From ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7 Mon Sep 17 00:00:00 2001 From: Eric W. Biederman Date: Tue, 19 Mar 2013 00:02:25 -0700 Subject: audit: Simplify and correct audit_log_capset - Always report the current process as capset now always only works on the current process. This prevents reporting 0 or a random pid in a random pid namespace. - Don't bother to pass the pid as is available. Signed-off-by: "Eric W. Biederman" (cherry picked from commit bcc85f0af31af123e32858069eb2ad8f39f90e67) (cherry picked from commit f911cac4556a7a23e0b3ea850233d13b32328692) Signed-off-by: Richard Guy Briggs [eparis: fix build error when audit disabled] Signed-off-by: Eric Paris --- include/linux/audit.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index a40641954c29..c9a66c6f1307 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -220,7 +220,7 @@ extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, const struct cred *new, const struct cred *old); -extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); +extern void __audit_log_capset(const struct cred *new, const struct cred *old); extern void __audit_mmap_fd(int fd, int flags); static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) @@ -285,11 +285,11 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, return 0; } -static inline void audit_log_capset(pid_t pid, const struct cred *new, +static inline void audit_log_capset(const struct cred *new, const struct cred *old) { if (unlikely(!audit_dummy_context())) - __audit_log_capset(pid, new, old); + __audit_log_capset(new, old); } static inline void audit_mmap_fd(int fd, int flags) @@ -397,8 +397,8 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, { return 0; } -static inline void audit_log_capset(pid_t pid, const struct cred *new, - const struct cred *old) +static inline void audit_log_capset(const struct cred *new, + const struct cred *old) { } static inline void audit_mmap_fd(int fd, int flags) { } -- cgit v1.2.3 From f9441639e6319f0c0e12bd63fa2f58990af0a9d2 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 14 Aug 2013 11:32:45 -0400 Subject: audit: fix netlink portid naming and types Normally, netlink ports use the PID of the userspace process as the port ID. If the PID is already in use by a port, the kernel will allocate another port ID to avoid conflict. Re-name all references to netlink ports from pid to portid to reflect this reality and avoid confusion with actual PIDs. Ports use the __u32 type, so re-type all portids accordingly. (This patch is very similar to ebiederman's 5deadd69) Signed-off-by: Richard Guy Briggs Signed-off-by: Gao feng Signed-off-by: Eric Paris --- include/linux/audit.h | 2 +- kernel/audit.c | 32 ++++++++++++++++---------------- kernel/audit.h | 8 ++++---- kernel/auditfilter.c | 18 ++++++++++-------- 4 files changed, 31 insertions(+), 29 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index c9a66c6f1307..9185bfa1c78b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -461,7 +461,7 @@ extern int audit_update_lsm_rules(void); /* Private API (for audit.c only) */ extern int audit_filter_user(int type); extern int audit_filter_type(int type); -extern int audit_receive_filter(int type, int pid, int seq, +extern int audit_receive_filter(int type, __u32 portid, int seq, void *data, size_t datasz); extern int audit_enabled; #else /* CONFIG_AUDIT */ diff --git a/kernel/audit.c b/kernel/audit.c index 906ae5a0233a..3d3747be7c52 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -93,7 +93,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK; * the portid to use to send netlink messages to that process. */ int audit_pid; -static int audit_nlk_portid; +static __u32 audit_nlk_portid; /* If audit_rate_limit is non-zero, limit the rate of sending audit records * to that number per second. This prevents DoS attacks, but results in @@ -175,15 +175,15 @@ struct audit_buffer { }; struct audit_reply { - int pid; + __u32 portid; struct sk_buff *skb; }; -static void audit_set_pid(struct audit_buffer *ab, pid_t pid) +static void audit_set_portid(struct audit_buffer *ab, __u32 portid) { if (ab) { struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); - nlh->nlmsg_pid = pid; + nlh->nlmsg_pid = portid; } } @@ -482,7 +482,7 @@ static int kauditd_thread(void *dummy) int audit_send_list(void *_dest) { struct audit_netlink_list *dest = _dest; - int pid = dest->pid; + __u32 portid = dest->portid; struct sk_buff *skb; /* wait for parent to finish and send an ACK */ @@ -490,14 +490,14 @@ int audit_send_list(void *_dest) mutex_unlock(&audit_cmd_mutex); while ((skb = __skb_dequeue(&dest->q)) != NULL) - netlink_unicast(audit_sock, skb, pid, 0); + netlink_unicast(audit_sock, skb, portid, 0); kfree(dest); return 0; } -struct sk_buff *audit_make_reply(int pid, int seq, int type, int done, +struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done, int multi, const void *payload, int size) { struct sk_buff *skb; @@ -510,7 +510,7 @@ struct sk_buff *audit_make_reply(int pid, int seq, int type, int done, if (!skb) return NULL; - nlh = nlmsg_put(skb, pid, seq, t, size, flags); + nlh = nlmsg_put(skb, portid, seq, t, size, flags); if (!nlh) goto out_kfree_skb; data = nlmsg_data(nlh); @@ -531,13 +531,13 @@ static int audit_send_reply_thread(void *arg) /* Ignore failure. It'll only happen if the sender goes away, because our timeout is set to infinite. */ - netlink_unicast(audit_sock, reply->skb, reply->pid, 0); + netlink_unicast(audit_sock, reply->skb, reply->portid, 0); kfree(reply); return 0; } /** * audit_send_reply - send an audit reply message via netlink - * @pid: process id to send reply to + * @portid: netlink port to which to send reply * @seq: sequence number * @type: audit message type * @done: done (last) flag @@ -545,11 +545,11 @@ static int audit_send_reply_thread(void *arg) * @payload: payload data * @size: payload size * - * Allocates an skb, builds the netlink message, and sends it to the pid. + * Allocates an skb, builds the netlink message, and sends it to the port id. * No failure notifications. */ -static void audit_send_reply(int pid, int seq, int type, int done, int multi, - const void *payload, int size) +static void audit_send_reply(__u32 portid, int seq, int type, int done, + int multi, const void *payload, int size) { struct sk_buff *skb; struct task_struct *tsk; @@ -559,11 +559,11 @@ static void audit_send_reply(int pid, int seq, int type, int done, int multi, if (!reply) return; - skb = audit_make_reply(pid, seq, type, done, multi, payload, size); + skb = audit_make_reply(portid, seq, type, done, multi, payload, size); if (!skb) goto out; - reply->pid = pid; + reply->portid = portid; reply->skb = skb; tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply"); @@ -839,7 +839,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) size--; audit_log_n_untrustedstring(ab, data, size); } - audit_set_pid(ab, NETLINK_CB(skb).portid); + audit_set_portid(ab, NETLINK_CB(skb).portid); audit_log_end(ab); } break; diff --git a/kernel/audit.h b/kernel/audit.h index b779642b29af..c7282444caea 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -240,13 +240,13 @@ extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right); extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right); extern int parent_len(const char *path); extern int audit_compare_dname_path(const char *dname, const char *path, int plen); -extern struct sk_buff * audit_make_reply(int pid, int seq, int type, - int done, int multi, - const void *payload, int size); +extern struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, + int done, int multi, + const void *payload, int size); extern void audit_panic(const char *message); struct audit_netlink_list { - int pid; + __u32 portid; struct sk_buff_head q; }; diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 51f3fd4c1ed3..08f7f7bef26c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -972,7 +972,7 @@ out: } /* List rules using struct audit_rule_data. */ -static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) +static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q) { struct sk_buff *skb; struct audit_krule *r; @@ -987,14 +987,15 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) data = audit_krule_to_data(r); if (unlikely(!data)) break; - skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 0, 1, - data, sizeof(*data) + data->buflen); + skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES, + 0, 1, data, + sizeof(*data) + data->buflen); if (skb) skb_queue_tail(q, skb); kfree(data); } } - skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0); + skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0); if (skb) skb_queue_tail(q, skb); } @@ -1024,12 +1025,13 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re /** * audit_receive_filter - apply all rules to the specified message type * @type: audit message type - * @pid: target pid for netlink audit messages + * @portid: target port id for netlink audit messages * @seq: netlink audit message sequence (serial) number * @data: payload data * @datasz: size of payload data */ -int audit_receive_filter(int type, int pid, int seq, void *data, size_t datasz) +int audit_receive_filter(int type, __u32 portid, int seq, void *data, + size_t datasz) { struct task_struct *tsk; struct audit_netlink_list *dest; @@ -1047,11 +1049,11 @@ int audit_receive_filter(int type, int pid, int seq, void *data, size_t datasz) dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); if (!dest) return -ENOMEM; - dest->pid = pid; + dest->portid = portid; skb_queue_head_init(&dest->q); mutex_lock(&audit_filter_mutex); - audit_list_rules(pid, seq, &dest->q); + audit_list_rules(portid, seq, &dest->q); mutex_unlock(&audit_filter_mutex); tsk = kthread_run(audit_send_list, dest, "audit_send_list"); -- cgit v1.2.3 From 09f883a9023e7a86f92c731e80f30a9447f4bdbe Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 18 Sep 2013 09:32:24 -0400 Subject: audit: clean up AUDIT_GET/SET local variables and future-proof API Re-named confusing local variable names (status_set and status_get didn't agree with their command type name) and reduced their scope. Future-proof API changes by not depending on the exact size of the audit_status struct and by adding an API version field. Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris --- include/uapi/linux/audit.h | 1 + kernel/audit.c | 54 +++++++++++++++++++++++++--------------------- 2 files changed, 30 insertions(+), 25 deletions(-) (limited to 'include') diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index e2f0d9977131..4fdedd4c88a1 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -376,6 +376,7 @@ struct audit_status { __u32 backlog_limit; /* waiting messages limit */ __u32 lost; /* messages lost */ __u32 backlog; /* messages waiting in queue */ + __u32 version; /* audit api version number */ }; struct audit_features { diff --git a/kernel/audit.c b/kernel/audit.c index 833f8e2003b7..80b7de02947b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -743,7 +743,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) { u32 seq; void *data; - struct audit_status *status_get, status_set; int err; struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; @@ -769,34 +768,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) data = nlmsg_data(nlh); switch (msg_type) { - case AUDIT_GET: - memset(&status_set, 0, sizeof(status_set)); - status_set.enabled = audit_enabled; - status_set.failure = audit_failure; - status_set.pid = audit_pid; - status_set.rate_limit = audit_rate_limit; - status_set.backlog_limit = audit_backlog_limit; - status_set.lost = atomic_read(&audit_lost); - status_set.backlog = skb_queue_len(&audit_skb_queue); + case AUDIT_GET: { + struct audit_status s; + memset(&s, 0, sizeof(s)); + s.enabled = audit_enabled; + s.failure = audit_failure; + s.pid = audit_pid; + s.rate_limit = audit_rate_limit; + s.backlog_limit = audit_backlog_limit; + s.lost = atomic_read(&audit_lost); + s.backlog = skb_queue_len(&audit_skb_queue); + s.version = 1; audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, - &status_set, sizeof(status_set)); + &s, sizeof(s)); break; - case AUDIT_SET: - if (nlmsg_len(nlh) < sizeof(struct audit_status)) - return -EINVAL; - status_get = (struct audit_status *)data; - if (status_get->mask & AUDIT_STATUS_ENABLED) { - err = audit_set_enabled(status_get->enabled); + } + case AUDIT_SET: { + struct audit_status s; + memset(&s, 0, sizeof(s)); + /* guard against past and future API changes */ + memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh))); + if (s.mask & AUDIT_STATUS_ENABLED) { + err = audit_set_enabled(s.enabled); if (err < 0) return err; } - if (status_get->mask & AUDIT_STATUS_FAILURE) { - err = audit_set_failure(status_get->failure); + if (s.mask & AUDIT_STATUS_FAILURE) { + err = audit_set_failure(s.failure); if (err < 0) return err; } - if (status_get->mask & AUDIT_STATUS_PID) { - int new_pid = status_get->pid; + if (s.mask & AUDIT_STATUS_PID) { + int new_pid = s.pid; if (audit_enabled != AUDIT_OFF) audit_log_config_change("audit_pid", new_pid, audit_pid, 1); @@ -804,14 +807,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_nlk_portid = NETLINK_CB(skb).portid; audit_sock = NETLINK_CB(skb).sk; } - if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { - err = audit_set_rate_limit(status_get->rate_limit); + if (s.mask & AUDIT_STATUS_RATE_LIMIT) { + err = audit_set_rate_limit(s.rate_limit); if (err < 0) return err; } - if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) - err = audit_set_backlog_limit(status_get->backlog_limit); + if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) + err = audit_set_backlog_limit(s.backlog_limit); break; + } case AUDIT_GET_FEATURE: err = audit_get_feature(skb); if (err) -- cgit v1.2.3 From 51cc83f024ee51de9da70c17e01ec6de524f5906 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 18 Sep 2013 11:55:12 -0400 Subject: audit: add audit_backlog_wait_time configuration option reaahead-collector abuses the audit logging facility to discover which files are accessed at boot time to make a pre-load list Add a tuning option to audit_backlog_wait_time so that if auditd can't keep up, or gets blocked, the callers won't be blocked. Bump audit_status API version to "2". Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris --- include/uapi/linux/audit.h | 2 ++ kernel/audit.c | 31 +++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 4fdedd4c88a1..14afb0d22902 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -319,6 +319,7 @@ enum { #define AUDIT_STATUS_PID 0x0004 #define AUDIT_STATUS_RATE_LIMIT 0x0008 #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 +#define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 /* Failure-to-log actions */ #define AUDIT_FAIL_SILENT 0 #define AUDIT_FAIL_PRINTK 1 @@ -377,6 +378,7 @@ struct audit_status { __u32 lost; /* messages lost */ __u32 backlog; /* messages waiting in queue */ __u32 version; /* audit api version number */ + __u32 backlog_wait_time;/* message queue wait timeout */ }; struct audit_features { diff --git a/kernel/audit.c b/kernel/audit.c index 80b7de02947b..37ba59936dc5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -334,6 +334,12 @@ static int audit_set_backlog_limit(int limit) return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); } +static int audit_set_backlog_wait_time(int timeout) +{ + return audit_do_config_change("audit_backlog_wait_time", + &audit_backlog_wait_time, timeout); +} + static int audit_set_enabled(int state) { int rc; @@ -778,7 +784,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) s.backlog_limit = audit_backlog_limit; s.lost = atomic_read(&audit_lost); s.backlog = skb_queue_len(&audit_skb_queue); - s.version = 1; + s.version = 2; + s.backlog_wait_time = audit_backlog_wait_time; audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); break; @@ -812,8 +819,28 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (err < 0) return err; } - if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) + if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) { err = audit_set_backlog_limit(s.backlog_limit); + if (err < 0) + return err; + } + switch (s.version) { + /* add future vers # cases immediately below and allow + * to fall through */ + case 2: + if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) { + if (sizeof(s) > (size_t)nlh->nlmsg_len) + return -EINVAL; + if (s.backlog_wait_time < 0 || + s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME) + return -EINVAL; + err = audit_set_backlog_wait_time(s.backlog_wait_time); + if (err < 0) + return err; + } + default: + break; + } break; } case AUDIT_GET_FEATURE: -- cgit v1.2.3 From b6cfee4cce25d8d2cc06c69f0de2b61d4b2249b3 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Tue, 26 Nov 2013 18:01:36 -0500 Subject: audit: fix incorrect type of sessionid The type of task->sessionid is unsigned int, the return type of audit_get_sessionid should be consistent with it. Signed-off-by: Gao feng Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris --- include/linux/audit.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 9185bfa1c78b..1690f956bff5 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -202,7 +202,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) return tsk->loginuid; } -static inline int audit_get_sessionid(struct task_struct *tsk) +static inline unsigned int audit_get_sessionid(struct task_struct *tsk) { return tsk->sessionid; } @@ -359,7 +359,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { return INVALID_UID; } -static inline int audit_get_sessionid(struct task_struct *tsk) +static inline unsigned int audit_get_sessionid(struct task_struct *tsk) { return -1; } -- cgit v1.2.3 From ce0d9f04699706843e8a494d12cf6c7663d478c7 Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 20 Nov 2013 14:01:53 -0500 Subject: audit: refactor audit_receive_msg() to clarify AUDIT_*_RULE* cases audit_receive_msg() needlessly contained a fallthrough case that called audit_receive_filter(), containing no common code between the cases. Separate them to make the logic clearer. Refactor AUDIT_LIST_RULES, AUDIT_ADD_RULE, AUDIT_DEL_RULE cases to create audit_rule_change(), audit_list_rules_send() functions. This should not functionally change the logic. Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris --- include/linux/audit.h | 4 ++- kernel/audit.c | 7 ++--- kernel/auditfilter.c | 71 +++++++++++++++++++++++++++++---------------------- 3 files changed, 48 insertions(+), 34 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 1690f956bff5..697621975b8d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -461,8 +461,10 @@ extern int audit_update_lsm_rules(void); /* Private API (for audit.c only) */ extern int audit_filter_user(int type); extern int audit_filter_type(int type); -extern int audit_receive_filter(int type, __u32 portid, int seq, +extern int audit_rule_change(int type, __u32 portid, int seq, void *data, size_t datasz); +extern int audit_list_rules_send(__u32 portid, int seq); + extern int audit_enabled; #else /* CONFIG_AUDIT */ static inline __printf(4, 5) diff --git a/kernel/audit.c b/kernel/audit.c index fdb8528ceca3..c460f33c2801 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -903,11 +903,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_log_end(ab); return -EPERM; } - /* fallthrough */ - case AUDIT_LIST_RULES: - err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, + err = audit_rule_change(msg_type, NETLINK_CB(skb).portid, seq, data, nlmsg_len(nlh)); break; + case AUDIT_LIST_RULES: + err = audit_list_rules_send(NETLINK_CB(skb).portid, seq); + break; case AUDIT_TRIM: audit_trim_trees(); audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index d085cfbe416e..6cc8240b7aaf 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1023,47 +1023,20 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re } /** - * audit_receive_filter - apply all rules to the specified message type + * audit_rule_change - apply all rules to the specified message type * @type: audit message type * @portid: target port id for netlink audit messages * @seq: netlink audit message sequence (serial) number * @data: payload data * @datasz: size of payload data */ -int audit_receive_filter(int type, __u32 portid, int seq, void *data, - size_t datasz) +int audit_rule_change(int type, __u32 portid, int seq, void *data, + size_t datasz) { - struct task_struct *tsk; - struct audit_netlink_list *dest; int err = 0; struct audit_entry *entry; switch (type) { - case AUDIT_LIST_RULES: - /* We can't just spew out the rules here because we might fill - * the available socket buffer space and deadlock waiting for - * auditctl to read from it... which isn't ever going to - * happen if we're actually running in the context of auditctl - * trying to _send_ the stuff */ - - dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); - if (!dest) - return -ENOMEM; - dest->portid = portid; - dest->pid = task_pid_vnr(current); - skb_queue_head_init(&dest->q); - - mutex_lock(&audit_filter_mutex); - audit_list_rules(portid, seq, &dest->q); - mutex_unlock(&audit_filter_mutex); - - tsk = kthread_run(audit_send_list, dest, "audit_send_list"); - if (IS_ERR(tsk)) { - skb_queue_purge(&dest->q); - kfree(dest); - err = PTR_ERR(tsk); - } - break; case AUDIT_ADD_RULE: entry = audit_data_to_entry(data, datasz); if (IS_ERR(entry)) @@ -1090,6 +1063,44 @@ int audit_receive_filter(int type, __u32 portid, int seq, void *data, return err; } +/** + * audit_list_rules_send - list the audit rules + * @portid: target portid for netlink audit messages + * @seq: netlink audit message sequence (serial) number + */ +int audit_list_rules_send(__u32 portid, int seq) +{ + struct task_struct *tsk; + struct audit_netlink_list *dest; + int err = 0; + + /* We can't just spew out the rules here because we might fill + * the available socket buffer space and deadlock waiting for + * auditctl to read from it... which isn't ever going to + * happen if we're actually running in the context of auditctl + * trying to _send_ the stuff */ + + dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); + if (!dest) + return -ENOMEM; + dest->portid = portid; + dest->pid = task_pid_vnr(current); + skb_queue_head_init(&dest->q); + + mutex_lock(&audit_filter_mutex); + audit_list_rules(portid, seq, &dest->q); + mutex_unlock(&audit_filter_mutex); + + tsk = kthread_run(audit_send_list, dest, "audit_send_list"); + if (IS_ERR(tsk)) { + skb_queue_purge(&dest->q); + kfree(dest); + err = PTR_ERR(tsk); + } + + return err; +} + int audit_comparator(u32 left, u32 op, u32 right) { switch (op) { -- cgit v1.2.3 From 4440e8548153e9e6d56db9abe6f3bc0e5b9eb74f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 27 Nov 2013 17:35:17 -0500 Subject: audit: convert all sessionid declaration to unsigned int Right now the sessionid value in the kernel is a combination of u32, int, and unsigned int. Just use unsigned int throughout. Signed-off-by: Eric Paris Signed-off-by: Richard Guy Briggs Signed-off-by: Eric Paris --- drivers/tty/tty_audit.c | 2 +- include/linux/init_task.h | 2 +- include/net/netlabel.h | 2 +- include/net/xfrm.h | 20 ++++++++++---------- kernel/audit.c | 2 +- kernel/auditfilter.c | 2 +- kernel/auditsc.c | 2 +- net/xfrm/xfrm_policy.c | 8 ++++---- net/xfrm/xfrm_state.c | 6 +++--- net/xfrm/xfrm_user.c | 12 ++++++------ 10 files changed, 29 insertions(+), 29 deletions(-) (limited to 'include') diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index a4fdce74f883..b0e540137e39 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c @@ -67,7 +67,7 @@ static void tty_audit_log(const char *description, int major, int minor, struct task_struct *tsk = current; uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); - u32 sessionid = audit_get_sessionid(tsk); + unsigned int sessionid = audit_get_sessionid(tsk); ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); if (ab) { diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 5cd0f0949927..a143df5ee548 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -95,7 +95,7 @@ extern struct group_info init_groups; #ifdef CONFIG_AUDITSYSCALL #define INIT_IDS \ .loginuid = INVALID_UID, \ - .sessionid = -1, + .sessionid = (unsigned int)-1, #else #define INIT_IDS #endif diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 2c95d55f7914..97e6dcaf12bb 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -111,7 +111,7 @@ struct cipso_v4_doi; struct netlbl_audit { u32 secid; kuid_t loginuid; - u32 sessionid; + unsigned int sessionid; }; /* diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e253bf0cc7ef..f8d32b908423 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -679,7 +679,7 @@ struct xfrm_spi_skb_cb { struct xfrm_audit { u32 secid; kuid_t loginuid; - u32 sessionid; + unsigned int sessionid; }; #ifdef CONFIG_AUDITSYSCALL @@ -697,7 +697,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op) return audit_buf; } -static inline void xfrm_audit_helper_usrinfo(kuid_t auid, u32 ses, u32 secid, +static inline void xfrm_audit_helper_usrinfo(kuid_t auid, unsigned int ses, u32 secid, struct audit_buffer *audit_buf) { char *secctx; @@ -714,13 +714,13 @@ static inline void xfrm_audit_helper_usrinfo(kuid_t auid, u32 ses, u32 secid, } extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, - kuid_t auid, u32 ses, u32 secid); + kuid_t auid, unsigned int ses, u32 secid); extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, - kuid_t auid, u32 ses, u32 secid); + kuid_t auid, unsigned int ses, u32 secid); extern void xfrm_audit_state_add(struct xfrm_state *x, int result, - kuid_t auid, u32 ses, u32 secid); + kuid_t auid, unsigned int ses, u32 secid); extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, - kuid_t auid, u32 ses, u32 secid); + kuid_t auid, unsigned int ses, u32 secid); extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, struct sk_buff *skb); extern void xfrm_audit_state_replay(struct xfrm_state *x, @@ -733,22 +733,22 @@ extern void xfrm_audit_state_icvfail(struct xfrm_state *x, #else static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, - kuid_t auid, u32 ses, u32 secid) + kuid_t auid, unsigned int ses, u32 secid) { } static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, - kuid_t auid, u32 ses, u32 secid) + kuid_t auid, unsigned int ses, u32 secid) { } static inline void xfrm_audit_state_add(struct xfrm_state *x, int result, - kuid_t auid, u32 ses, u32 secid) + kuid_t auid, unsigned int ses, u32 secid) { } static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result, - kuid_t auid, u32 ses, u32 secid) + kuid_t auid, unsigned int ses, u32 secid) { } diff --git a/kernel/audit.c b/kernel/audit.c index 25e4ed016793..ce8514f9aa6c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1611,7 +1611,7 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, void audit_log_session_info(struct audit_buffer *ab) { - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current)); audit_log_format(ab, " auid=%u ses=%u", auid, sessionid); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6cc8240b7aaf..629834aa4ca4 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1005,7 +1005,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re { struct audit_buffer *ab; uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current)); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); if (!audit_enabled) return; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 05634b3ba244..5c237343cd9b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2011,7 +2011,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) - sessionid = atomic_inc_return(&session_id); + sessionid = (unsigned int)atomic_inc_return(&session_id); task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 76e1873811d4..767c74a91db3 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -2899,12 +2899,12 @@ static void xfrm_policy_fini(struct net *net) flush_work(&net->xfrm.policy_hash_work); #ifdef CONFIG_XFRM_SUB_POLICY audit_info.loginuid = INVALID_UID; - audit_info.sessionid = -1; + audit_info.sessionid = (unsigned int)-1; audit_info.secid = 0; xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info); #endif audit_info.loginuid = INVALID_UID; - audit_info.sessionid = -1; + audit_info.sessionid = (unsigned int)-1; audit_info.secid = 0; xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); @@ -3010,7 +3010,7 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, } void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, - kuid_t auid, u32 sessionid, u32 secid) + kuid_t auid, unsigned int sessionid, u32 secid) { struct audit_buffer *audit_buf; @@ -3025,7 +3025,7 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, - kuid_t auid, u32 sessionid, u32 secid) + kuid_t auid, unsigned int sessionid, u32 secid) { struct audit_buffer *audit_buf; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index b9c3f9e943a9..dbf0719df5b0 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2043,7 +2043,7 @@ void xfrm_state_fini(struct net *net) flush_work(&net->xfrm.state_hash_work); audit_info.loginuid = INVALID_UID; - audit_info.sessionid = -1; + audit_info.sessionid = (unsigned int)-1; audit_info.secid = 0; xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info); flush_work(&net->xfrm.state_gc_work); @@ -2109,7 +2109,7 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, } void xfrm_audit_state_add(struct xfrm_state *x, int result, - kuid_t auid, u32 sessionid, u32 secid) + kuid_t auid, unsigned int sessionid, u32 secid) { struct audit_buffer *audit_buf; @@ -2124,7 +2124,7 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result, EXPORT_SYMBOL_GPL(xfrm_audit_state_add); void xfrm_audit_state_delete(struct xfrm_state *x, int result, - kuid_t auid, u32 sessionid, u32 secid) + kuid_t auid, unsigned int sessionid, u32 secid) { struct audit_buffer *audit_buf; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index f964d4c00ffb..ec97e13743e6 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -600,7 +600,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, int err; struct km_event c; kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; err = verify_newsa_info(p, attrs); @@ -679,7 +679,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct km_event c; struct xfrm_usersa_id *p = nlmsg_data(nlh); kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; x = xfrm_user_state_lookup(net, p, attrs, &err); @@ -1405,7 +1405,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, int err; int excl; kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; err = verify_newpolicy_info(p); @@ -1663,7 +1663,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, } } else { kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; security_task_getsecid(current, &sid); @@ -1959,7 +1959,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, err = 0; if (up->hard) { kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; security_task_getsecid(current, &sid); @@ -2002,7 +2002,7 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, if (ue->hard) { kuid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); + unsigned int sessionid = audit_get_sessionid(current); u32 sid; security_task_getsecid(current, &sid); -- cgit v1.2.3 From 70249a9cfdb405f654708699c679c6774efb31d8 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Mon, 13 Jan 2014 16:48:45 -0500 Subject: audit: use define's for audit version Give names to the audit versions. Just something for a userspace programmer to know what the version provides. Signed-off-by: Eric Paris --- include/uapi/linux/audit.h | 5 +++++ kernel/audit.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 14afb0d22902..3e1fbe933016 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -320,6 +320,11 @@ enum { #define AUDIT_STATUS_RATE_LIMIT 0x0008 #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 + +#define AUDIT_VERSION_BACKLOG_LIMIT 1 +#define AUDIT_VERSION_BACKLOG_WAIT_TIME 2 +#define AUDIT_VERSION_LATEST AUDIT_VERSION_BACKLOG_WAIT_TIME + /* Failure-to-log actions */ #define AUDIT_FAIL_SILENT 0 #define AUDIT_FAIL_PRINTK 1 diff --git a/kernel/audit.c b/kernel/audit.c index 57d47f08ed15..b6717231d3d4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -792,7 +792,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) s.backlog_limit = audit_backlog_limit; s.lost = atomic_read(&audit_lost); s.backlog = skb_queue_len(&audit_skb_queue); - s.version = 2; + s.version = AUDIT_VERSION_LATEST; s.backlog_wait_time = audit_backlog_wait_time; audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); -- cgit v1.2.3 From 06bdadd7634551cfe8ce071fe44d0311b3033d9e Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Mon, 13 Jan 2014 13:33:09 -0800 Subject: audit: correct a type mismatch in audit_syscall_exit() audit_syscall_exit() saves a result of regs_return_value() in intermediate "int" variable and passes it to __audit_syscall_exit(), which expects its second argument as a "long" value. This will result in truncating the value returned by a system call and making a wrong audit record. I don't know why gcc compiler doesn't complain about this, but anyway it causes a problem at runtime on arm64 (and probably most 64-bit archs). Signed-off-by: AKASHI Takahiro Cc: Al Viro Cc: Eric Paris Cc: Signed-off-by: Andrew Morton Signed-off-by: Eric Paris --- include/linux/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 697621975b8d..98fe8a26a601 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -137,7 +137,7 @@ static inline void audit_syscall_exit(void *pt_regs) { if (unlikely(current->audit_context)) { int success = is_syscall_success(pt_regs); - int return_code = regs_return_value(pt_regs); + long return_code = regs_return_value(pt_regs); __audit_syscall_exit(success, return_code); } -- cgit v1.2.3 From 3e1d0bb6224f019893d1c498cc3327559d183674 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Tue, 14 Jan 2014 10:33:13 -0800 Subject: audit: Convert int limit uses to u32 The equivalent uapi struct uses __u32 so make the kernel uses u32 too. This can prevent some oddities where the limit is logged/emitted as a negative value. Convert kstrtol to kstrtouint to disallow negative values. Signed-off-by: Joe Perches [eparis: do not remove static from audit_default declaration] --- include/linux/audit.h | 2 +- kernel/audit.c | 49 +++++++++++++++++++++++++------------------------ kernel/audit.h | 2 +- 3 files changed, 27 insertions(+), 26 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 98fe8a26a601..aa865a9a4c4f 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -465,7 +465,7 @@ extern int audit_rule_change(int type, __u32 portid, int seq, void *data, size_t datasz); extern int audit_list_rules_send(__u32 portid, int seq); -extern int audit_enabled; +extern u32 audit_enabled; #else /* CONFIG_AUDIT */ static inline __printf(4, 5) void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, diff --git a/kernel/audit.c b/kernel/audit.c index 5f4766f5216d..2df247dd2432 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -79,16 +79,16 @@ static int audit_initialized; #define AUDIT_OFF 0 #define AUDIT_ON 1 #define AUDIT_LOCKED 2 -int audit_enabled; -int audit_ever_enabled; +u32 audit_enabled; +u32 audit_ever_enabled; EXPORT_SYMBOL_GPL(audit_enabled); /* Default state when kernel boots without any parameters. */ -static int audit_default; +static u32 audit_default; /* If auditing cannot proceed, audit_failure selects what happens. */ -static int audit_failure = AUDIT_FAIL_PRINTK; +static u32 audit_failure = AUDIT_FAIL_PRINTK; /* * If audit records are to be written to the netlink socket, audit_pid @@ -101,14 +101,14 @@ static __u32 audit_nlk_portid; /* If audit_rate_limit is non-zero, limit the rate of sending audit records * to that number per second. This prevents DoS attacks, but results in * audit records being dropped. */ -static int audit_rate_limit; +static u32 audit_rate_limit; /* Number of outstanding audit_buffers allowed. * When set to zero, this means unlimited. */ -static int audit_backlog_limit = 64; +static u32 audit_backlog_limit = 64; #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) -static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; -static int audit_backlog_wait_overflow = 0; +static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; +static u32 audit_backlog_wait_overflow = 0; /* The identity of the user shutting down the audit system. */ kuid_t audit_sig_uid = INVALID_UID; @@ -272,7 +272,7 @@ void audit_log_lost(const char *message) if (print) { if (printk_ratelimit()) - pr_warn("audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n", + pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n", atomic_read(&audit_lost), audit_rate_limit, audit_backlog_limit); @@ -280,7 +280,7 @@ void audit_log_lost(const char *message) } } -static int audit_log_config_change(char *function_name, int new, int old, +static int audit_log_config_change(char *function_name, u32 new, u32 old, int allow_changes) { struct audit_buffer *ab; @@ -289,7 +289,7 @@ static int audit_log_config_change(char *function_name, int new, int old, ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return rc; - audit_log_format(ab, "%s=%d old=%d", function_name, new, old); + audit_log_format(ab, "%s=%u old=%u", function_name, new, old); audit_log_session_info(ab); rc = audit_log_task_context(ab); if (rc) @@ -299,9 +299,10 @@ static int audit_log_config_change(char *function_name, int new, int old, return rc; } -static int audit_do_config_change(char *function_name, int *to_change, int new) +static int audit_do_config_change(char *function_name, u32 *to_change, u32 new) { - int allow_changes, rc = 0, old = *to_change; + int allow_changes, rc = 0; + u32 old = *to_change; /* check if we are locked */ if (audit_enabled == AUDIT_LOCKED) @@ -324,23 +325,23 @@ static int audit_do_config_change(char *function_name, int *to_change, int new) return rc; } -static int audit_set_rate_limit(int limit) +static int audit_set_rate_limit(u32 limit) { return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit); } -static int audit_set_backlog_limit(int limit) +static int audit_set_backlog_limit(u32 limit) { return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); } -static int audit_set_backlog_wait_time(int timeout) +static int audit_set_backlog_wait_time(u32 timeout) { return audit_do_config_change("audit_backlog_wait_time", &audit_backlog_wait_time, timeout); } -static int audit_set_enabled(int state) +static int audit_set_enabled(u32 state) { int rc; if (state < AUDIT_OFF || state > AUDIT_LOCKED) @@ -353,7 +354,7 @@ static int audit_set_enabled(int state) return rc; } -static int audit_set_failure(int state) +static int audit_set_failure(u32 state) { if (state != AUDIT_FAIL_SILENT && state != AUDIT_FAIL_PRINTK @@ -688,7 +689,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); audit_log_task_info(ab, current); - audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d", + audit_log_format(ab, "feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", audit_feature_names[which], !!old_feature, !!new_feature, !!old_lock, !!new_lock, res); audit_log_end(ab); @@ -1144,16 +1145,16 @@ __setup("audit=", audit_enable); * audit_backlog_limit= */ static int __init audit_backlog_limit_set(char *str) { - long int audit_backlog_limit_arg; + u32 audit_backlog_limit_arg; pr_info("audit_backlog_limit: "); - if (kstrtol(str, 0, &audit_backlog_limit_arg)) { - pr_cont("using default of %d, unable to parse %s\n", + if (kstrtouint(str, 0, &audit_backlog_limit_arg)) { + pr_cont("using default of %u, unable to parse %s\n", audit_backlog_limit, str); return 1; } - if (audit_backlog_limit_arg >= 0) - audit_backlog_limit = (int)audit_backlog_limit_arg; + + audit_backlog_limit = audit_backlog_limit_arg; pr_cont("%d\n", audit_backlog_limit); return 1; diff --git a/kernel/audit.h b/kernel/audit.h index 0719b4547221..57cc64d67718 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -209,7 +209,7 @@ struct audit_context { #endif }; -extern int audit_ever_enabled; +extern u32 audit_ever_enabled; extern void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, -- cgit v1.2.3 From 262fd3aad61100cb4f281efa292374817c25a479 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Fri, 17 Jan 2014 17:05:03 +0900 Subject: audit: Modify a set of system calls in audit class definitions Each asm-generic/audit_xx.h defines a set of system calls for respective audit permission class (read, write, change attribute or exec). This patch changes two entries: 1) fchown in audit_change_attr.h Make fchown included by its own because in asm-generic/unistd.h, for example, fchown always exists while chown is optional. This change is necessary at least for arm64. 2) truncate64 in audit_write.h Add missing truncate64/ftruncate64 as well as truncate/ftruncate Signed-off-by: AKASHI Takahiro Acked-by: Will Deacon Signed-off-by: Eric Paris --- include/asm-generic/audit_change_attr.h | 4 +++- include/asm-generic/audit_write.h | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h index 89b73e5d0fd0..a1865537339b 100644 --- a/include/asm-generic/audit_change_attr.h +++ b/include/asm-generic/audit_change_attr.h @@ -4,9 +4,11 @@ __NR_chmod, __NR_fchmod, #ifdef __NR_chown __NR_chown, -__NR_fchown, __NR_lchown, #endif +#ifdef __NR_fchown +__NR_fchown, +#endif __NR_setxattr, __NR_lsetxattr, __NR_fsetxattr, diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h index e7020c57b13b..274575d7129f 100644 --- a/include/asm-generic/audit_write.h +++ b/include/asm-generic/audit_write.h @@ -10,6 +10,12 @@ __NR_truncate, #ifdef __NR_truncate64 __NR_truncate64, #endif +#ifdef __NR_ftruncate +__NR_ftruncate, +#endif +#ifdef __NR_ftruncate64 +__NR_ftruncate64, +#endif #ifdef __NR_bind __NR_bind, /* bind can affect fs object only in one way... */ #endif -- cgit v1.2.3