Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge tag 'audit-pr-20170907' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"A small pull request for audit this time, only four patches and only
two with any real code changes.
Those two changes are the removal of a pointless SELinux AVC
initialization audit event and a fix to improve the audit timestamp
overhead.
The other two patches are comment cleanup and administrative updates,
nothing very exciting.
Everything passes our tests"
* tag 'audit-pr-20170907' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: update the function comments
selinux: remove AVC init audit log message
audit: update the audit info in MAINTAINERS
audit: Reduce overhead using a coarse clock
+4
-3
MAINTAINERS
+4
-3
MAINTAINERS
···
2413
2413
M: Paul Moore <paul@paul-moore.com>
2414
2414
M: Eric Paris <eparis@redhat.com>
2415
2415
L: linux-audit@redhat.com (moderated for non-subscribers)
2416
-
W: http://people.redhat.com/sgrubb/audit/
2417
-
T: git git://git.infradead.org/users/pcmoore/audit
2418
-
S: Maintained
2416
+
W: https://github.com/linux-audit
2417
+
W: https://people.redhat.com/sgrubb/audit
2418
+
T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
2419
+
S: Supported
2419
2420
F: include/linux/audit.h
2420
2421
F: include/uapi/linux/audit.h
2421
2422
F: kernel/audit*
+2
-2
kernel/audit.c
+2
-2
kernel/audit.c
···
1662
1662
struct timespec64 *t, unsigned int *serial)
1663
1663
{
1664
1664
if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
1665
-
ktime_get_real_ts64(t);
1665
+
*t = current_kernel_time64();
1666
1666
*serial = audit_serial();
1667
1667
}
1668
1668
}
···
1833
1833
}
1834
1834
1835
1835
/**
1836
-
* audit_log_hex - convert a buffer to hex and append it to the audit skb
1836
+
* audit_log_n_hex - convert a buffer to hex and append it to the audit skb
1837
1837
* @ab: the audit_buffer
1838
1838
* @buf: buffer to convert to hex
1839
1839
* @len: length of @buf to be converted
+10
-10
kernel/auditsc.c
+10
-10
kernel/auditsc.c
···
1462
1462
}
1463
1463
1464
1464
/**
1465
-
* audit_free - free a per-task audit context
1465
+
* __audit_free - free a per-task audit context
1466
1466
* @tsk: task whose audit context block to free
1467
1467
*
1468
1468
* Called from copy_process and do_exit
···
1489
1489
}
1490
1490
1491
1491
/**
1492
-
* audit_syscall_entry - fill in an audit record at syscall entry
1492
+
* __audit_syscall_entry - fill in an audit record at syscall entry
1493
1493
* @major: major syscall type (function)
1494
1494
* @a1: additional syscall register 1
1495
1495
* @a2: additional syscall register 2
···
1536
1536
return;
1537
1537
1538
1538
context->serial = 0;
1539
-
ktime_get_real_ts64(&context->ctime);
1539
+
context->ctime = current_kernel_time64();
1540
1540
context->in_syscall = 1;
1541
1541
context->current_state = state;
1542
1542
context->ppid = 0;
1543
1543
}
1544
1544
1545
1545
/**
1546
-
* audit_syscall_exit - deallocate audit context after a system call
1546
+
* __audit_syscall_exit - deallocate audit context after a system call
1547
1547
* @success: success value of the syscall
1548
1548
* @return_code: return value of the syscall
1549
1549
*
···
1705
1705
}
1706
1706
1707
1707
/**
1708
-
* audit_reusename - fill out filename with info from existing entry
1708
+
* __audit_reusename - fill out filename with info from existing entry
1709
1709
* @uptr: userland ptr to pathname
1710
1710
*
1711
1711
* Search the audit_names list for the current audit context. If there is an
···
1730
1730
}
1731
1731
1732
1732
/**
1733
-
* audit_getname - add a name to the list
1733
+
* __audit_getname - add a name to the list
1734
1734
* @name: name to add
1735
1735
*
1736
1736
* Add a name to the list of audit names for this context.
···
2135
2135
}
2136
2136
2137
2137
/**
2138
-
* audit_ipc_obj - record audit data for ipc object
2138
+
* __audit_ipc_obj - record audit data for ipc object
2139
2139
* @ipcp: ipc permissions
2140
2140
*
2141
2141
*/
···
2151
2151
}
2152
2152
2153
2153
/**
2154
-
* audit_ipc_set_perm - record audit data for new ipc permissions
2154
+
* __audit_ipc_set_perm - record audit data for new ipc permissions
2155
2155
* @qbytes: msgq bytes
2156
2156
* @uid: msgq user id
2157
2157
* @gid: msgq group id
···
2180
2180
2181
2181
2182
2182
/**
2183
-
* audit_socketcall - record audit data for sys_socketcall
2183
+
* __audit_socketcall - record audit data for sys_socketcall
2184
2184
* @nargs: number of args, which should not be more than AUDITSC_ARGS.
2185
2185
* @args: args array
2186
2186
*
···
2211
2211
}
2212
2212
2213
2213
/**
2214
-
* audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
2214
+
* __audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
2215
2215
* @len: data length in user space
2216
2216
* @a: data address in kernel space
2217
2217
*
-2
security/selinux/avc.c
-2
security/selinux/avc.c
···
197
197
avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
198
198
sizeof(struct extended_perms_data),
199
199
0, SLAB_PANIC, NULL);
200
-
201
-
audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
202
200
}
203
201
204
202
int avc_get_hash_stats(char *page)