Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.7 2020-04-20T21:10:58Z 2020-04-20T21:10:58Z Paul Moore paul@paul-moore.com 2020-04-20T20:24:34Z urn:sha1:763dafc520add02a1f4639b500c509acc0ea8e5b Commit 756125289285 ("audit: always check the netlink payload length in audit_receive_msg()") fixed a number of missing message length checks, but forgot to check the length of userspace generated audit records. The good news is that you need CAP_AUDIT_WRITE to submit userspace audit records, which is generally only given to trusted processes, so the impact should be limited. Cc: stable@vger.kernel.org Fixes: 756125289285 ("audit: always check the netlink payload length in audit_receive_msg()") Reported-by: syzbot+49e69b4d71a420ceda3e@syzkaller.appspotmail.com Signed-off-by: Paul Moore <paul@paul-moore.com> 2020-03-31T22:04:17Z Linus Torvalds torvalds@linux-foundation.org 2020-03-31T22:04:17Z urn:sha1:674d85eb2d7dc6ef436f46f770f7ab3f1b9c6669 Pull audit updates from Paul Moore: "We've got two audit patches for the v5.7 merge window with a stellar 14 lines changed between the two patches. The patch descriptions are far more lengthy than the patches themselves, which is a very good thing for patches this size IMHO. The patches pass our test suites and a quick summary is below: - Stop logging inode information when updating an audit file watch. Since we are not changing the inode, or the fact that we are watching the associated file, the inode information is just noise that we can do without. - Fix a problem where mandatory audit records were missing their accompanying audit records (e.g. SYSCALL records were missing). The missing records often meant that we didn't have the necessary context to understand what was going on when the event occurred" * tag 'audit-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: trigger accompanying records when no rules present audit: CONFIG_CHANGE don't log internal bookkeeping as an event 2020-03-12T14:42:51Z Richard Guy Briggs rgb@redhat.com 2020-03-10T13:20:17Z urn:sha1:1320a4052ea11eb2879eb7361da15a106a780972 When there are no audit rules registered, mandatory records (config, etc.) are missing their accompanying records (syscall, proctitle, etc.). This is due to audit context dummy set on syscall entry based on absence of rules that signals that no other records are to be printed. Clear the dummy bit if any record is generated. The proctitle context and dummy checks are pointless since the proctitle record will not be printed if no syscall records are printed. Please see upstream github issue https://github.com/linux-audit/audit-kernel/issues/120 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2020-02-24T21:38:57Z Paul Moore paul@paul-moore.com 2020-02-24T21:38:57Z urn:sha1:756125289285f6e55a03861bf4b6257aa3d19a93 This patch ensures that we always check the netlink payload length in audit_receive_msg() before we take any action on the payload itself. Cc: stable@vger.kernel.org Reported-by: syzbot+399c44bf1f43b8747403@syzkaller.appspotmail.com Reported-by: syzbot+e4b12d8d202701f08b6d@syzkaller.appspotmail.com Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-12-09T20:19:03Z Amol Grover frextrite@gmail.com 2019-12-01T18:33:48Z urn:sha1:cb5172d96d16df72db8b55146b0ec00bfd97f079 Add __rcu annotation to RCU-protected global pointer auditd_conn. auditd_conn is an RCU-protected global pointer,i.e., accessed via RCU methods rcu_dereference() and rcu_assign_pointer(), hence it must be annotated with __rcu for sparse to report warnings/errors correctly. Fix multiple instances of the sparse error: error: incompatible types in comparison expression (different address spaces) Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Amol Grover <frextrite@gmail.com> [PM: tweak subject line] Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-10-25T15:48:14Z Yunfeng Ye yeyunfeng@huawei.com 2019-10-23T13:27:34Z urn:sha1:c34c78dfc1fc68a1f5403f996de8ca62f298d7b2 Warning is found by the code analysis tool: "the condition 'if(ac && rc < 0)' is redundant: ac" The @ac variable has been checked before. It can't be a null pointer here, so remove the redundant condition check. Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-10-03T17:59:29Z Kees Cook keescook@chromium.org 2019-10-02T23:41:58Z urn:sha1:245d73698ed7abdc7e520dfa38048bb80ce89571 This renames the very specific audit_log_link_denied() to audit_log_path_denied() and adds the AUDIT_* type as an argument. This allows for the creation of the new AUDIT_ANOM_CREAT that can be used to report the fifo/regular file creation restrictions that were introduced in commit 30aba6656f61 ("namei: allow restricted O_CREAT of FIFOs and regular files"). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-07-09T01:55:42Z Linus Torvalds torvalds@linux-foundation.org 2019-07-09T01:55:42Z urn:sha1:61fc5771f5e729a2ce235af42f69c8506725e84a Pull audit updates from Paul Moore: "This pull request is a bit early, but with some vacation time coming up I wanted to send this out now just in case the remote Internet Gods decide not to smile on me once the merge window opens. The patchset for v5.3 is pretty minor this time, the highlights include: - When the audit daemon is sent a signal, ensure we deliver information about the sender even when syscall auditing is not enabled/supported. - Add the ability to filter audit records based on network address family. - Tighten the audit field filtering restrictions on string based fields. - Cleanup the audit field filtering verification code. - Remove a few BUG() calls from the audit code" * tag 'audit-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: remove the BUG() calls in the audit rule comparison functions audit: enforce op for string fields audit: add saddr_fam filter field audit: re-structure audit field valid checks audit: deliver signal_info regarless of syscall 2019-05-30T18:26:35Z Thomas Gleixner tglx@linutronix.de 2019-05-27T06:55:05Z urn:sha1:1a59d1b8e05ea6ab45f7e18897de1ef0e6bc3da6 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-22T02:18:25Z Richard Guy Briggs rgb@redhat.com 2019-05-10T16:21:49Z urn:sha1:b48345aafb203803ccda4488cb5409b1ed435c0a When a process signals the audit daemon (shutdown, rotate, resume, reconfig) but syscall auditing is not enabled, we still want to know the identity of the process sending the signal to the audit daemon. Move audit_signal_info() out of syscall auditing to general auditing but create a new function audit_signal_info_syscall() to take care of the syscall dependent parts for when syscall auditing is enabled. Please see the github kernel audit issue https://github.com/linux-audit/audit-kernel/issues/111 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>