audit/stable-5.11 PR 20201214
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAl/YBw4UHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNndg/+JyEYzO+B0y0+0iTeUmBgLB1Hsbvt 2RlQe8sZo3nBLr96hty4jwRUNdudUSKwKxXjIEr9DplNTpMd3/DzIMb92b00vVIi kBMDawsgtrAmWBE99Jo8YtL2vKbr5e5XlCjD1iH4UdfPvHemusMzGSMfzSetAgLU JTe0vzgdE46Y4peELTOGeCosO3WC2j4QU6B1QW4rFQEUr9AlN3c2Q40JEPUCKPCU 3cLRWPQTmr9yiKis1i5HD7mHKqseSgvlxnl1SCboWSEJVbdfg+ceK4ugI7gXbweL EXxBDFJxuQEk5ENPu6MUZDgbcy7ROXMpE1TyFx8+SHxQJSmNiylddg/dZMbUk9Cs dLNkWMQbol827XdhcbXun5KVRGzh4sTwDL9QnxCfPtxpjGuYdQmXUTFnePgLVBH3 Ial4mTGOOd37m6a7peAPtnjgR4W1jugoZQMSp//bOKTQvaZlDnWnoPGhgJENDELs Ys+tpsam+CjvoPzGfMRF/DQhk4QZtMhlFyd5H+6EeBh8K6WJepXTg+fMpBgXAKat Cy1YS5O0vKE+y2J0SKds/Gd7skTREN2QiYdVWo7LX8Vp8hWI9ClZiJHBO3QOQGI3 2hJBPTzZ4qex6F2kSX6O17MFd/eOBLhTf+V+X5JjlE/YPQyYXxGvlSbCW0tVVyzW xFgeevnwl1aOlPU= =J+S/ -----END PGP SIGNATURE----- Merge tag 'audit-pr-20201214' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: "A small set of audit patches for v5.11 with four patches in total and only one of any real significance. Richard's patch to trigger accompanying records causes the kernel to emit additional related records when an audit event occurs; helping provide some much needed context to events in the audit log. It is also worth mentioning that this is a revised patch based on an earlier attempt that had to be reverted in the v5.8 time frame. Everything passes our test suite, and with no problems reported please merge this for v5.11" * tag 'audit-pr-20201214' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: replace atomic_add_return() audit: fix macros warnings audit: trigger accompanying records when no rules present audit: fix a kernel-doc markup
This commit is contained in:
commit
3d5de2ddc6
|
@ -292,7 +292,6 @@ extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
|
|||
extern void __audit_syscall_exit(int ret_success, long ret_value);
|
||||
extern struct filename *__audit_reusename(const __user char *uptr);
|
||||
extern void __audit_getname(struct filename *name);
|
||||
extern void __audit_getcwd(void);
|
||||
extern void __audit_inode(struct filename *name, const struct dentry *dentry,
|
||||
unsigned int flags);
|
||||
extern void __audit_file(const struct file *);
|
||||
|
@ -351,11 +350,6 @@ static inline void audit_getname(struct filename *name)
|
|||
if (unlikely(!audit_dummy_context()))
|
||||
__audit_getname(name);
|
||||
}
|
||||
static inline void audit_getcwd(void)
|
||||
{
|
||||
if (unlikely(audit_context()))
|
||||
__audit_getcwd();
|
||||
}
|
||||
static inline void audit_inode(struct filename *name,
|
||||
const struct dentry *dentry,
|
||||
unsigned int aflags) {
|
||||
|
@ -584,8 +578,6 @@ static inline struct filename *audit_reusename(const __user char *name)
|
|||
}
|
||||
static inline void audit_getname(struct filename *name)
|
||||
{ }
|
||||
static inline void audit_getcwd(void)
|
||||
{ }
|
||||
static inline void audit_inode(struct filename *name,
|
||||
const struct dentry *dentry,
|
||||
unsigned int aflags)
|
||||
|
|
|
@ -67,7 +67,7 @@
|
|||
#define AUDIT_DISABLED -1
|
||||
#define AUDIT_UNINITIALIZED 0
|
||||
#define AUDIT_INITIALIZED 1
|
||||
static int audit_initialized;
|
||||
static int audit_initialized = AUDIT_UNINITIALIZED;
|
||||
|
||||
u32 audit_enabled = AUDIT_OFF;
|
||||
bool audit_ever_enabled = !!AUDIT_OFF;
|
||||
|
@ -523,7 +523,7 @@ static int auditd_set(struct pid *pid, u32 portid, struct net *net)
|
|||
}
|
||||
|
||||
/**
|
||||
* kauditd_print_skb - Print the audit record to the ring buffer
|
||||
* kauditd_printk_skb - Print the audit record to the ring buffer
|
||||
* @skb: audit record
|
||||
*
|
||||
* Whatever the reason, this packet may not make it to the auditd connection
|
||||
|
@ -1779,7 +1779,7 @@ unsigned int audit_serial(void)
|
|||
{
|
||||
static atomic_t serial = ATOMIC_INIT(0);
|
||||
|
||||
return atomic_add_return(1, &serial);
|
||||
return atomic_inc_return(&serial);
|
||||
}
|
||||
|
||||
static inline void audit_get_stamp(struct audit_context *ctx,
|
||||
|
@ -1865,6 +1865,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
|
|||
}
|
||||
|
||||
audit_get_stamp(ab->ctx, &t, &serial);
|
||||
/* cancel dummy context to enable supporting records */
|
||||
if (ctx)
|
||||
ctx->dummy = 0;
|
||||
audit_log_format(ab, "audit(%llu.%03lu:%u): ",
|
||||
(unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial);
|
||||
|
||||
|
|
|
@ -102,8 +102,6 @@ struct audit_aux_data {
|
|||
int type;
|
||||
};
|
||||
|
||||
#define AUDIT_AUX_IPCPERM 0
|
||||
|
||||
/* Number of target pids per aux struct. */
|
||||
#define AUDIT_AUX_PIDS 16
|
||||
|
||||
|
@ -552,11 +550,11 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
break;
|
||||
|
||||
case AUDIT_EXIT:
|
||||
if (ctx && ctx->return_valid)
|
||||
if (ctx && ctx->return_valid != AUDITSC_INVALID)
|
||||
result = audit_comparator(ctx->return_code, f->op, f->val);
|
||||
break;
|
||||
case AUDIT_SUCCESS:
|
||||
if (ctx && ctx->return_valid) {
|
||||
if (ctx && ctx->return_valid != AUDITSC_INVALID) {
|
||||
if (f->val)
|
||||
result = audit_comparator(ctx->return_valid, f->op, AUDITSC_SUCCESS);
|
||||
else
|
||||
|
@ -929,6 +927,8 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state)
|
|||
context->prio = state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
|
||||
INIT_LIST_HEAD(&context->killed_trees);
|
||||
INIT_LIST_HEAD(&context->names_list);
|
||||
context->fds[0] = -1;
|
||||
context->return_valid = AUDITSC_INVALID;
|
||||
return context;
|
||||
}
|
||||
|
||||
|
@ -1367,7 +1367,10 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
|
|||
/* name was specified as a relative path and the
|
||||
* directory component is the cwd
|
||||
*/
|
||||
audit_log_d_path(ab, " name=", &context->pwd);
|
||||
if (context->pwd.dentry && context->pwd.mnt)
|
||||
audit_log_d_path(ab, " name=", &context->pwd);
|
||||
else
|
||||
audit_log_format(ab, " name=(null)");
|
||||
break;
|
||||
default:
|
||||
/* log the name's directory component */
|
||||
|
@ -1435,9 +1438,6 @@ static void audit_log_proctitle(void)
|
|||
struct audit_context *context = audit_context();
|
||||
struct audit_buffer *ab;
|
||||
|
||||
if (!context || context->dummy)
|
||||
return;
|
||||
|
||||
ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE);
|
||||
if (!ab)
|
||||
return; /* audit_panic or being filtered */
|
||||
|
@ -1487,7 +1487,7 @@ static void audit_log_exit(void)
|
|||
context->arch, context->major);
|
||||
if (context->personality != PER_LINUX)
|
||||
audit_log_format(ab, " per=%lx", context->personality);
|
||||
if (context->return_valid)
|
||||
if (context->return_valid != AUDITSC_INVALID)
|
||||
audit_log_format(ab, " success=%s exit=%ld",
|
||||
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
|
||||
context->return_code);
|
||||
|
@ -1624,7 +1624,7 @@ void __audit_free(struct task_struct *tsk)
|
|||
* need to log via audit_log_exit().
|
||||
*/
|
||||
if (tsk == current && !context->dummy && context->in_syscall) {
|
||||
context->return_valid = 0;
|
||||
context->return_valid = AUDITSC_INVALID;
|
||||
context->return_code = 0;
|
||||
|
||||
audit_filter_syscall(tsk, context,
|
||||
|
@ -1866,6 +1866,8 @@ static struct audit_names *audit_alloc_name(struct audit_context *context,
|
|||
list_add_tail(&aname->list, &context->names_list);
|
||||
|
||||
context->name_count++;
|
||||
if (!context->pwd.dentry)
|
||||
get_fs_pwd(current->fs, &context->pwd);
|
||||
return aname;
|
||||
}
|
||||
|
||||
|
@ -1894,20 +1896,6 @@ __audit_reusename(const __user char *uptr)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
inline void _audit_getcwd(struct audit_context *context)
|
||||
{
|
||||
if (!context->pwd.dentry)
|
||||
get_fs_pwd(current->fs, &context->pwd);
|
||||
}
|
||||
|
||||
void __audit_getcwd(void)
|
||||
{
|
||||
struct audit_context *context = audit_context();
|
||||
|
||||
if (context->in_syscall)
|
||||
_audit_getcwd(context);
|
||||
}
|
||||
|
||||
/**
|
||||
* __audit_getname - add a name to the list
|
||||
* @name: name to add
|
||||
|
@ -1931,8 +1919,6 @@ void __audit_getname(struct filename *name)
|
|||
n->name_len = AUDIT_NAME_FULL;
|
||||
name->aname = n;
|
||||
name->refcnt++;
|
||||
|
||||
_audit_getcwd(context);
|
||||
}
|
||||
|
||||
static inline int audit_copy_fcaps(struct audit_names *name,
|
||||
|
|
|
@ -241,7 +241,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
||||
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
||||
}
|
||||
audit_getcwd();
|
||||
break;
|
||||
}
|
||||
case LSM_AUDIT_DATA_FILE: {
|
||||
|
@ -255,7 +254,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
||||
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
||||
}
|
||||
audit_getcwd();
|
||||
break;
|
||||
}
|
||||
case LSM_AUDIT_DATA_IOCTL_OP: {
|
||||
|
@ -271,7 +269,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||
}
|
||||
|
||||
audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
|
||||
audit_getcwd();
|
||||
break;
|
||||
}
|
||||
case LSM_AUDIT_DATA_DENTRY: {
|
||||
|
@ -286,7 +283,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
||||
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
||||
}
|
||||
audit_getcwd();
|
||||
break;
|
||||
}
|
||||
case LSM_AUDIT_DATA_INODE: {
|
||||
|
@ -304,7 +300,6 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
|||
audit_log_format(ab, " dev=");
|
||||
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
||||
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
||||
audit_getcwd();
|
||||
break;
|
||||
}
|
||||
case LSM_AUDIT_DATA_TASK: {
|
||||
|
|
Loading…
Reference in New Issue