audit/stable-6.6 PR 20230829

-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmTuKIQUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMSahAA4o+mfGxcadExo8wsEFfizsQd0JS1
 6KpV8Gl9/uwPTCUmvjquFnTb5tbNFZ1X7jnj2g0+/ZHYPp9yJQqTKu7NX1Q9w+dE
 11tiipc4CyrcJpWrjBinNH27txjulLSCN1imMnRYLZOpk1AbXTwjuLjFBy2iTDtm
 8TAPj4vcKbi5MlcUodp/DGO6ysL75gTsLn5UUsHJhWbofz4ECay0heQoPeZ/MaW3
 gBPMRgt/REg8ikdR/ntFMOD6ywBZZ0Vsf/S+hNWGwHUgGxQ5H7rJBEFI65HL4Ur1
 c36UFRsypT1sFaIDbS/PrvpT3M48XwmqdmWNx5Z1dtJCCwNhuhsmEkXB+GEud2qM
 SOQQfMgfjKvnaLMPUmDePuAiSflSJj2AHo1HXlYxKFtybI1plJGiRoDX5jlsklCp
 JbwUJ2y7YlxNPIaZSBHYIUuniUDqET83cR2D3YJiU+2I9myg8Z5Amto8d4MFgf21
 f4qfm0SDBMvXYHUuhUry0/kuk2A0R89H4HUNcrGky+cSsaelpm06uaxj43B/M9Dp
 v1nSwDQpDtYKSt+16GUDfqq5BywjwMe4J7wlE9+YdTDrvuc2qUxZMky5GzZ55Wnl
 mbe6BVEBc19FhDeC3muhgV0jWCUGKuq6q+W+CRmxafyOMzX9NIDFaZf1KxkaesxD
 S9I7AYmT7fCghFQ=
 =tZaJ
 -----END PGP SIGNATURE-----

Merge tag 'audit-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:
 "Six audit patches, the highlights are:

   - Add an explicit cond_resched() call when generating PATH records

     Certain tracefs/debugfs operations can generate a *lot* of audit
     PATH entries and if one has an aggressive system configuration (not
     the default) this can cause a soft lockup in the audit code as it
     works to process all of these new entries.

     This is in sharp contrast to the common case where only one or two
     PATH entries are logged. In order to fix this corner case without
     excessively impacting the common case we're adding a single
     cond_rescued() call between two of the most intensive loops in the
     __audit_inode_child() function.

   - Various minor cleanups

     We removed a conditional header file as the included header already
     had the necessary logic in place, fixed a dummy function's return
     value, and the usual collection of checkpatch.pl noise (whitespace,
     brace, and trailing statement tweaks)"

* tag 'audit-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: move trailing statements to next line
  audit: cleanup function braces and assignment-in-if-condition
  audit: add space before parenthesis and around '=', "==", and '<'
  audit: fix possible soft lockup in __audit_inode_child()
  audit: correct audit_filter_inodes() definition
  audit: include security.h unconditionally
This commit is contained in:
Linus Torvalds 2023-08-30 08:17:35 -07:00
commit 3ea67c4f46
5 changed files with 21 additions and 17 deletions

View File

@ -470,7 +470,7 @@ static void fill_ac(acct_t *ac)
do_div(elapsed, AHZ);
btime = ktime_get_real_seconds() - elapsed;
ac->ac_btime = clamp_t(time64_t, btime, 0, U32_MAX);
#if ACCT_VERSION==2
#if ACCT_VERSION == 2
ac->ac_ahz = AHZ;
#endif

View File

@ -53,9 +53,7 @@
#include <net/sock.h>
#include <net/netlink.h>
#include <linux/skbuff.h>
#ifdef CONFIG_SECURITY
#include <linux/security.h>
#endif
#include <linux/freezer.h>
#include <linux/pid_namespace.h>
#include <net/netns/generic.h>
@ -323,7 +321,8 @@ static inline int audit_rate_check(void)
unsigned long now;
int retval = 0;
if (!audit_rate_limit) return 1;
if (!audit_rate_limit)
return 1;
spin_lock_irqsave(&lock, flags);
if (++messages < audit_rate_limit) {

View File

@ -334,7 +334,7 @@ static inline int audit_signal_info_syscall(struct task_struct *t)
return 0;
}
#define audit_filter_inodes(t, c) AUDIT_STATE_DISABLED
#define audit_filter_inodes(t, c) do { } while (0)
#endif /* CONFIG_AUDITSYSCALL */
extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len);

View File

@ -221,7 +221,7 @@ static int audit_match_signal(struct audit_entry *entry)
entry->rule.mask));
}
switch(audit_classify_arch(arch->val)) {
switch (audit_classify_arch(arch->val)) {
case 0: /* native */
return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
entry->rule.mask));
@ -243,7 +243,7 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *
err = -EINVAL;
listnr = rule->flags & ~AUDIT_FILTER_PREPEND;
switch(listnr) {
switch (listnr) {
default:
goto exit_err;
#ifdef CONFIG_AUDITSYSCALL
@ -344,7 +344,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
switch (entry->rule.listnr) {
case AUDIT_FILTER_FS:
switch(f->type) {
switch (f->type) {
case AUDIT_FSTYPE:
case AUDIT_FILTERKEY:
break;
@ -651,7 +651,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
data->fields[i] = f->type;
data->fieldflags[i] = audit_ops[f->op];
switch(f->type) {
switch (f->type) {
case AUDIT_SUBJ_USER:
case AUDIT_SUBJ_ROLE:
case AUDIT_SUBJ_TYPE:
@ -694,7 +694,8 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
data->values[i] = f->val;
}
}
for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i];
for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
data->mask[i] = krule->mask[i];
return data;
}
@ -717,7 +718,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
a->fields[i].op != b->fields[i].op)
return 1;
switch(a->fields[i].type) {
switch (a->fields[i].type) {
case AUDIT_SUBJ_USER:
case AUDIT_SUBJ_ROLE:
case AUDIT_SUBJ_TYPE:
@ -946,7 +947,7 @@ static inline int audit_add_rule(struct audit_entry *entry)
int dont_count = 0;
/* If any of these, don't count towards total */
switch(entry->rule.listnr) {
switch (entry->rule.listnr) {
case AUDIT_FILTER_USER:
case AUDIT_FILTER_EXCLUDE:
case AUDIT_FILTER_FS:
@ -1029,7 +1030,7 @@ int audit_del_rule(struct audit_entry *entry)
int dont_count = 0;
/* If any of these, don't count towards total */
switch(entry->rule.listnr) {
switch (entry->rule.listnr) {
case AUDIT_FILTER_USER:
case AUDIT_FILTER_EXCLUDE:
case AUDIT_FILTER_FS:
@ -1083,7 +1084,7 @@ static void audit_list_rules(int seq, struct sk_buff_head *q)
/* This is a blocking read, so use audit_filter_mutex instead of rcu
* iterator to sync with list writers. */
for (i=0; i<AUDIT_NR_FILTERS; i++) {
for (i = 0; i < AUDIT_NR_FILTERS; i++) {
list_for_each_entry(r, &audit_rules_list[i], list) {
struct audit_rule_data *data;

View File

@ -880,7 +880,8 @@ static void audit_filter_syscall(struct task_struct *tsk,
*/
static int audit_filter_inode_name(struct task_struct *tsk,
struct audit_names *n,
struct audit_context *ctx) {
struct audit_context *ctx)
{
int h = audit_hash_ino((u32)n->ino);
struct list_head *list = &audit_inode_hash[h];
@ -1064,7 +1065,8 @@ int audit_alloc(struct task_struct *tsk)
return 0;
}
if (!(context = audit_alloc_context(state))) {
context = audit_alloc_context(state);
if (!context) {
kfree(key);
audit_log_lost("out of memory in audit_alloc");
return -ENOMEM;
@ -2124,7 +2126,7 @@ static void handle_path(const struct dentry *dentry)
d = dentry;
rcu_read_lock();
seq = read_seqbegin(&rename_lock);
for(;;) {
for (;;) {
struct inode *inode = d_backing_inode(d);
if (inode && unlikely(inode->i_fsnotify_marks)) {
@ -2456,6 +2458,8 @@ void __audit_inode_child(struct inode *parent,
}
}
cond_resched();
/* is there a matching child entry? */
list_for_each_entry(n, &context->names_list, list) {
/* can only match entries that have a name */