Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.18.84 2015-01-16T14:59:46Z 2015-01-16T14:59:46Z Richard Guy Briggs rgb@redhat.com 2014-12-09T20:37:07Z urn:sha1:ad233513d9b3058335c78e851807d985a28648e3 commit 63f13448d81c910a284b096149411a719cbed501 upstream. Since both ppc and ppc64 have LE variants which are now reported by uname, add that flag (__AUDIT_ARCH_LE) to syscall_get_arch() and add AUDIT_ARCH_PPC64LE variant. Without this, perf trace and auditctl fail. Mainline kernel reports ppc64le (per a058801) but there is no matching AUDIT_ARCH_PPC64LE. Since 32-bit PPC LE is not supported by audit, don't advertise it in AUDIT_ARCH_PPC* variants. See: https://www.redhat.com/archives/linux-audit/2014-August/msg00082.html https://www.redhat.com/archives/linux-audit/2014-December/msg00004.html Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-10-19T23:25:56Z Linus Torvalds torvalds@linux-foundation.org 2014-10-19T23:25:56Z urn:sha1:ab074ade9c33b3585da86d62e87bcb3e897a3f54 Pull audit updates from Eric Paris: "So this change across a whole bunch of arches really solves one basic problem. We want to audit when seccomp is killing a process. seccomp hooks in before the audit syscall entry code. audit_syscall_entry took as an argument the arch of the given syscall. Since the arch is part of what makes a syscall number meaningful it's an important part of the record, but it isn't available when seccomp shoots the syscall... For most arch's we have a better way to get the arch (syscall_get_arch) So the solution was two fold: Implement syscall_get_arch() everywhere there is audit which didn't have it. Use syscall_get_arch() in the seccomp audit code. Having syscall_get_arch() everywhere meant it was a useless flag on the stack and we could get rid of it for the typical syscall entry. The other changes inside the audit system aren't grand, fixed some records that had invalid spaces. Better locking around the task comm field. Removing some dead functions and structs. Make some things static. Really minor stuff" * git://git.infradead.org/users/eparis/audit: (31 commits) audit: rename audit_log_remove_rule to disambiguate for trees audit: cull redundancy in audit_rule_change audit: WARN if audit_rule_change called illegally audit: put rule existence check in canonical order next: openrisc: Fix build audit: get comm using lock to avoid race in string printing audit: remove open_arg() function that is never used audit: correct AUDIT_GET_FEATURE return message type audit: set nlmsg_len for multicast messages. audit: use union for audit_field values since they are mutually exclusive audit: invalid op= values for rules audit: use atomic_t to simplify audit_serial() kernel/audit.c: use ARRAY_SIZE instead of sizeof/sizeof[0] audit: reduce scope of audit_log_fcaps audit: reduce scope of audit_net_id audit: arm64: Remove the audit arch argument to audit_syscall_entry arm64: audit: Add audit hook in syscall_trace_enter/exit() audit: x86: drop arch from __audit_syscall_entry() interface sparc: implement is_32bit_task sparc: properly conditionalize use of TIF_32BIT ... 2014-09-23T20:20:10Z Eric Paris eparis@redhat.com 2014-03-11T17:50:46Z urn:sha1:ce5d112827e5c2e9864323d0efd7ec2a62c6dce0 For all arches which support audit implement syscall_get_arch() They are all pretty easy and straight forward, stolen from how the call to audit_syscall_entry() determines the arch. Based-on-patch-by: Richard Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> Cc: linux-ia64@vger.kernel.org Cc: microblaze-uclinux@itee.uq.edu.au Cc: linux-mips@linux-mips.org Cc: linux@lists.openrisc.net Cc: linux-parisc@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: sparclinux@vger.kernel.org 2014-09-23T20:19:59Z Eric Paris eparis@redhat.com 2014-04-02T20:00:58Z urn:sha1:7e51aa4486bcf72daeb5d30227c4c01563f37044 The kernel only uses struct audit_rule_data. We dropped support for struct audit_rule a long time ago. Drop the definition in the header file. Signed-off-by: Eric Paris <eparis@redhat.com> 2014-07-10T10:06:00Z AKASHI Takahiro takahiro.akashi@linaro.org 2014-07-04T07:28:30Z urn:sha1:875cbf3e4614cfdcc7f65033e25292aec80f09c0 On AArch64, audit is supported through generic lib/audit.c and compat_audit.c, and so this patch adds arch specific definitions required. Acked-by Will Deacon <will.deacon@arm.com> Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> 2014-06-04T06:32:12Z David S. Miller davem@davemloft.net 2014-06-04T06:32:12Z urn:sha1:c99f7abf0e69987e4add567e155e042cb1f2a20b Conflicts: include/net/inetpeer.h net/ipv6/output_core.c Changes in net were fixing bugs in code removed in net-next. Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-24T04:32:30Z David S. Miller davem@davemloft.net 2014-05-24T04:32:30Z urn:sha1:54e5c4def0614ab540fbdf68e45342a4af141702 Conflicts: drivers/net/bonding/bond_alb.c drivers/net/ethernet/altera/altera_msgdma.c drivers/net/ethernet/altera/altera_sgdma.c net/ipv6/xfrm6_output.c Several cases of overlapping changes. The xfrm6_output.c has a bug fix which overlaps the renaming of skb->local_df to skb->ignore_df. In the Altera TSE driver cases, the register access cleanups in net-next overlapped with bug fixes done in net. Similarly a bug fix to send ALB packets in the bonding driver using the right source address overlaps with cleanups in net-next. Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-22T11:45:17Z Huacai Chen chenhc@lemote.com 2014-05-21T02:49:19Z urn:sha1:dc93f7b68a039fe7d918613163b1cdd21b279ec5 Missing a "|" in AUDIT_ARCH_MIPSEL64N32 macro definition. Signed-off-by: Huacai Chen <chenhc@lemote.com> Reviewed-by: Markos Chandras <markos.chandras@imgtec.com> Cc: John Crispin <john@phrozen.org> Cc: Steven J. Hill <Steven.Hill@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: linux-mips@linux-mips.org Cc: Fuxin Zhang <zhangfx@lemote.com> Cc: Zhangjin Wu <wuzhangjin@gmail.com> Patchwork: https://patchwork.linux-mips.org/patch/6978/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2014-05-13T23:39:54Z Markos Chandras markos.chandras@imgtec.com 2014-04-22T14:40:36Z urn:sha1:f2d0801f00b7aff0ac6b3666cbcdab499267418a A MIPS64 kernel may support ELF files for all 3 MIPS ABIs (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token does not provide enough information about the ABI for the 64-bit process. As a result of which, userland needs to use complex seccomp filters to decide whether a syscall belongs to the o32 or n32 or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it can be used by seccomp to explicitely set syscall filters for this ABI. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <pmoore@redhat.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: linux-mips@linux-mips.org Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/ Patchwork: https://patchwork.linux-mips.org/patch/6818/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2014-04-23T01:42:27Z Richard Guy Briggs rgb@redhat.com 2014-04-23T01:31:57Z urn:sha1:451f921639fea4600dfb9ab2889332bdcc7b48d3 Add a netlink multicast socket with one group to kaudit for "best-effort" delivery to read-only userspace clients such as systemd, in addition to the existing bidirectional unicast auditd userspace client. Currently, auditd is intended to use the CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE capabilities, but actually uses CAP_NET_ADMIN. The CAP_AUDIT_READ capability is added for use by read-only AUDIT_NLGRP_READLOG netlink multicast group clients to the kaudit subsystem. This will safely give access to services such as systemd to consume audit logs while ensuring write access remains restricted for integrity. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>