linux.git/kernel/audit.c, branch v6.6.131 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git audit: Send netlink ACK before setting connection in auditd_set 2024-02-05T20:14:14+00:00 Chris Riches chris.riches@nutanix.com 2023-10-18T09:23:51+00:00 129db2ded6e6048b557388b88b3f382a64150dc7 [ Upstream commit 022732e3d846e197539712e51ecada90ded0572a ] When auditd_set sets the auditd_conn pointer, audit messages can immediately be put on the socket by other kernel threads. If the backlog is large or the rate is high, this can immediately fill the socket buffer. If the audit daemon requested an ACK for this operation, a full socket buffer causes the ACK to get dropped, also setting ENOBUFS on the socket. To avoid this race and ensure ACKs get through, fast-track the ACK in this specific case to ensure it is sent before auditd_conn is set. Signed-off-by: Chris Riches <chris.riches@nutanix.com> [PM: fix some tab vs space damage] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 022732e3d846e197539712e51ecada90ded0572a ]

When auditd_set sets the auditd_conn pointer, audit messages can
immediately be put on the socket by other kernel threads. If the backlog
is large or the rate is high, this can immediately fill the socket
buffer. If the audit daemon requested an ACK for this operation, a full
socket buffer causes the ACK to get dropped, also setting ENOBUFS on the
socket.

To avoid this race and ensure ACKs get through, fast-track the ACK in
this specific case to ensure it is sent before auditd_conn is set.

Signed-off-by: Chris Riches <chris.riches@nutanix.com>
[PM: fix some tab vs space damage]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
audit: move trailing statements to next line 2023-08-15T22:16:14+00:00 Atul Kumar Pant atulpant.linux@gmail.com 2023-08-15T20:47:51+00:00 b1a0f64cc65ea2ebfaae9e0ce623e993a7d24257 Fixes following checkpatch.pl issue: ERROR: trailing statements should be on next line Signed-off-by: Atul Kumar Pant <atulpant.linux@gmail.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> 
Fixes following checkpatch.pl issue:
ERROR: trailing statements should be on next line

Signed-off-by: Atul Kumar Pant <atulpant.linux@gmail.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
audit: include security.h unconditionally 2023-07-20T19:06:58+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2023-07-20T01:50:32+00:00 be4187faa8a48cfef572eba9e3882fb2134bdf67 The ifdef-else logic is already in the header file, so include it unconditionally, no functional changes here. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> [PM: fixed misspelling in the subject] Signed-off-by: Paul Moore <paul@paul-moore.com> 
The ifdef-else logic is already in the header file, so include it
unconditionally, no functional changes here.

Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
[PM: fixed misspelling in the subject]
Signed-off-by: Paul Moore <paul@paul-moore.com>
audit: use time_after to compare time 2022-08-29T23:47:03+00:00 wuchi wuchi.zero@gmail.com 2022-08-29T16:26:09+00:00 501e4bb102ee2f380ab94abbf3d35dff9d4719a2 Using time_{*} macro to compare time is better Signed-off-by: wuchi <wuchi.zero@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Using time_{*} macro to compare time is better

Signed-off-by: wuchi <wuchi.zero@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
audit: make is_audit_feature_set() static 2022-06-13T18:08:57+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2022-06-11T09:23:04+00:00 546093206ba16623c18e344630dbfdd71a4327e0 Currently nobody use is_audit_feature_set() outside this file, so make it static. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Currently nobody use is_audit_feature_set() outside this file, so make
it static.

Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
audit: remove redundant data_len check 2022-06-07T19:41:34+00:00 Shreenidhi Shedi yesshedi@gmail.com 2022-05-15T07:31:09+00:00 5ee6cfdd11aaf5aee5cd48baf35b1710caa68a5c data_len is already getting checked if it's less than 2 earlier in this function. Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
data_len is already getting checked if it's less than 2 earlier in this
function.

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
audit: improve audit queue handling when "audit=1" on cmdline 2022-01-25T18:22:51+00:00 Paul Moore paul@paul-moore.com 2022-01-13T23:54:38+00:00 f26d04331360d42dbd6b58448bd98e4edbfbe1c5 When an admin enables audit at early boot via the "audit=1" kernel command line the audit queue behavior is slightly different; the audit subsystem goes to greater lengths to avoid dropping records, which unfortunately can result in problems when the audit daemon is forcibly stopped for an extended period of time. This patch makes a number of changes designed to improve the audit queuing behavior so that leaving the audit daemon in a stopped state for an extended period does not cause a significant impact to the system. - kauditd_send_queue() is now limited to looping through the passed queue only once per call. This not only prevents the function from looping indefinitely when records are returned to the current queue, it also allows any recovery handling in kauditd_thread() to take place when kauditd_send_queue() returns. - Transient netlink send errors seen as -EAGAIN now cause the record to be returned to the retry queue instead of going to the hold queue. The intention of the hold queue is to store, perhaps for an extended period of time, the events which led up to the audit daemon going offline. The retry queue remains a temporary queue intended to protect against transient issues between the kernel and the audit daemon. - The retry queue is now limited by the audit_backlog_limit setting, the same as the other queues. This allows admins to bound the size of all of the audit queues on the system. - kauditd_rehold_skb() now returns records to the end of the hold queue to ensure ordering is preserved in the face of recent changes to kauditd_send_queue(). Cc: stable@vger.kernel.org Fixes: 5b52330bbfe63 ("audit: fix auditd/kernel connection state tracking") Fixes: f4b3ee3c85551 ("audit: improve robustness of the audit queue handling") Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com> Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
When an admin enables audit at early boot via the "audit=1" kernel
command line the audit queue behavior is slightly different; the
audit subsystem goes to greater lengths to avoid dropping records,
which unfortunately can result in problems when the audit daemon is
forcibly stopped for an extended period of time.

This patch makes a number of changes designed to improve the audit
queuing behavior so that leaving the audit daemon in a stopped state
for an extended period does not cause a significant impact to the
system.

- kauditd_send_queue() is now limited to looping through the
  passed queue only once per call.  This not only prevents the
  function from looping indefinitely when records are returned
  to the current queue, it also allows any recovery handling in
  kauditd_thread() to take place when kauditd_send_queue()
  returns.

- Transient netlink send errors seen as -EAGAIN now cause the
  record to be returned to the retry queue instead of going to
  the hold queue.  The intention of the hold queue is to store,
  perhaps for an extended period of time, the events which led
  up to the audit daemon going offline.  The retry queue remains
  a temporary queue intended to protect against transient issues
  between the kernel and the audit daemon.

- The retry queue is now limited by the audit_backlog_limit
  setting, the same as the other queues.  This allows admins
  to bound the size of all of the audit queues on the system.

- kauditd_rehold_skb() now returns records to the end of the
  hold queue to ensure ordering is preserved in the face of
  recent changes to kauditd_send_queue().

Cc: stable@vger.kernel.org
Fixes: 5b52330bbfe63 ("audit: fix auditd/kernel connection state tracking")
Fixes: f4b3ee3c85551 ("audit: improve robustness of the audit queue handling")
Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Merge tag 'audit-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit 2022-01-11T21:08:21+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-01-11T21:08:21+00:00 5d7e52237c59e37a25da854196fc70e9b09704d9 Pull audit updates from Paul Moore: "Four audit patches for v5.17: - Harden the code through additional use of the struct_size() macro and zero-length arrays to flexible-array conversions. - Ensure that processes which generate userspace audit records are not exempt from the kernel's audit throttling when the audit queues are being overrun" * tag 'audit-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: replace zero-length array with flexible-array member audit: use struct_size() helper in audit_[send|make]_reply() audit: ensure userspace is penalized the same as the kernel when under pressure audit: use struct_size() helper in kmalloc() 
Pull audit updates from Paul Moore:
 "Four audit patches for v5.17:

   - Harden the code through additional use of the struct_size() macro
     and zero-length arrays to flexible-array conversions.

   - Ensure that processes which generate userspace audit records are
     not exempt from the kernel's audit throttling when the audit queues
     are being overrun"

* tag 'audit-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: replace zero-length array with flexible-array member
  audit: use struct_size() helper in audit_[send|make]_reply()
  audit: ensure userspace is penalized the same as the kernel when under pressure
  audit: use struct_size() helper in kmalloc()
Merge tag 'selinux-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 2022-01-11T21:03:06+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-01-11T21:03:06+00:00 a135ce4400bb87f229ab33a663987327d9e0b2a0 Pull selinux updates from Paul Moore: "Nothing too significant, but five SELinux patches for v5.17 that do the following: - Harden the code through additional use of the struct_size() macro - Plug some memory leaks - Clean up the code via removal of the security_add_mnt_opt() LSM hook and minor tweaks to selinux_add_opt() - Rename security_task_getsecid_subj() to better reflect its actual behavior/use - now called security_current_getsecid_subj()" * tag 'selinux-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: minor tweaks to selinux_add_opt() selinux: fix potential memleak in selinux_add_opt() security,selinux: remove security_add_mnt_opt() selinux: Use struct_size() helper in kmalloc() lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 
Pull selinux updates from Paul Moore:
 "Nothing too significant, but five SELinux patches for v5.17 that do
  the following:

   - Harden the code through additional use of the struct_size() macro

   - Plug some memory leaks

   - Clean up the code via removal of the security_add_mnt_opt() LSM
     hook and minor tweaks to selinux_add_opt()

   - Rename security_task_getsecid_subj() to better reflect its actual
     behavior/use - now called security_current_getsecid_subj()"

* tag 'selinux-pr-20220110' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: minor tweaks to selinux_add_opt()
  selinux: fix potential memleak in selinux_add_opt()
  security,selinux: remove security_add_mnt_opt()
  selinux: Use struct_size() helper in kmalloc()
  lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
audit: use struct_size() helper in audit_[send|make]_reply() 2021-12-20T19:42:11+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2021-12-17T01:01:51+00:00 30561b51cc8d1daa27a48eb29dd9424858576b19 Make use of struct_size() helper instead of an open-coded calculation. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 
Make use of struct_size() helper instead of an open-coded calculation.

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>