aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/audit.h2
-rw-r--r--kernel/audit.c49
-rw-r--r--kernel/audit.h2
3 files changed, 27 insertions, 26 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 98fe8a26a601..aa865a9a4c4f 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -465,7 +465,7 @@ extern int audit_rule_change(int type, __u32 portid, int seq,
465 void *data, size_t datasz); 465 void *data, size_t datasz);
466extern int audit_list_rules_send(__u32 portid, int seq); 466extern int audit_list_rules_send(__u32 portid, int seq);
467 467
468extern int audit_enabled; 468extern u32 audit_enabled;
469#else /* CONFIG_AUDIT */ 469#else /* CONFIG_AUDIT */
470static inline __printf(4, 5) 470static inline __printf(4, 5)
471void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 471void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
diff --git a/kernel/audit.c b/kernel/audit.c
index 5f4766f5216d..2df247dd2432 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -79,16 +79,16 @@ static int audit_initialized;
79#define AUDIT_OFF 0 79#define AUDIT_OFF 0
80#define AUDIT_ON 1 80#define AUDIT_ON 1
81#define AUDIT_LOCKED 2 81#define AUDIT_LOCKED 2
82int audit_enabled; 82u32 audit_enabled;
83int audit_ever_enabled; 83u32 audit_ever_enabled;
84 84
85EXPORT_SYMBOL_GPL(audit_enabled); 85EXPORT_SYMBOL_GPL(audit_enabled);
86 86
87/* Default state when kernel boots without any parameters. */ 87/* Default state when kernel boots without any parameters. */
88static int audit_default; 88static u32 audit_default;
89 89
90/* If auditing cannot proceed, audit_failure selects what happens. */ 90/* If auditing cannot proceed, audit_failure selects what happens. */
91static int audit_failure = AUDIT_FAIL_PRINTK; 91static u32 audit_failure = AUDIT_FAIL_PRINTK;
92 92
93/* 93/*
94 * If audit records are to be written to the netlink socket, audit_pid 94 * If audit records are to be written to the netlink socket, audit_pid
@@ -101,14 +101,14 @@ static __u32 audit_nlk_portid;
101/* If audit_rate_limit is non-zero, limit the rate of sending audit records 101/* If audit_rate_limit is non-zero, limit the rate of sending audit records
102 * to that number per second. This prevents DoS attacks, but results in 102 * to that number per second. This prevents DoS attacks, but results in
103 * audit records being dropped. */ 103 * audit records being dropped. */
104static int audit_rate_limit; 104static u32 audit_rate_limit;
105 105
106/* Number of outstanding audit_buffers allowed. 106/* Number of outstanding audit_buffers allowed.
107 * When set to zero, this means unlimited. */ 107 * When set to zero, this means unlimited. */
108static int audit_backlog_limit = 64; 108static u32 audit_backlog_limit = 64;
109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) 109#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
110static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; 110static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
111static int audit_backlog_wait_overflow = 0; 111static u32 audit_backlog_wait_overflow = 0;
112 112
113/* The identity of the user shutting down the audit system. */ 113/* The identity of the user shutting down the audit system. */
114kuid_t audit_sig_uid = INVALID_UID; 114kuid_t audit_sig_uid = INVALID_UID;
@@ -272,7 +272,7 @@ void audit_log_lost(const char *message)
272 272
273 if (print) { 273 if (print) {
274 if (printk_ratelimit()) 274 if (printk_ratelimit())
275 pr_warn("audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n", 275 pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n",
276 atomic_read(&audit_lost), 276 atomic_read(&audit_lost),
277 audit_rate_limit, 277 audit_rate_limit,
278 audit_backlog_limit); 278 audit_backlog_limit);
@@ -280,7 +280,7 @@ void audit_log_lost(const char *message)
280 } 280 }
281} 281}
282 282
283static int audit_log_config_change(char *function_name, int new, int old, 283static int audit_log_config_change(char *function_name, u32 new, u32 old,
284 int allow_changes) 284 int allow_changes)
285{ 285{
286 struct audit_buffer *ab; 286 struct audit_buffer *ab;
@@ -289,7 +289,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
289 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 289 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
290 if (unlikely(!ab)) 290 if (unlikely(!ab))
291 return rc; 291 return rc;
292 audit_log_format(ab, "%s=%d old=%d", function_name, new, old); 292 audit_log_format(ab, "%s=%u old=%u", function_name, new, old);
293 audit_log_session_info(ab); 293 audit_log_session_info(ab);
294 rc = audit_log_task_context(ab); 294 rc = audit_log_task_context(ab);
295 if (rc) 295 if (rc)
@@ -299,9 +299,10 @@ static int audit_log_config_change(char *function_name, int new, int old,
299 return rc; 299 return rc;
300} 300}
301 301
302static int audit_do_config_change(char *function_name, int *to_change, int new) 302static int audit_do_config_change(char *function_name, u32 *to_change, u32 new)
303{ 303{
304 int allow_changes, rc = 0, old = *to_change; 304 int allow_changes, rc = 0;
305 u32 old = *to_change;
305 306
306 /* check if we are locked */ 307 /* check if we are locked */
307 if (audit_enabled == AUDIT_LOCKED) 308 if (audit_enabled == AUDIT_LOCKED)
@@ -324,23 +325,23 @@ static int audit_do_config_change(char *function_name, int *to_change, int new)
324 return rc; 325 return rc;
325} 326}
326 327
327static int audit_set_rate_limit(int limit) 328static int audit_set_rate_limit(u32 limit)
328{ 329{
329 return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit); 330 return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit);
330} 331}
331 332
332static int audit_set_backlog_limit(int limit) 333static int audit_set_backlog_limit(u32 limit)
333{ 334{
334 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); 335 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);
335} 336}
336 337
337static int audit_set_backlog_wait_time(int timeout) 338static int audit_set_backlog_wait_time(u32 timeout)
338{ 339{
339 return audit_do_config_change("audit_backlog_wait_time", 340 return audit_do_config_change("audit_backlog_wait_time",
340 &audit_backlog_wait_time, timeout); 341 &audit_backlog_wait_time, timeout);
341} 342}
342 343
343static int audit_set_enabled(int state) 344static int audit_set_enabled(u32 state)
344{ 345{
345 int rc; 346 int rc;
346 if (state < AUDIT_OFF || state > AUDIT_LOCKED) 347 if (state < AUDIT_OFF || state > AUDIT_LOCKED)
@@ -353,7 +354,7 @@ static int audit_set_enabled(int state)
353 return rc; 354 return rc;
354} 355}
355 356
356static int audit_set_failure(int state) 357static int audit_set_failure(u32 state)
357{ 358{
358 if (state != AUDIT_FAIL_SILENT 359 if (state != AUDIT_FAIL_SILENT
359 && state != AUDIT_FAIL_PRINTK 360 && state != AUDIT_FAIL_PRINTK
@@ -688,7 +689,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
688 689
689 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); 690 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
690 audit_log_task_info(ab, current); 691 audit_log_task_info(ab, current);
691 audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d", 692 audit_log_format(ab, "feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
692 audit_feature_names[which], !!old_feature, !!new_feature, 693 audit_feature_names[which], !!old_feature, !!new_feature,
693 !!old_lock, !!new_lock, res); 694 !!old_lock, !!new_lock, res);
694 audit_log_end(ab); 695 audit_log_end(ab);
@@ -1144,16 +1145,16 @@ __setup("audit=", audit_enable);
1144 * audit_backlog_limit=<n> */ 1145 * audit_backlog_limit=<n> */
1145static int __init audit_backlog_limit_set(char *str) 1146static int __init audit_backlog_limit_set(char *str)
1146{ 1147{
1147 long int audit_backlog_limit_arg; 1148 u32 audit_backlog_limit_arg;
1148 1149
1149 pr_info("audit_backlog_limit: "); 1150 pr_info("audit_backlog_limit: ");
1150 if (kstrtol(str, 0, &audit_backlog_limit_arg)) { 1151 if (kstrtouint(str, 0, &audit_backlog_limit_arg)) {
1151 pr_cont("using default of %d, unable to parse %s\n", 1152 pr_cont("using default of %u, unable to parse %s\n",
1152 audit_backlog_limit, str); 1153 audit_backlog_limit, str);
1153 return 1; 1154 return 1;
1154 } 1155 }
1155 if (audit_backlog_limit_arg >= 0) 1156
1156 audit_backlog_limit = (int)audit_backlog_limit_arg; 1157 audit_backlog_limit = audit_backlog_limit_arg;
1157 pr_cont("%d\n", audit_backlog_limit); 1158 pr_cont("%d\n", audit_backlog_limit);
1158 1159
1159 return 1; 1160 return 1;
diff --git a/kernel/audit.h b/kernel/audit.h
index 0719b4547221..57cc64d67718 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -209,7 +209,7 @@ struct audit_context {
209#endif 209#endif
210}; 210};
211 211
212extern int audit_ever_enabled; 212extern u32 audit_ever_enabled;
213 213
214extern void audit_copy_inode(struct audit_names *name, 214extern void audit_copy_inode(struct audit_names *name,
215 const struct dentry *dentry, 215 const struct dentry *dentry,