Commit 48887e63d6e057543067327da6b091297f7fe645
1 parent
7f0ed77d24
Exists in
master
and in
7 other branches
[PATCH] fix broken timestamps in AVC generated by kernel threads
Timestamp in audit_context is valid only if ->in_syscall is set. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 3 changed files with 7 additions and 6 deletions Side-by-side Diff
include/linux/audit.h
| ... | ... | @@ -435,7 +435,7 @@ |
| 435 | 435 | |
| 436 | 436 | /* Private API (for audit.c only) */ |
| 437 | 437 | extern unsigned int audit_serial(void); |
| 438 | -extern void auditsc_get_stamp(struct audit_context *ctx, | |
| 438 | +extern int auditsc_get_stamp(struct audit_context *ctx, | |
| 439 | 439 | struct timespec *t, unsigned int *serial); |
| 440 | 440 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
| 441 | 441 | #define audit_get_loginuid(t) ((t)->loginuid) |
| ... | ... | @@ -518,7 +518,7 @@ |
| 518 | 518 | #define audit_inode(n,d) do { ; } while (0) |
| 519 | 519 | #define audit_inode_child(d,i,p) do { ; } while (0) |
| 520 | 520 | #define audit_core_dumps(i) do { ; } while (0) |
| 521 | -#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | |
| 521 | +#define auditsc_get_stamp(c,t,s) (0) | |
| 522 | 522 | #define audit_get_loginuid(t) (-1) |
| 523 | 523 | #define audit_get_sessionid(t) (-1) |
| 524 | 524 | #define audit_log_task_context(b) do { ; } while (0) |
kernel/audit.c
| ... | ... | @@ -1121,9 +1121,7 @@ |
| 1121 | 1121 | static inline void audit_get_stamp(struct audit_context *ctx, |
| 1122 | 1122 | struct timespec *t, unsigned int *serial) |
| 1123 | 1123 | { |
| 1124 | - if (ctx) | |
| 1125 | - auditsc_get_stamp(ctx, t, serial); | |
| 1126 | - else { | |
| 1124 | + if (!ctx || !auditsc_get_stamp(ctx, t, serial)) { | |
| 1127 | 1125 | *t = CURRENT_TIME; |
| 1128 | 1126 | *serial = audit_serial(); |
| 1129 | 1127 | } |
kernel/auditsc.c
| ... | ... | @@ -1957,15 +1957,18 @@ |
| 1957 | 1957 | * |
| 1958 | 1958 | * Also sets the context as auditable. |
| 1959 | 1959 | */ |
| 1960 | -void auditsc_get_stamp(struct audit_context *ctx, | |
| 1960 | +int auditsc_get_stamp(struct audit_context *ctx, | |
| 1961 | 1961 | struct timespec *t, unsigned int *serial) |
| 1962 | 1962 | { |
| 1963 | + if (!ctx->in_syscall) | |
| 1964 | + return 0; | |
| 1963 | 1965 | if (!ctx->serial) |
| 1964 | 1966 | ctx->serial = audit_serial(); |
| 1965 | 1967 | t->tv_sec = ctx->ctime.tv_sec; |
| 1966 | 1968 | t->tv_nsec = ctx->ctime.tv_nsec; |
| 1967 | 1969 | *serial = ctx->serial; |
| 1968 | 1970 | ctx->auditable = 1; |
| 1971 | + return 1; | |
| 1969 | 1972 | } |
| 1970 | 1973 | |
| 1971 | 1974 | /* global counter which is incremented every time something logs in */ |