(pid, new, old);
 }
+static inline void audit_mmap_fd(int fd, int flags)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_mmap_fd(fd, flags);
+}
 extern int audit_n_rules;
 extern int audit_signals;
 #else
@@ -564,6 +572,7 @@ extern int audit_signals;
 #define audit_mq_getsetattr(d,s) ((void)0)
 #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
 #define audit_log_capset(pid, ncr, ocr) ((void)0)
+#define audit_mmap_fd(fd, flags) ((void)0)
 #define audit_ptrace(t) ((void)0)
 #define audit_n_rules 0
 #define audit_signals 0
diff --git a/include/linux/tty.h b/include/linux/tty.h
index e500171c745f..2a754748dd5f 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -541,8 +541,8 @@ extern void tty_audit_exit(void);
 extern void tty_audit_fork(struct signal_struct *sig);
 extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
 extern void tty_audit_push(struct tty_struct *tty);
-extern void tty_audit_push_task(struct task_struct *tsk,
+extern int tty_audit_push_task(struct task_struct *tsk,
-                                        uid_t loginuid, u32 sessionid);
+                               uid_t loginuid, u32 sessionid);
 #else
 static inline void tty_audit_add_data(struct tty_struct *tty,
                                      unsigned char *data, size_t size)
@@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig)
 static inline void tty_audit_push(struct tty_struct *tty)
 {
 }
-static inline void tty_audit_push_task(struct task_struct *tsk,
+static inline int tty_audit_push_task(struct task_struct *tsk,
-                                        uid_t loginuid, u32 sessionid)
+                                      uid_t loginuid, u32 sessionid)
 {
+        return 0;
 }
 #endif
diff --git a/kernel/audit.c b/kernel/audit.c
index d96045789b54..77770a034d59 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
        struct task_struct *tsk;
        int err;
-        read_lock(&tasklist_lock);
+        rcu_read_lock();
        tsk = find_task_by_vpid(pid);
-        err = -ESRCH;
+        if (!tsk) {
-        if (!tsk)
+                rcu_read_unlock();
-                goto out;
+                return -ESRCH;
-        err = 0;
+        }
+        get_task_struct(tsk);
-        spin_lock_irq(&tsk->sighand->siglock);
+        rcu_read_unlock();
-        if (!tsk->signal->audit_tty)
+        err = tty_audit_push_task(tsk, loginuid, sessionid);
-                err = -EPERM;
+        put_task_struct(tsk);
-        spin_unlock_irq(&tsk->sighand->siglock);
-        if (err)
-                goto out;
-        tty_audit_push_task(tsk, loginuid, sessionid);
-out:
-        read_unlock(&tasklist_lock);
        return err;
 }
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
 }
 struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
-                                 int multi, void *payload, int size)
+                                 int multi, const void *payload, int size)
 {
        struct sk_buff  *skb;
        struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
 * Allocates an skb, builds the netlink message, and sends it to the pid.
 * No failure notifications.
 */
-void audit_send_reply(int pid, int seq, int type, int done, int multi,
+static void audit_send_reply(int pid, int seq, int type, int done, int multi,
-                      void *payload, int size)
+                             const void *payload, int size)
 {
        struct sk_buff *skb;
        struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_TTY_GET: {
                struct audit_tty_status s;
                struct task_struct *tsk;
+                unsigned long flags;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        s.enabled = tsk->signal->audit_tty != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
-                audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,
+                rcu_read_unlock();
-                                 &s, sizeof(s));
+                if (!err)
+                        audit_send_reply(NETLINK_CB(skb).pid, seq,
+                                         AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
                break;
        }
        case AUDIT_TTY_SET: {
                struct audit_tty_status *s;
                struct task_struct *tsk;
+                unsigned long flags;
                if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
                        return -EINVAL;
                s = data;
                if (s->enabled != 0 && s->enabled != 1)
                        return -EINVAL;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        tsk->signal->audit_tty = s->enabled != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
+                rcu_read_unlock();
                break;
        }
        default:
diff --git a/kernel/audit.h b/kernel/audit.h
index f7206db4e13d..91e7071c4d2c 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char *dname, const char *path,
                                    int *dirlen);
 extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
                                             int done, int multi,
-                                             void *payload, int size);
+                                             const void *payload, int size);
-extern void                 audit_send_reply(int pid, int seq, int type,
-                                             int done, int multi,
-                                             void *payload, int size);
 extern void                 audit_panic(const char *message);
 struct audit_netlink_list {
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 7f18d3a4527e..37b2bea170c8 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
 {
        struct audit_chunk *chunk = find_chunk(p);
        struct fsnotify_mark *entry = &chunk->mark;
-        struct audit_chunk *new;
+        struct audit_chunk *new = NULL;
        struct audit_tree *owner;
        int size = chunk->count - 1;
        int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
        spin_unlock(&hash_lock);
+        if (size)
+                new = alloc_chunk(size);
        spin_lock(&entry->lock);
        if (chunk->dead || !entry->i.inode) {
                spin_unlock(&entry->lock);
+                if (new)
+                        free_chunk(new);
                goto out;
        }
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
                goto out;
        }
-        new = alloc_chunk(size);
        if (!new)
                goto Fallback;
        fsnotify_duplicate_mark(&new->mark, entry);
        if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
                free_chunk(new);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index f0c9b2e7542d..d2e3c7866460 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
 };
 /* fsnotify handle. */
-struct fsnotify_group *audit_watch_group;
+static struct fsnotify_group *audit_watch_group;
 /* fsnotify events we care about. */
 #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
        }
 }
-void audit_remove_watch(struct audit_watch *watch)
+static void audit_remove_watch(struct audit_watch *watch)
 {
        list_del(&watch->wlist);
        audit_put_parent(watch->parent);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index eb7675499fb5..add2819af71b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
                case AUDIT_LOGINUID:
                        result = audit_comparator(cb->loginuid, f->op, f->val);
                        break;
+                case AUDIT_SUBJ_USER:
+                case AUDIT_SUBJ_ROLE:
+                case AUDIT_SUBJ_TYPE:
+                case AUDIT_SUBJ_SEN:
+                case AUDIT_SUBJ_CLR:
+                        if (f->lsm_rule)
+                                result = security_audit_rule_match(cb->sid,
+                                                                   f->type,
+                                                                   f->op,
+                                                                   f->lsm_rule,
+                                                                   NULL);
+                        break;
                }
                if (!result)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1b31c130d034..f49a0318c2ed 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
                        pid_t                   pid;
                        struct audit_cap_data   cap;
                } capset;
+                struct {
+                        int                     fd;
+                        int                     flags;
+                } mmap;
        };
        int fds[2];
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic)
                audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
                audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
                break; }
+        case AUDIT_MMAP: {
+                audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
+                                 context->mmap.flags);
+                break; }
        }
        audit_log_end(ab);
 }
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
        context->type = AUDIT_CAPSET;
 }
+void __audit_mmap_fd(int fd, int flags)
+{
+        struct audit_context *context = current->audit_context;
+        context->mmap.fd = fd;
+        context->mmap.flags = flags;
+        context->type = AUDIT_MMAP;
+}
 /**
 * audit_core_dumps - record information about processes that end abnormally
 * @signr: signal value
diff --git a/mm/mmap.c b/mm/mmap.c
index 00161a48a451..b179abb1474a 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -28,6 +28,7 @@
 #include <linux/rmap.h>
 #include <linux/mmu_notifier.h>
 #include <linux/perf_event.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/cacheflush.h>
@@ -1108,6 +1109,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
        unsigned long retval = -EBADF;
        if (!(flags & MAP_ANONYMOUS)) {
+                audit_mmap_fd(fd, flags);
                if (unlikely(flags & MAP_HUGETLB))
                        return -EINVAL;
                file = fget(fd);
diff --git a/mm/nommu.c b/mm/nommu.c
index 30b5c20eec15..3613517c7592 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -29,6 +29,7 @@
 #include <linux/personality.h>
 #include <linux/security.h>
 #include <linux/syscalls.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/tlb.h>
@@ -1458,6 +1459,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
        struct file *file = NULL;
        unsigned long retval = -EBADF;
+        audit_mmap_fd(fd, flags);
        if (!(flags & MAP_ANONYMOUS)) {
                file = fget(fd);
                if (!file)

diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index 1b8ee590b4ca..f64582b0f623 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c
@@ -188,25 +188,43 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch)
188	}	188	}
189		189
190	/**	190	/**
191	* tty_audit_push_task - Flush task's pending audit data	191	* tty_audit_push_task - Flush task's pending audit data
		192	* @tsk: task pointer
		193	* @loginuid: sender login uid
		194	* @sessionid: sender session id
		195	*
		196	* Called with a ref on @tsk held. Try to lock sighand and get a
		197	* reference to the tty audit buffer if available.
		198	* Flush the buffer or return an appropriate error code.
192	*/	199	*/
193	void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)	200	int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
194	{	201	{
195	struct tty_audit_buf *buf;	202	struct tty_audit_buf *buf = ERR_PTR(-EPERM);
		203	unsigned long flags;
196		204
197	spin_lock_irq(&tsk->sighand->siglock);	205	if (!lock_task_sighand(tsk, &flags))
198	buf = tsk->signal->tty_audit_buf;	206	return -ESRCH;
199	if (buf)	207
200	atomic_inc(&buf->count);	208	if (tsk->signal->audit_tty) {
201	spin_unlock_irq(&tsk->sighand->siglock);	209	buf = tsk->signal->tty_audit_buf;
202	if (!buf)	210	if (buf)
203	return;	211	atomic_inc(&buf->count);
		212	}
		213	unlock_task_sighand(tsk, &flags);
		214
		215	/*
		216	* Return 0 when signal->audit_tty set
		217	* but tsk->signal->tty_audit_buf == NULL.
		218	*/
		219	if (!buf \|\| IS_ERR(buf))
		220	return PTR_ERR(buf);
204		221
205	mutex_lock(&buf->mutex);	222	mutex_lock(&buf->mutex);
206	tty_audit_buf_push(tsk, loginuid, sessionid, buf);	223	tty_audit_buf_push(tsk, loginuid, sessionid, buf);
207	mutex_unlock(&buf->mutex);	224	mutex_unlock(&buf->mutex);
208		225
209	tty_audit_buf_put(buf);	226	tty_audit_buf_put(buf);
		227	return 0;
210	}	228	}
211		229
212	/**	230	/**


diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h index 50764550a60c..bcbab3e4a3be 100644 --- a/include/asm-generic/audit_change_attr.h +++ b/include/asm-generic/audit_change_attr.h
@@ -20,3 +20,7 @@ __NR_chown32,
20	__NR_fchown32,	20	__NR_fchown32,
21	__NR_lchown32,	21	__NR_lchown32,
22	#endif	22	#endif
		23	__NR_link,
		24	#ifdef __NR_linkat
		25	__NR_linkat,
		26	#endif


diff --git a/include/linux/audit.h b/include/linux/audit.h index e24afabc548f..8b5c0620abf9 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -102,6 +102,7 @@
102	#define AUDIT_EOE 1320 /* End of multi-record event */	102	#define AUDIT_EOE 1320 /* End of multi-record event */
103	#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */	103	#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
104	#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */	104	#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
		105	#define AUDIT_MMAP 1323 /* Record showing descriptor and flags in mmap */
105		106
106	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */	107	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
107	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */	108	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -478,6 +479,7 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
478	const struct cred *new,	479	const struct cred *new,
479	const struct cred *old);	480	const struct cred *old);
480	extern void __audit_log_capset(pid_t pid, const struct cred new, const struct cred old);	481	extern void __audit_log_capset(pid_t pid, const struct cred new, const struct cred old);
		482	extern void __audit_mmap_fd(int fd, int flags);
481		483
482	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)	484	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
483	{	485	{
@@ -531,6 +533,12 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new,
531	__audit_log_capset(pid, new, old);	533	__audit_log_capset(pid, new, old);
532	}	534	}
533		535
		536	static inline void audit_mmap_fd(int fd, int flags)
		537	{
		538	if (unlikely(!audit_dummy_context()))
		539	__audit_mmap_fd(fd, flags);
		540	}
		541
534	extern int audit_n_rules;	542	extern int audit_n_rules;
535	extern int audit_signals;	543	extern int audit_signals;
536	#else	544	#else
@@ -564,6 +572,7 @@ extern int audit_signals;
564	#define audit_mq_getsetattr(d,s) ((void)0)	572	#define audit_mq_getsetattr(d,s) ((void)0)
565	#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })	573	#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
566	#define audit_log_capset(pid, ncr, ocr) ((void)0)	574	#define audit_log_capset(pid, ncr, ocr) ((void)0)
		575	#define audit_mmap_fd(fd, flags) ((void)0)
567	#define audit_ptrace(t) ((void)0)	576	#define audit_ptrace(t) ((void)0)
568	#define audit_n_rules 0	577	#define audit_n_rules 0
569	#define audit_signals 0	578	#define audit_signals 0


diff --git a/include/linux/tty.h b/include/linux/tty.h index e500171c745f..2a754748dd5f 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h
@@ -541,8 +541,8 @@ extern void tty_audit_exit(void);
541	extern void tty_audit_fork(struct signal_struct *sig);	541	extern void tty_audit_fork(struct signal_struct *sig);
542	extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);	542	extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
543	extern void tty_audit_push(struct tty_struct *tty);	543	extern void tty_audit_push(struct tty_struct *tty);
544	extern void tty_audit_push_task(struct task_struct *tsk,	544	extern int tty_audit_push_task(struct task_struct *tsk,
545	uid_t loginuid, u32 sessionid);	545	uid_t loginuid, u32 sessionid);
546	#else	546	#else
547	static inline void tty_audit_add_data(struct tty_struct *tty,	547	static inline void tty_audit_add_data(struct tty_struct *tty,
548	unsigned char *data, size_t size)	548	unsigned char *data, size_t size)
@@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig)
560	static inline void tty_audit_push(struct tty_struct *tty)	560	static inline void tty_audit_push(struct tty_struct *tty)
561	{	561	{
562	}	562	}
563	static inline void tty_audit_push_task(struct task_struct *tsk,	563	static inline int tty_audit_push_task(struct task_struct *tsk,
564	uid_t loginuid, u32 sessionid)	564	uid_t loginuid, u32 sessionid)
565	{	565	{
		566	return 0;
566	}	567	}
567	#endif	568	#endif
568		569


diff --git a/kernel/audit.c b/kernel/audit.c index d96045789b54..77770a034d59 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
467	struct task_struct *tsk;	467	struct task_struct *tsk;
468	int err;	468	int err;
469		469
470	read_lock(&tasklist_lock);	470	rcu_read_lock();
471	tsk = find_task_by_vpid(pid);	471	tsk = find_task_by_vpid(pid);
472	err = -ESRCH;	472	if (!tsk) {
473	if (!tsk)	473	rcu_read_unlock();
474	goto out;	474	return -ESRCH;
475	err = 0;	475	}
476		476	get_task_struct(tsk);
477	spin_lock_irq(&tsk->sighand->siglock);	477	rcu_read_unlock();
478	if (!tsk->signal->audit_tty)	478	err = tty_audit_push_task(tsk, loginuid, sessionid);
479	err = -EPERM;	479	put_task_struct(tsk);
480	spin_unlock_irq(&tsk->sighand->siglock);
481	if (err)
482	goto out;
483
484	tty_audit_push_task(tsk, loginuid, sessionid);
485	out:
486	read_unlock(&tasklist_lock);
487	return err;	480	return err;
488	}	481	}
489		482
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
506	}	499	}
507		500
508	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,	501	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
509	int multi, void *payload, int size)	502	int multi, const void *payload, int size)
510	{	503	{
511	struct sk_buff *skb;	504	struct sk_buff *skb;
512	struct nlmsghdr *nlh;	505	struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
555	* Allocates an skb, builds the netlink message, and sends it to the pid.	548	* Allocates an skb, builds the netlink message, and sends it to the pid.
556	* No failure notifications.	549	* No failure notifications.
557	*/	550	*/
558	void audit_send_reply(int pid, int seq, int type, int done, int multi,	551	static void audit_send_reply(int pid, int seq, int type, int done, int multi,
559	void *payload, int size)	552	const void *payload, int size)
560	{	553	{
561	struct sk_buff *skb;	554	struct sk_buff *skb;
562	struct task_struct *tsk;	555	struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
880	case AUDIT_TTY_GET: {	873	case AUDIT_TTY_GET: {
881	struct audit_tty_status s;	874	struct audit_tty_status s;
882	struct task_struct *tsk;	875	struct task_struct *tsk;
		876	unsigned long flags;
883		877
884	read_lock(&tasklist_lock);	878	rcu_read_lock();
885	tsk = find_task_by_vpid(pid);	879	tsk = find_task_by_vpid(pid);
886	if (!tsk)	880	if (tsk && lock_task_sighand(tsk, &flags)) {
887	err = -ESRCH;
888	else {
889	spin_lock_irq(&tsk->sighand->siglock);
890	s.enabled = tsk->signal->audit_tty != 0;	881	s.enabled = tsk->signal->audit_tty != 0;
891	spin_unlock_irq(&tsk->sighand->siglock);	882	unlock_task_sighand(tsk, &flags);
892	}	883	} else
893	read_unlock(&tasklist_lock);	884	err = -ESRCH;
894	audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,	885	rcu_read_unlock();
895	&s, sizeof(s));	886
		887	if (!err)
		888	audit_send_reply(NETLINK_CB(skb).pid, seq,
		889	AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
896	break;	890	break;
897	}	891	}
898	case AUDIT_TTY_SET: {	892	case AUDIT_TTY_SET: {
899	struct audit_tty_status *s;	893	struct audit_tty_status *s;
900	struct task_struct *tsk;	894	struct task_struct *tsk;
		895	unsigned long flags;
901		896
902	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))	897	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
903	return -EINVAL;	898	return -EINVAL;
904	s = data;	899	s = data;
905	if (s->enabled != 0 && s->enabled != 1)	900	if (s->enabled != 0 && s->enabled != 1)
906	return -EINVAL;	901	return -EINVAL;
907	read_lock(&tasklist_lock);	902	rcu_read_lock();
908	tsk = find_task_by_vpid(pid);	903	tsk = find_task_by_vpid(pid);
909	if (!tsk)	904	if (tsk && lock_task_sighand(tsk, &flags)) {
910	err = -ESRCH;
911	else {
912	spin_lock_irq(&tsk->sighand->siglock);
913	tsk->signal->audit_tty = s->enabled != 0;	905	tsk->signal->audit_tty = s->enabled != 0;
914	spin_unlock_irq(&tsk->sighand->siglock);	906	unlock_task_sighand(tsk, &flags);
915	}	907	} else
916	read_unlock(&tasklist_lock);	908	err = -ESRCH;
		909	rcu_read_unlock();
917	break;	910	break;
918	}	911	}
919	default:	912	default:


diff --git a/kernel/audit.h b/kernel/audit.h index f7206db4e13d..91e7071c4d2c 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char dname, const char path,
84	int *dirlen);	84	int *dirlen);
85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,	85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
86	int done, int multi,	86	int done, int multi,
87	void *payload, int size);	87	const void *payload, int size);
88	extern void audit_send_reply(int pid, int seq, int type,
89	int done, int multi,
90	void *payload, int size);
91	extern void audit_panic(const char *message);	88	extern void audit_panic(const char *message);
92		89
93	struct audit_netlink_list {	90	struct audit_netlink_list {


diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 7f18d3a4527e..37b2bea170c8 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
223	{	223	{
224	struct audit_chunk *chunk = find_chunk(p);	224	struct audit_chunk *chunk = find_chunk(p);
225	struct fsnotify_mark *entry = &chunk->mark;	225	struct fsnotify_mark *entry = &chunk->mark;
226	struct audit_chunk *new;	226	struct audit_chunk *new = NULL;
227	struct audit_tree *owner;	227	struct audit_tree *owner;
228	int size = chunk->count - 1;	228	int size = chunk->count - 1;
229	int i, j;	229	int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
232		232
233	spin_unlock(&hash_lock);	233	spin_unlock(&hash_lock);
234		234
		235	if (size)
		236	new = alloc_chunk(size);
		237
235	spin_lock(&entry->lock);	238	spin_lock(&entry->lock);
236	if (chunk->dead \|\| !entry->i.inode) {	239	if (chunk->dead \|\| !entry->i.inode) {
237	spin_unlock(&entry->lock);	240	spin_unlock(&entry->lock);
		241	if (new)
		242	free_chunk(new);
238	goto out;	243	goto out;
239	}	244	}
240		245
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
255	goto out;	260	goto out;
256	}	261	}
257		262
258	new = alloc_chunk(size);
259	if (!new)	263	if (!new)
260	goto Fallback;	264	goto Fallback;
		265
261	fsnotify_duplicate_mark(&new->mark, entry);	266	fsnotify_duplicate_mark(&new->mark, entry);
262	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {	267	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
263	free_chunk(new);	268	free_chunk(new);


diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index f0c9b2e7542d..d2e3c7866460 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
60	};	60	};
61		61
62	/* fsnotify handle. */	62	/* fsnotify handle. */
63	struct fsnotify_group *audit_watch_group;	63	static struct fsnotify_group *audit_watch_group;
64		64
65	/* fsnotify events we care about. */	65	/* fsnotify events we care about. */
66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\	66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
123	}	123	}
124	}	124	}
125		125
126	void audit_remove_watch(struct audit_watch *watch)	126	static void audit_remove_watch(struct audit_watch *watch)
127	{	127	{
128	list_del(&watch->wlist);	128	list_del(&watch->wlist);
129	audit_put_parent(watch->parent);	129	audit_put_parent(watch->parent);


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index eb7675499fb5..add2819af71b 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1252	case AUDIT_LOGINUID:	1252	case AUDIT_LOGINUID:
1253	result = audit_comparator(cb->loginuid, f->op, f->val);	1253	result = audit_comparator(cb->loginuid, f->op, f->val);
1254	break;	1254	break;
		1255	case AUDIT_SUBJ_USER:
		1256	case AUDIT_SUBJ_ROLE:
		1257	case AUDIT_SUBJ_TYPE:
		1258	case AUDIT_SUBJ_SEN:
		1259	case AUDIT_SUBJ_CLR:
		1260	if (f->lsm_rule)
		1261	result = security_audit_rule_match(cb->sid,
		1262	f->type,
		1263	f->op,
		1264	f->lsm_rule,
		1265	NULL);
		1266	break;
1255	}	1267	}
1256		1268
1257	if (!result)	1269	if (!result)


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b31c130d034..f49a0318c2ed 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
241	pid_t pid;	241	pid_t pid;
242	struct audit_cap_data cap;	242	struct audit_cap_data cap;
243	} capset;	243	} capset;
		244	struct {
		245	int fd;
		246	int flags;
		247	} mmap;
244	};	248	};
245	int fds[2];	249	int fds[2];
246		250
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context context, int call_panic)
1305	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);	1309	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
1306	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);	1310	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
1307	break; }	1311	break; }
		1312	case AUDIT_MMAP: {
		1313	audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
		1314	context->mmap.flags);
		1315	break; }
1308	}	1316	}
1309	audit_log_end(ab);	1317	audit_log_end(ab);
1310	}	1318	}
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
2476	context->type = AUDIT_CAPSET;	2484	context->type = AUDIT_CAPSET;
2477	}	2485	}
2478		2486
		2487	void __audit_mmap_fd(int fd, int flags)
		2488	{
		2489	struct audit_context *context = current->audit_context;
		2490	context->mmap.fd = fd;
		2491	context->mmap.flags = flags;
		2492	context->type = AUDIT_MMAP;
		2493	}
		2494
2479	/**	2495	/**
2480	* audit_core_dumps - record information about processes that end abnormally	2496	* audit_core_dumps - record information about processes that end abnormally
2481	* @signr: signal value	2497	* @signr: signal value


diff --git a/mm/mmap.c b/mm/mmap.c index 00161a48a451..b179abb1474a 100644 --- a/mm/mmap.c +++ b/mm/mmap.c
@@ -28,6 +28,7 @@
28	#include <linux/rmap.h>	28	#include <linux/rmap.h>
29	#include <linux/mmu_notifier.h>	29	#include <linux/mmu_notifier.h>
30	#include <linux/perf_event.h>	30	#include <linux/perf_event.h>
		31	#include <linux/audit.h>
31		32
32	#include <asm/uaccess.h>	33	#include <asm/uaccess.h>
33	#include <asm/cacheflush.h>	34	#include <asm/cacheflush.h>
@@ -1108,6 +1109,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
1108	unsigned long retval = -EBADF;	1109	unsigned long retval = -EBADF;
1109		1110
1110	if (!(flags & MAP_ANONYMOUS)) {	1111	if (!(flags & MAP_ANONYMOUS)) {
		1112	audit_mmap_fd(fd, flags);
1111	if (unlikely(flags & MAP_HUGETLB))	1113	if (unlikely(flags & MAP_HUGETLB))
1112	return -EINVAL;	1114	return -EINVAL;
1113	file = fget(fd);	1115	file = fget(fd);


diff --git a/mm/nommu.c b/mm/nommu.c index 30b5c20eec15..3613517c7592 100644 --- a/mm/nommu.c +++ b/mm/nommu.c
@@ -29,6 +29,7 @@
29	#include <linux/personality.h>	29	#include <linux/personality.h>
30	#include <linux/security.h>	30	#include <linux/security.h>
31	#include <linux/syscalls.h>	31	#include <linux/syscalls.h>
		32	#include <linux/audit.h>
32		33
33	#include <asm/uaccess.h>	34	#include <asm/uaccess.h>
34	#include <asm/tlb.h>	35	#include <asm/tlb.h>
@@ -1458,6 +1459,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
1458	struct file *file = NULL;	1459	struct file *file = NULL;
1459	unsigned long retval = -EBADF;	1460	unsigned long retval = -EBADF;
1460		1461
		1462	audit_mmap_fd(fd, flags);
1461	if (!(flags & MAP_ANONYMOUS)) {	1463	if (!(flags & MAP_ANONYMOUS)) {
1462	file = fget(fd);	1464	file = fget(fd);
1463	if (!file)	1465	if (!file)