Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=stable%2F4.2.y 2015-02-17T23:27:47Z 2015-02-17T23:27:47Z Linus Torvalds torvalds@linux-foundation.org 2015-02-17T23:27:47Z urn:sha1:05016b0f0a9d900e976db7f50a7761c0aefe5a1c Pull getname/putname updates from Al Viro: "Rework of getname/getname_kernel/etc., mostly from Paul Moore. Gets rid of quite a pile of kludges between namei and audit..." * 'getname2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: audit: replace getname()/putname() hacks with reference counters audit: fix filename matching in __audit_inode() and __audit_inode_child() audit: enable filename recording via getname_kernel() simpler calling conventions for filename_mountpoint() fs: create proper filename objects using getname_kernel() fs: rework getname_kernel to handle up to PATH_MAX sized filenames cut down the number of do_path_lookup() callers 2015-02-12T04:07:47Z Linus Torvalds torvalds@linux-foundation.org 2015-02-12T04:07:47Z urn:sha1:7184487f14eb7c2fcf8337bb16c6a63b6db1252e Pull audit fix from Paul Moore: "Just one patch from the audit tree for v3.20, and a very minor one at that. The patch simply removes an old, unused field from the audit_krule structure, a private audit-only struct. In audit related news, we did a proper overhaul of the audit pathname code and removed the nasty getname()/putname() hacks for audit, you should see those patches in Al's vfs tree if you haven't already. That's it for audit this time, let's hope for a quiet -rcX series" * 'upstream' of git://git.infradead.org/users/pcmoore/audit: audit: remove vestiges of vers_ops 2015-01-23T05:23:58Z Paul Moore pmoore@redhat.com 2015-01-22T05:00:23Z urn:sha1:55422d0bd292f5ad143cc32cb8bb8505257274c4 In order to ensure that filenames are not released before the audit subsystem is done with the strings there are a number of hacks built into the fs and audit subsystems around getname() and putname(). To say these hacks are "ugly" would be kind. This patch removes the filename hackery in favor of a more conventional reference count based approach. The diffstat below tells most of the story; lots of audit/fs specific code is replaced with a traditional reference count based approach that is easily understood, even by those not familiar with the audit and/or fs subsystems. CC: viro@zeniv.linux.org.uk CC: linux-fsdevel@vger.kernel.org Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2015-01-20T15:48:32Z Richard Guy Briggs rgb@redhat.com 2014-12-23T21:39:54Z urn:sha1:2fded7f44b8fcf79e274c3f0cfbd0298f95308f3 Should have been removed with commit 18900909 ("audit: remove the old depricated kernel interface"). Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> 2014-12-24T02:13:16Z Linus Torvalds torvalds@linux-foundation.org 2014-12-24T02:13:16Z urn:sha1:66b3f4f0a0fcc197a1e432c3d2134f5c6a5275b9 Pull audit fixes from Paul Moore: "Four patches to fix various problems with the audit subsystem, all are fairly small and straightforward. One patch fixes a problem where we weren't using the correct gfp allocation flags (GFP_KERNEL regardless of context, oops), one patch fixes a problem with old userspace tools (this was broken for a while), one patch fixes a problem where we weren't recording pathnames correctly, and one fixes a problem with PID based filters. In general I don't think there is anything controversial with this patchset, and it fixes some rather unfortunate bugs; the allocation flag one can be particularly scary looking for users" * 'upstream' of git://git.infradead.org/users/pcmoore/audit: audit: restore AUDIT_LOGINUID unset ABI audit: correctly record file names with different path name types audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb audit: don't attempt to lookup PIDs when changing PID filtering audit rules 2014-12-23T21:40:18Z Richard Guy Briggs rgb@redhat.com 2014-12-23T18:02:04Z urn:sha1:041d7b98ffe59c59fdd639931dea7d74f9aa9a59 A regression was caused by commit 780a7654cee8: audit: Make testing for a valid loginuid explicit. (which in turn attempted to fix a regression caused by e1760bd) When audit_krule_to_data() fills in the rules to get a listing, there was a missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. This broke userspace by not returning the same information that was sent and expected. The rule: auditctl -a exit,never -F auid=-1 gives: auditctl -l LIST_RULES: exit,never f24=0 syscall=all when it should give: LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all Tag it so that it is reported the same way it was set. Create a new private flags audit_krule field (pflags) to store it that won't interact with the public one from the API. Cc: stable@vger.kernel.org # v3.10-rc1+ Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> 2014-11-19T18:01:26Z Al Viro viro@zeniv.linux.org.uk 2014-10-31T21:44:57Z urn:sha1:9f45f5bf302daad6835ce64701fb3c286a2cc6af ... for situations when we don't have any candidate in pathnames - basically, in descriptor-based syscalls. [Folded the build fix for !CONFIG_AUDITSYSCALL configs from Chen Gang] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2014-10-22T22:14:03Z Bjorn Helgaas bhelgaas@google.com 2014-10-14T00:58:48Z urn:sha1:9e8beeb79ded25c5c1986f80fb8a7f6815345d5a There's only one audit_classify_compat_syscall() definition, so it doesn't need to be weak. Remove the "weak" attribute from the audit_classify_compat_syscall() declaration. Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Acked-by: Richard Guy Briggs <rgb@redhat.com> CC: AKASHI Takahiro <takahiro.akashi@linaro.org> 2014-09-23T20:37:53Z Richard Guy Briggs rgb@redhat.com 2014-03-26T11:26:47Z urn:sha1:219ca39427bf6c46c4e1473493e33bc00635e99b Since only one of val, uid, gid and lsm* are used at any given time, combine them to reduce the size of the struct audit_field. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> 2014-09-23T20:21:28Z Richard Guy Briggs rgb@redhat.com 2014-03-04T15:38:06Z urn:sha1:b4f0d3755c5e9cc86292d5fd78261903b4f23d4a Since the arch is found locally in __audit_syscall_entry(), there is no need to pass it in as a parameter. Delete it from the parameter list. x86* was the only arch to call __audit_syscall_entry() directly and did so from assembly code. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-audit@redhat.com Signed-off-by: Eric Paris <eparis@redhat.com> --- As this patch relies on changes in the audit tree, I think it appropriate to send it through my tree rather than the x86 tree.