commit 48887e63d6e057543067327da6b091297f7fe645 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

[PATCH] fix broken timestamps in AVC generated by kernel threads

Timestamp in audit_context is valid only if ->in_syscall is set.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 17 years ago 48887e63 7f0ed77d

+7 -6

3 changed files

expand all

unified split

include

linux

audit.h

kernel

audit.c

auditsc.c

+2 -2

include/linux/audit.h

··· 435 435 436 436 /* Private API (for audit.c only) */ 437 437 extern unsigned int audit_serial(void); 438 - extern void auditsc_get_stamp(struct audit_context *ctx, 438 + extern int auditsc_get_stamp(struct audit_context *ctx, 439 439 struct timespec *t, unsigned int *serial); 440 440 extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 441 441 #define audit_get_loginuid(t) ((t)->loginuid) ··· 518 518 #define audit_inode(n,d) do { ; } while (0) 519 519 #define audit_inode_child(d,i,p) do { ; } while (0) 520 520 #define audit_core_dumps(i) do { ; } while (0) 521 - #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 521 + #define auditsc_get_stamp(c,t,s) (0) 522 522 #define audit_get_loginuid(t) (-1) 523 523 #define audit_get_sessionid(t) (-1) 524 524 #define audit_log_task_context(b) do { ; } while (0)

+1 -3

kernel/audit.c

··· 1121 1121 static inline void audit_get_stamp(struct audit_context *ctx, 1122 1122 struct timespec *t, unsigned int *serial) 1123 1123 { 1124 - if (ctx) 1125 - auditsc_get_stamp(ctx, t, serial); 1126 - else { 1124 + if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { 1127 1125 *t = CURRENT_TIME; 1128 1126 *serial = audit_serial(); 1129 1127 }

+4 -1

kernel/auditsc.c

··· 1957 1957 * 1958 1958 * Also sets the context as auditable. 1959 1959 */ 1960 - void auditsc_get_stamp(struct audit_context *ctx, 1960 + int auditsc_get_stamp(struct audit_context *ctx, 1961 1961 struct timespec *t, unsigned int *serial) 1962 1962 { 1963 + if (!ctx->in_syscall) 1964 + return 0; 1963 1965 if (!ctx->serial) 1964 1966 ctx->serial = audit_serial(); 1965 1967 t->tv_sec = ctx->ctime.tv_sec; 1966 1968 t->tv_nsec = ctx->ctime.tv_nsec; 1967 1969 *serial = ctx->serial; 1968 1970 ctx->auditable = 1; 1971 + return 1; 1969 1972 } 1970 1973 1971 1974 /* global counter which is incremented every time something logs in */