tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] fix broken timestamps in AVC generated by kernel threads
[patch 1/1] audit: remove excess kernel-doc
[PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin
[PATCH] return records for fork() both to child and parent
[PATCH] Audit: make audit=0 actually turn off audit

Linus Torvalds b749e3f8 6f8e5850

+50 -15
unified split
+2
include/asm-generic/audit_write.h
··· 1 1 #include <asm-generic/audit_dir_write.h> 2 2 __NR_acct, 3 + #ifdef __NR_swapon 3 4 __NR_swapon, 5 + #endif 4 6 __NR_quotactl, 5 7 __NR_truncate, 6 8 #ifdef __NR_truncate64
+4 -2
include/linux/audit.h
··· 391 391 #ifdef CONFIG_AUDITSYSCALL 392 392 /* These are defined in auditsc.c */ 393 393 /* Public API */ 394 + extern void audit_finish_fork(struct task_struct *child); 394 395 extern int audit_alloc(struct task_struct *task); 395 396 extern void audit_free(struct task_struct *task); 396 397 extern void audit_syscall_entry(int arch, ··· 435 434 436 435 /* Private API (for audit.c only) */ 437 436 extern unsigned int audit_serial(void); 438 - extern void auditsc_get_stamp(struct audit_context *ctx, 437 + extern int auditsc_get_stamp(struct audit_context *ctx, 439 438 struct timespec *t, unsigned int *serial); 440 439 extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 441 440 #define audit_get_loginuid(t) ((t)->loginuid) ··· 505 504 extern int audit_n_rules; 506 505 extern int audit_signals; 507 506 #else 507 + #define audit_finish_fork(t) 508 508 #define audit_alloc(t) ({ 0; }) 509 509 #define audit_free(t) do { ; } while (0) 510 510 #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) ··· 518 516 #define audit_inode(n,d) do { ; } while (0) 519 517 #define audit_inode_child(d,i,p) do { ; } while (0) 520 518 #define audit_core_dumps(i) do { ; } while (0) 521 - #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 519 + #define auditsc_get_stamp(c,t,s) (0) 522 520 #define audit_get_loginuid(t) (-1) 523 521 #define audit_get_sessionid(t) (-1) 524 522 #define audit_log_task_context(b) do { ; } while (0)
+22 -10
kernel/audit.c
··· 61 61 62 62 #include "audit.h" 63 63 64 - /* No auditing will take place until audit_initialized != 0. 64 + /* No auditing will take place until audit_initialized == AUDIT_INITIALIZED. 65 65 * (Initialization happens after skb_init is called.) */ 66 + #define AUDIT_DISABLED -1 67 + #define AUDIT_UNINITIALIZED 0 68 + #define AUDIT_INITIALIZED 1 66 69 static int audit_initialized; 67 70 68 71 #define AUDIT_OFF 0 ··· 968 965 { 969 966 int i; 970 967 968 + if (audit_initialized == AUDIT_DISABLED) 969 + return 0; 970 + 971 971 printk(KERN_INFO "audit: initializing netlink socket (%s)\n", 972 972 audit_default ? "enabled" : "disabled"); 973 973 audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0, ··· 982 976 983 977 skb_queue_head_init(&audit_skb_queue); 984 978 skb_queue_head_init(&audit_skb_hold_queue); 985 - audit_initialized = 1; 979 + audit_initialized = AUDIT_INITIALIZED; 986 980 audit_enabled = audit_default; 987 981 audit_ever_enabled |= !!audit_default; 988 982 ··· 1005 999 static int __init audit_enable(char *str) 1006 1000 { 1007 1001 audit_default = !!simple_strtol(str, NULL, 0); 1008 - printk(KERN_INFO "audit: %s%s\n", 1009 - audit_default ? "enabled" : "disabled", 1010 - audit_initialized ? "" : " (after initialization)"); 1011 - if (audit_initialized) { 1002 + if (!audit_default) 1003 + audit_initialized = AUDIT_DISABLED; 1004 + 1005 + printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled"); 1006 + 1007 + if (audit_initialized == AUDIT_INITIALIZED) { 1012 1008 audit_enabled = audit_default; 1013 1009 audit_ever_enabled |= !!audit_default; 1010 + } else if (audit_initialized == AUDIT_UNINITIALIZED) { 1011 + printk(" (after initialization)"); 1012 + } else { 1013 + printk(" (until reboot)"); 1014 1014 } 1015 + printk("\n"); 1016 + 1015 1017 return 1; 1016 1018 } 1017 1019 ··· 1121 1107 static inline void audit_get_stamp(struct audit_context *ctx, 1122 1108 struct timespec *t, unsigned int *serial) 1123 1109 { 1124 - if (ctx) 1125 - auditsc_get_stamp(ctx, t, serial); 1126 - else { 1110 + if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { 1127 1111 *t = CURRENT_TIME; 1128 1112 *serial = audit_serial(); 1129 1113 } ··· 1158 1146 int reserve; 1159 1147 unsigned long timeout_start = jiffies; 1160 1148 1161 - if (!audit_initialized) 1149 + if (audit_initialized != AUDIT_INITIALIZED) 1162 1150 return NULL; 1163 1151 1164 1152 if (unlikely(audit_filter_type(type)))
+21 -3
kernel/auditsc.c
··· 1459 1459 1460 1460 /** 1461 1461 * audit_syscall_entry - fill in an audit record at syscall entry 1462 - * @tsk: task being audited 1463 1462 * @arch: architecture type 1464 1463 * @major: major syscall type (function) 1465 1464 * @a1: additional syscall register 1 ··· 1547 1548 context->ppid = 0; 1548 1549 } 1549 1550 1551 + void audit_finish_fork(struct task_struct *child) 1552 + { 1553 + struct audit_context *ctx = current->audit_context; 1554 + struct audit_context *p = child->audit_context; 1555 + if (!p || !ctx || !ctx->auditable) 1556 + return; 1557 + p->arch = ctx->arch; 1558 + p->major = ctx->major; 1559 + memcpy(p->argv, ctx->argv, sizeof(ctx->argv)); 1560 + p->ctime = ctx->ctime; 1561 + p->dummy = ctx->dummy; 1562 + p->auditable = ctx->auditable; 1563 + p->in_syscall = ctx->in_syscall; 1564 + p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL); 1565 + p->ppid = current->pid; 1566 + } 1567 + 1550 1568 /** 1551 1569 * audit_syscall_exit - deallocate audit context after a system call 1552 - * @tsk: task being audited 1553 1570 * @valid: success/failure flag 1554 1571 * @return_code: syscall return value 1555 1572 * ··· 1957 1942 * 1958 1943 * Also sets the context as auditable. 1959 1944 */ 1960 - void auditsc_get_stamp(struct audit_context *ctx, 1945 + int auditsc_get_stamp(struct audit_context *ctx, 1961 1946 struct timespec *t, unsigned int *serial) 1962 1947 { 1948 + if (!ctx->in_syscall) 1949 + return 0; 1963 1950 if (!ctx->serial) 1964 1951 ctx->serial = audit_serial(); 1965 1952 t->tv_sec = ctx->ctime.tv_sec; 1966 1953 t->tv_nsec = ctx->ctime.tv_nsec; 1967 1954 *serial = ctx->serial; 1968 1955 ctx->auditable = 1; 1956 + return 1; 1969 1957 } 1970 1958 1971 1959 /* global counter which is incremented every time something logs in */
+1
kernel/fork.c
··· 1398 1398 init_completion(&vfork); 1399 1399 } 1400 1400 1401 + audit_finish_fork(p); 1401 1402 tracehook_report_clone(trace, regs, clone_flags, nr, p); 1402 1403 1403 1404 /*