forked from Minki/linux
audit/stable-6.1 PR 20221003
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmM68bIUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXN1/Q/+L0xoduzZg6u8cpkVrBmqPmhFFxDi 580v69CUcXa29+sxVpH7rPJIhaR/EK/UrdNTVgGa+cvo11StgzuieY3Ds3gzfhmf 7G7fvZtiloZ1SWnfUMuk3NxNCWBHGE7CE2l+CgWqKmWuOlXcHyq81ydJ1Aydr8Gr qJhGPf+StC2XxXGlsAqKHboxTRbFDREFKrKllF2XYOiNNcGoyNcmeSoLGzTweWTx 52YbtiUtjOk4r482QJKwGRxmKLfFPeMDr7BZmB8acZasp+o0nLF9yaFlSUEmiwZO XMIqszdhywAhe0z+WAy6TnoQSHWkHKILa2+R2se7XB+EpEWie01bOfsYqg21Pgt8 HzcQ9edsiykCtXmgZLTt6K1+aKvBaY2R0kKtBhNR7Rn8XyfR5f9VCVE+YNCZAVxu OiQdvFX/etAc0bWAJzgDL1r3mHkMGmsyg+s1rXQoNnaAIK3t9VBCgKndWkoblHGF jnoUceU17RZiuqwwjp4FSSniX/1yHexIPGHvYY7lwrgbDeBgiZpOJM1mVZqW3ShE X+xgWyYIaLGndavzn41dzaa8irfRpvzWE3xywnghJx6BDGKwAkSX/yBpE3EzXirf nUE+50g919U27DWsWwm2ev+DkJwdb1d11jRRJbcNqHOqN3FCEmSGQAAl0h79Bib8 +/V0XWZ1tFOjPkE= =52r/ -----END PGP SIGNATURE----- Merge tag 'audit-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: "Six audit patches for v6.1, most are pretty trivial, but a quick list of the highlights are below: - Only free the audit proctitle information on task exit. This allows us to cache the information and improve performance slightly. - Use the time_after() macro to do time comparisons instead of doing it directly and potentially causing ourselves problems when the timer wraps. - Convert an audit_context state comparison from a relative enum comparison, e.g. (x < y), to a not-equal comparison to ensure that we are not caught out at some unknown point in the future by an enum shuffle. - A handful of small cleanups such as tidying up comments and removing unused declarations" * tag 'audit-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: remove selinux_audit_rule_update() declaration audit: use time_after to compare time audit: free audit_proctitle only on task exit audit: explicitly check audit_context->context enum value audit: audit_context pid unused, context enum comment fix audit: fix repeated words in comments
This commit is contained in:
commit
c645c11a2d
@ -321,7 +321,6 @@ static inline int audit_rate_check(void)
|
|||||||
static DEFINE_SPINLOCK(lock);
|
static DEFINE_SPINLOCK(lock);
|
||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
unsigned long now;
|
unsigned long now;
|
||||||
unsigned long elapsed;
|
|
||||||
int retval = 0;
|
int retval = 0;
|
||||||
|
|
||||||
if (!audit_rate_limit) return 1;
|
if (!audit_rate_limit) return 1;
|
||||||
@ -331,8 +330,7 @@ static inline int audit_rate_check(void)
|
|||||||
retval = 1;
|
retval = 1;
|
||||||
} else {
|
} else {
|
||||||
now = jiffies;
|
now = jiffies;
|
||||||
elapsed = now - last_check;
|
if (time_after(now, last_check + HZ)) {
|
||||||
if (elapsed > HZ) {
|
|
||||||
last_check = now;
|
last_check = now;
|
||||||
messages = 0;
|
messages = 0;
|
||||||
retval = 1;
|
retval = 1;
|
||||||
@ -366,7 +364,7 @@ void audit_log_lost(const char *message)
|
|||||||
if (!print) {
|
if (!print) {
|
||||||
spin_lock_irqsave(&lock, flags);
|
spin_lock_irqsave(&lock, flags);
|
||||||
now = jiffies;
|
now = jiffies;
|
||||||
if (now - last_msg > HZ) {
|
if (time_after(now, last_msg + HZ)) {
|
||||||
print = 1;
|
print = 1;
|
||||||
last_msg = now;
|
last_msg = now;
|
||||||
}
|
}
|
||||||
|
@ -133,7 +133,7 @@ struct audit_context {
|
|||||||
struct sockaddr_storage *sockaddr;
|
struct sockaddr_storage *sockaddr;
|
||||||
size_t sockaddr_len;
|
size_t sockaddr_len;
|
||||||
/* Save things to print about task_struct */
|
/* Save things to print about task_struct */
|
||||||
pid_t pid, ppid;
|
pid_t ppid;
|
||||||
kuid_t uid, euid, suid, fsuid;
|
kuid_t uid, euid, suid, fsuid;
|
||||||
kgid_t gid, egid, sgid, fsgid;
|
kgid_t gid, egid, sgid, fsgid;
|
||||||
unsigned long personality;
|
unsigned long personality;
|
||||||
@ -245,8 +245,6 @@ struct audit_netlink_list {
|
|||||||
|
|
||||||
int audit_send_list_thread(void *_dest);
|
int audit_send_list_thread(void *_dest);
|
||||||
|
|
||||||
extern int selinux_audit_rule_update(void);
|
|
||||||
|
|
||||||
extern struct mutex audit_filter_mutex;
|
extern struct mutex audit_filter_mutex;
|
||||||
extern int audit_del_rule(struct audit_entry *entry);
|
extern int audit_del_rule(struct audit_entry *entry);
|
||||||
extern void audit_free_rule_rcu(struct rcu_head *head);
|
extern void audit_free_rule_rcu(struct rcu_head *head);
|
||||||
|
@ -965,7 +965,7 @@ static void audit_reset_context(struct audit_context *ctx)
|
|||||||
if (!ctx)
|
if (!ctx)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* if ctx is non-null, reset the "ctx->state" regardless */
|
/* if ctx is non-null, reset the "ctx->context" regardless */
|
||||||
ctx->context = AUDIT_CTX_UNUSED;
|
ctx->context = AUDIT_CTX_UNUSED;
|
||||||
if (ctx->dummy)
|
if (ctx->dummy)
|
||||||
return;
|
return;
|
||||||
@ -1002,7 +1002,7 @@ static void audit_reset_context(struct audit_context *ctx)
|
|||||||
kfree(ctx->sockaddr);
|
kfree(ctx->sockaddr);
|
||||||
ctx->sockaddr = NULL;
|
ctx->sockaddr = NULL;
|
||||||
ctx->sockaddr_len = 0;
|
ctx->sockaddr_len = 0;
|
||||||
ctx->pid = ctx->ppid = 0;
|
ctx->ppid = 0;
|
||||||
ctx->uid = ctx->euid = ctx->suid = ctx->fsuid = KUIDT_INIT(0);
|
ctx->uid = ctx->euid = ctx->suid = ctx->fsuid = KUIDT_INIT(0);
|
||||||
ctx->gid = ctx->egid = ctx->sgid = ctx->fsgid = KGIDT_INIT(0);
|
ctx->gid = ctx->egid = ctx->sgid = ctx->fsgid = KGIDT_INIT(0);
|
||||||
ctx->personality = 0;
|
ctx->personality = 0;
|
||||||
@ -1016,7 +1016,6 @@ static void audit_reset_context(struct audit_context *ctx)
|
|||||||
WARN_ON(!list_empty(&ctx->killed_trees));
|
WARN_ON(!list_empty(&ctx->killed_trees));
|
||||||
audit_free_module(ctx);
|
audit_free_module(ctx);
|
||||||
ctx->fds[0] = -1;
|
ctx->fds[0] = -1;
|
||||||
audit_proctitle_free(ctx);
|
|
||||||
ctx->type = 0; /* reset last for audit_free_*() */
|
ctx->type = 0; /* reset last for audit_free_*() */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1077,6 +1076,7 @@ static inline void audit_free_context(struct audit_context *context)
|
|||||||
{
|
{
|
||||||
/* resetting is extra work, but it is likely just noise */
|
/* resetting is extra work, but it is likely just noise */
|
||||||
audit_reset_context(context);
|
audit_reset_context(context);
|
||||||
|
audit_proctitle_free(context);
|
||||||
free_tree_refs(context);
|
free_tree_refs(context);
|
||||||
kfree(context->filterkey);
|
kfree(context->filterkey);
|
||||||
kfree(context);
|
kfree(context);
|
||||||
@ -1833,7 +1833,7 @@ void __audit_free(struct task_struct *tsk)
|
|||||||
|
|
||||||
/* We are called either by do_exit() or the fork() error handling code;
|
/* We are called either by do_exit() or the fork() error handling code;
|
||||||
* in the former case tsk == current and in the latter tsk is a
|
* in the former case tsk == current and in the latter tsk is a
|
||||||
* random task_struct that doesn't doesn't have any meaningful data we
|
* random task_struct that doesn't have any meaningful data we
|
||||||
* need to log via audit_log_exit().
|
* need to log via audit_log_exit().
|
||||||
*/
|
*/
|
||||||
if (tsk == current && !context->dummy) {
|
if (tsk == current && !context->dummy) {
|
||||||
@ -2069,7 +2069,7 @@ void __audit_syscall_exit(int success, long return_code)
|
|||||||
/* run through both filters to ensure we set the filterkey properly */
|
/* run through both filters to ensure we set the filterkey properly */
|
||||||
audit_filter_syscall(current, context);
|
audit_filter_syscall(current, context);
|
||||||
audit_filter_inodes(current, context);
|
audit_filter_inodes(current, context);
|
||||||
if (context->current_state < AUDIT_STATE_RECORD)
|
if (context->current_state != AUDIT_STATE_RECORD)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
audit_log_exit();
|
audit_log_exit();
|
||||||
|
Loading…
Reference in New Issue
Block a user