user/sven/linux.git/kernel/audit.c, branch v5.12.6

audit: Remove leftover reference to the audit_tasklet

2021-01-15T16:58:10Z

This was replaced with a kauditd_wait kthread long ago, back in: b7d1125817c (AUDIT: Send netlink messages from a separate kernel thread) Update the stale comment. Signed-off-by: Davidlohr Bueso Signed-off-by: Paul Moore

kernel/audit: convert comma to semicolon

2021-01-05T00:37:35Z

Replace a comma between expression statements by a semicolon. Signed-off-by: Zheng Yongjun Reviewed-by: Richard Guy Briggs Signed-off-by: Paul Moore

audit: replace atomic_add_return()

2020-12-03T03:52:16Z

atomic_inc_return() is a little neater Signed-off-by: Yejune Deng Signed-off-by: Paul Moore

audit: fix macros warnings

2020-11-25T04:28:02Z

Some unused macros could cause gcc warning: kernel/audit.c:68:0: warning: macro "AUDIT_UNINITIALIZED" is not used [-Wunused-macros] kernel/auditsc.c:104:0: warning: macro "AUDIT_AUX_IPCPERM" is not used [-Wunused-macros] kernel/auditsc.c:82:0: warning: macro "AUDITSC_INVALID" is not used [-Wunused-macros] AUDIT_UNINITIALIZED and AUDITSC_INVALID are still meaningful and should be in incorporated. Just remove AUDIT_AUX_IPCPERM. Thanks comments from Richard Guy Briggs and Paul Moore. Signed-off-by: Alex Shi Cc: Paul Moore Cc: Richard Guy Briggs Cc: Eric Paris Cc: linux-audit@redhat.com Cc: linux-kernel@vger.kernel.org Signed-off-by: Paul Moore

audit: trigger accompanying records when no rules present

2020-10-28T01:02:57Z

When there are no audit rules registered, mandatory records (config, etc.) are missing their accompanying records (syscall, proctitle, etc.). This is due to audit context dummy set on syscall entry based on absence of rules that signals that no other records are to be printed. Clear the dummy bit if any record is generated, open coding this in audit_log_start(). The proctitle context and dummy checks are pointless since the proctitle record will not be printed if no syscall records are printed. The fds array is reset to -1 after the first syscall to indicate it isn't valid any more, but was never set to -1 when the context was allocated to indicate it wasn't yet valid. Check ctx->pwd in audit_log_name(). The audit_inode* functions can be called without going through getname_flags() or getname_kernel() that sets audit_names and cwd, so set the cwd in audit_alloc_name() if it has not already been done so due to audit_names being valid and purge all other audit_getcwd() calls. Revert the LSM dump_common_audit_data() LSM_AUDIT_DATA_* cases from the ghak96 patch since they are no longer necessary due to cwd coverage in audit_alloc_name(). Thanks to bauen1 for reporting LSM situations in which context->cwd is not valid, inadvertantly fixed by the ghak96 patch. Please see upstream github issue https://github.com/linux-audit/audit-kernel/issues/120 This is also related to upstream github issue https://github.com/linux-audit/audit-kernel/issues/96 Signed-off-by: Richard Guy Briggs Signed-off-by: Paul Moore

audit: fix a kernel-doc markup

2020-10-28T01:02:54Z

typo: kauditd_print_skb -> kauditd_printk_skb Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Paul Moore

audit: Remove redundant null check

2020-08-26T13:10:39Z

Because kfree_skb already checked NULL skb parameter, so the additional check is unnecessary, just remove it. Signed-off-by: Xu Wang Signed-off-by: Paul Moore

audit: uninitialize variable audit_sig_sid

2020-08-18T00:28:17Z

Checkpatch tool reports "ERROR: do not initialise globals/statics to 0" To fix this, audit_sig_sid is uninitialized As this is stored in the .bss section, the compiler can initialize the variable automatically. Signed-off-by: Jules Irenge Signed-off-by: Paul Moore

audit: change unnecessary globals into statics

2020-08-18T00:26:58Z

Variables sig_pid, audit_sig_uid and audit_sig_sid are only used in the audit.c file across the kernel Hence it appears no reason for declaring them as globals This patch removes their global declarations from the .h file and change them into static in the .c file. Signed-off-by: Jules Irenge Signed-off-by: Paul Moore

Merge tag 'audit-pr-20200803' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

2020-08-04T21:20:26Z

Pull audit updates from Paul Moore: "Aside from some smaller bug fixes, here are the highlights: - add a new backlog wait metric to the audit status message, this is intended to help admins determine how long processes have been waiting for the audit backlog queue to clear - generate audit records for nftables configuration changes - generate CWD audit records for for the relevant LSM audit records" * tag 'audit-pr-20200803' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: report audit wait metric in audit status reply audit: purge audit_log_string from the intra-kernel audit API audit: issue CWD record to accompany LSM_AUDIT_DATA_* records audit: use the proper gfp flags in the audit_log_nfcfg() calls audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs audit: add gfp parameter to audit_log_nfcfg audit: log nftables configuration change events audit: Use struct_size() helper in alloc_chunk