audit: fix netlink portid naming and types

Normally, netlink ports use the PID of the userspace process as the port ID. If the PID is already in use by a port, the kernel will allocate another port ID to avoid conflict. Re-name all references to netlink ports from pid to portid to reflect this reality and avoid confusion with actual PIDs. Ports use the __u32 type, so re-type all portids accordingly. (This patch is very similar to ebiederman's 5deadd69) Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2025-01-06 05:13:18 +00:00 · 2013-08-14 11:32:45 -04:00 · 2013-08-14 11:32:45 -04:00 · f9441639e6
commit f9441639e6
parent ca24a23ebc
4 changed files with 31 additions and 29 deletions
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@ -461,7 +461,7 @@ extern int		    audit_update_lsm_rules(void);
 				/* Private API (for audit.c only) */
 extern int audit_filter_user(int type);
 extern int audit_filter_type(int type);
-extern int  audit_receive_filter(int type, int pid, int seq,
+extern int  audit_receive_filter(int type, __u32 portid, int seq,
 				void *data, size_t datasz);
 extern int audit_enabled;
 #else /* CONFIG_AUDIT */
--- a/kernel/audit.c
+++ b/kernel/audit.c
@ -93,7 +93,7 @@ static int	audit_failure = AUDIT_FAIL_PRINTK;
 * the portid to use to send netlink messages to that process.
 */
 int		audit_pid;
-static int	audit_nlk_portid;
+static __u32	audit_nlk_portid;
 /* If audit_rate_limit is non-zero, limit the rate of sending audit records
 * to that number per second.  This prevents DoS attacks, but results in
@ -175,15 +175,15 @@ struct audit_buffer {
 };
 struct audit_reply {
-	int pid;
+	__u32 portid;
 	struct sk_buff *skb;
 };
-static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
+static void audit_set_portid(struct audit_buffer *ab, __u32 portid)
 {
 	if (ab) {
 		struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
-		nlh->nlmsg_pid = pid;
+		nlh->nlmsg_pid = portid;
 	}
 }
@ -482,7 +482,7 @@ static int kauditd_thread(void *dummy)
 int audit_send_list(void *_dest)
 {
 	struct audit_netlink_list *dest = _dest;
-	int pid = dest->pid;
+	__u32 portid = dest->portid;
 	struct sk_buff *skb;
 	/* wait for parent to finish and send an ACK */
@ -490,14 +490,14 @@ int audit_send_list(void *_dest)
 	mutex_unlock(&audit_cmd_mutex);
 	while ((skb = __skb_dequeue(&dest->q)) != NULL)
-		netlink_unicast(audit_sock, skb, pid, 0);
+		netlink_unicast(audit_sock, skb, portid, 0);
 	kfree(dest);
 	return 0;
 }
-struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
+struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done,
 				 int multi, const void *payload, int size)
 {
 	struct sk_buff	*skb;
@ -510,7 +510,7 @@ struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
 	if (!skb)
 		return NULL;
-	nlh	= nlmsg_put(skb, pid, seq, t, size, flags);
+	nlh	= nlmsg_put(skb, portid, seq, t, size, flags);
 	if (!nlh)
 		goto out_kfree_skb;
 	data = nlmsg_data(nlh);
@ -531,13 +531,13 @@ static int audit_send_reply_thread(void *arg)
 	/* Ignore failure. It'll only happen if the sender goes away,
 	   because our timeout is set to infinite. */
-	netlink_unicast(audit_sock, reply->skb, reply->pid, 0);
+	netlink_unicast(audit_sock, reply->skb, reply->portid, 0);
 	kfree(reply);
 	return 0;
 }
 /**
 * audit_send_reply - send an audit reply message via netlink
- * @pid: process id to send reply to
+ * @portid: netlink port to which to send reply
 * @seq: sequence number
 * @type: audit message type
 * @done: done (last) flag
@ -545,11 +545,11 @@ static int audit_send_reply_thread(void *arg)
 * @payload: payload data
 * @size: payload size
 *
- * Allocates an skb, builds the netlink message, and sends it to the pid.
+ * Allocates an skb, builds the netlink message, and sends it to the port id.
 * No failure notifications.
 */
-static void audit_send_reply(int pid, int seq, int type, int done, int multi,
+static void audit_send_reply(__u32 portid, int seq, int type, int done,
-			     const void *payload, int size)
+			     int multi, const void *payload, int size)
 {
 	struct sk_buff *skb;
 	struct task_struct *tsk;
@ -559,11 +559,11 @@ static void audit_send_reply(int pid, int seq, int type, int done, int multi,
 	if (!reply)
 		return;
-	skb = audit_make_reply(pid, seq, type, done, multi, payload, size);
+	skb = audit_make_reply(portid, seq, type, done, multi, payload, size);
 	if (!skb)
 		goto out;
-	reply->pid = pid;
+	reply->portid = portid;
 	reply->skb = skb;
 	tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
@ -839,7 +839,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 					size--;
 				audit_log_n_untrustedstring(ab, data, size);
 			}
-			audit_set_pid(ab, NETLINK_CB(skb).portid);
+			audit_set_portid(ab, NETLINK_CB(skb).portid);
 			audit_log_end(ab);
 		}
 		break;
--- a/kernel/audit.h
+++ b/kernel/audit.h
@ -240,13 +240,13 @@ extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right);
 extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right);
 extern int parent_len(const char *path);
 extern int audit_compare_dname_path(const char *dname, const char *path, int plen);
-extern struct sk_buff *	    audit_make_reply(int pid, int seq, int type,
+extern struct sk_buff *audit_make_reply(__u32 portid, int seq, int type,
-					     int done, int multi,
+					int done, int multi,
-					     const void *payload, int size);
+					const void *payload, int size);
 extern void		    audit_panic(const char *message);
 struct audit_netlink_list {
-	int pid;
+	__u32 portid;
 	struct sk_buff_head q;
 };
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@ -972,7 +972,7 @@ static inline int audit_del_rule(struct audit_entry *entry)
 }
 /* List rules using struct audit_rule_data. */
-static void audit_list_rules(int pid, int seq, struct sk_buff_head *q)
+static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q)
 {
 	struct sk_buff *skb;
 	struct audit_krule *r;
@ -987,14 +987,15 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q)
 			data = audit_krule_to_data(r);
 			if (unlikely(!data))
 				break;
-			skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 0, 1,
+			skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES,
-					 data, sizeof(*data) + data->buflen);
+					       0, 1, data,
 					       sizeof(*data) + data->buflen);
 			if (skb)
 				skb_queue_tail(q, skb);
 			kfree(data);
 		}
 	}
-	skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
+	skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
 	if (skb)
 		skb_queue_tail(q, skb);
 }
@ -1024,12 +1025,13 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
 /**
 * audit_receive_filter - apply all rules to the specified message type
 * @type: audit message type
- * @pid: target pid for netlink audit messages
+ * @portid: target port id for netlink audit messages
 * @seq: netlink audit message sequence (serial) number
 * @data: payload data
 * @datasz: size of payload data
 */
-int audit_receive_filter(int type, int pid, int seq, void *data, size_t datasz)
+int audit_receive_filter(int type, __u32 portid, int seq, void *data,
 			 size_t datasz)
 {
 	struct task_struct *tsk;
 	struct audit_netlink_list *dest;
@ -1047,11 +1049,11 @@ int audit_receive_filter(int type, int pid, int seq, void *data, size_t datasz)
 		dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL);
 		if (!dest)
 			return -ENOMEM;
-		dest->pid = pid;
+		dest->portid = portid;
 		skb_queue_head_init(&dest->q);
 		mutex_lock(&audit_filter_mutex);
-		audit_list_rules(pid, seq, &dest->q);
+		audit_list_rules(portid, seq, &dest->q);
 		mutex_unlock(&audit_filter_mutex);
 		tsk = kthread_run(audit_send_list, dest, "audit_send_list");