tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
audit: Convert int limit uses to u32
The equivalent uapi struct uses __u32 so make the kernel
uses u32 too.
This can prevent some oddities where the limit is
logged/emitted as a negative value.
Convert kstrtol to kstrtouint to disallow negative values.
Signed-off-by: Joe Perches <joe@perches.com>
[eparis: do not remove static from audit_default declaration]
authored by
Joe Perches
and committed by
Eric Paris
3e1d0bb6
d957f7b7
+27
-26
+1
-1
include/linux/audit.h
+1
-1
include/linux/audit.h
···
465
465
void *data, size_t datasz);
466
466
extern int audit_list_rules_send(__u32 portid, int seq);
467
467
468
-
extern int audit_enabled;
468
+
extern u32 audit_enabled;
469
469
#else /* CONFIG_AUDIT */
470
470
static inline __printf(4, 5)
471
471
void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
+25
-24
kernel/audit.c
+25
-24
kernel/audit.c
···
79
79
#define AUDIT_OFF 0
80
80
#define AUDIT_ON 1
81
81
#define AUDIT_LOCKED 2
82
-
int audit_enabled;
83
-
int audit_ever_enabled;
82
+
u32 audit_enabled;
83
+
u32 audit_ever_enabled;
84
84
85
85
EXPORT_SYMBOL_GPL(audit_enabled);
86
86
87
87
/* Default state when kernel boots without any parameters. */
88
-
static int audit_default;
88
+
static u32 audit_default;
89
89
90
90
/* If auditing cannot proceed, audit_failure selects what happens. */
91
-
static int audit_failure = AUDIT_FAIL_PRINTK;
91
+
static u32 audit_failure = AUDIT_FAIL_PRINTK;
92
92
93
93
/*
94
94
* If audit records are to be written to the netlink socket, audit_pid
···
101
101
/* If audit_rate_limit is non-zero, limit the rate of sending audit records
102
102
* to that number per second. This prevents DoS attacks, but results in
103
103
* audit records being dropped. */
104
-
static int audit_rate_limit;
104
+
static u32 audit_rate_limit;
105
105
106
106
/* Number of outstanding audit_buffers allowed.
107
107
* When set to zero, this means unlimited. */
108
-
static int audit_backlog_limit = 64;
108
+
static u32 audit_backlog_limit = 64;
109
109
#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)
110
-
static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
111
-
static int audit_backlog_wait_overflow = 0;
110
+
static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
111
+
static u32 audit_backlog_wait_overflow = 0;
112
112
113
113
/* The identity of the user shutting down the audit system. */
114
114
kuid_t audit_sig_uid = INVALID_UID;
···
272
272
273
273
if (print) {
274
274
if (printk_ratelimit())
275
-
pr_warn("audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n",
275
+
pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n",
276
276
atomic_read(&audit_lost),
277
277
audit_rate_limit,
278
278
audit_backlog_limit);
···
280
280
}
281
281
}
282
282
283
-
static int audit_log_config_change(char *function_name, int new, int old,
283
+
static int audit_log_config_change(char *function_name, u32 new, u32 old,
284
284
int allow_changes)
285
285
{
286
286
struct audit_buffer *ab;
···
289
289
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
290
290
if (unlikely(!ab))
291
291
return rc;
292
-
audit_log_format(ab, "%s=%d old=%d", function_name, new, old);
292
+
audit_log_format(ab, "%s=%u old=%u", function_name, new, old);
293
293
audit_log_session_info(ab);
294
294
rc = audit_log_task_context(ab);
295
295
if (rc)
···
299
299
return rc;
300
300
}
301
301
302
-
static int audit_do_config_change(char *function_name, int *to_change, int new)
302
+
static int audit_do_config_change(char *function_name, u32 *to_change, u32 new)
303
303
{
304
-
int allow_changes, rc = 0, old = *to_change;
304
+
int allow_changes, rc = 0;
305
+
u32 old = *to_change;
305
306
306
307
/* check if we are locked */
307
308
if (audit_enabled == AUDIT_LOCKED)
···
325
324
return rc;
326
325
}
327
326
328
-
static int audit_set_rate_limit(int limit)
327
+
static int audit_set_rate_limit(u32 limit)
329
328
{
330
329
return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit);
331
330
}
332
331
333
-
static int audit_set_backlog_limit(int limit)
332
+
static int audit_set_backlog_limit(u32 limit)
334
333
{
335
334
return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit);
336
335
}
337
336
338
-
static int audit_set_backlog_wait_time(int timeout)
337
+
static int audit_set_backlog_wait_time(u32 timeout)
339
338
{
340
339
return audit_do_config_change("audit_backlog_wait_time",
341
340
&audit_backlog_wait_time, timeout);
342
341
}
343
342
344
-
static int audit_set_enabled(int state)
343
+
static int audit_set_enabled(u32 state)
345
344
{
346
345
int rc;
347
346
if (state < AUDIT_OFF || state > AUDIT_LOCKED)
···
354
353
return rc;
355
354
}
356
355
357
-
static int audit_set_failure(int state)
356
+
static int audit_set_failure(u32 state)
358
357
{
359
358
if (state != AUDIT_FAIL_SILENT
360
359
&& state != AUDIT_FAIL_PRINTK
···
689
688
690
689
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
691
690
audit_log_task_info(ab, current);
692
-
audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d",
691
+
audit_log_format(ab, "feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
693
692
audit_feature_names[which], !!old_feature, !!new_feature,
694
693
!!old_lock, !!new_lock, res);
695
694
audit_log_end(ab);
···
1145
1144
* audit_backlog_limit=<n> */
1146
1145
static int __init audit_backlog_limit_set(char *str)
1147
1146
{
1148
-
long int audit_backlog_limit_arg;
1147
+
u32 audit_backlog_limit_arg;
1149
1148
1150
1149
pr_info("audit_backlog_limit: ");
1151
-
if (kstrtol(str, 0, &audit_backlog_limit_arg)) {
1152
-
pr_cont("using default of %d, unable to parse %s\n",
1150
+
if (kstrtouint(str, 0, &audit_backlog_limit_arg)) {
1151
+
pr_cont("using default of %u, unable to parse %s\n",
1153
1152
audit_backlog_limit, str);
1154
1153
return 1;
1155
1154
}
1156
-
if (audit_backlog_limit_arg >= 0)
1157
-
audit_backlog_limit = (int)audit_backlog_limit_arg;
1155
+
1156
+
audit_backlog_limit = audit_backlog_limit_arg;
1158
1157
pr_cont("%d\n", audit_backlog_limit);
1159
1158
1160
1159
return 1;