[RFC PATCH 2/4] audit: kernel generated netlink traffic should have a portid of 0
Richard Guy Briggs
rgb at redhat.com
Mon Apr 10 03:41:29 UTC 2017
On 2017-03-21 14:58, Paul Moore wrote:
> From: Paul Moore <paul at paul-moore.com>
>
> We were setting the portid incorrectly in the netlink message headers,
> fix that to always be 0 (nlmsg_pid = 0).
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> include/linux/audit.h | 3 +--
> kernel/audit.c | 23 ++++++-----------------
> kernel/audit.h | 3 +--
> kernel/auditfilter.c | 14 ++++++--------
> 4 files changed, 14 insertions(+), 29 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 504e784b7ffa..cc0497c39472 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -163,8 +163,7 @@ extern void audit_log_task_info(struct audit_buffer *ab,
> extern int audit_update_lsm_rules(void);
>
> /* Private API (for audit.c only) */
> -extern int audit_rule_change(int type, __u32 portid, int seq,
> - void *data, size_t datasz);
> +extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
> extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
>
> extern u32 audit_enabled;
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 4037869b4b64..6cbf47a372e8 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -251,14 +251,6 @@ static struct sock *audit_get_sk(const struct net *net)
> return aunet->sk;
> }
>
> -static void audit_set_portid(struct audit_buffer *ab, __u32 portid)
> -{
> - if (ab) {
> - struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
> - nlh->nlmsg_pid = portid;
> - }
> -}
> -
> void audit_panic(const char *message)
> {
> switch (audit_failure) {
> @@ -819,7 +811,7 @@ int audit_send_list(void *_dest)
> return 0;
> }
>
> -struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done,
> +struct sk_buff *audit_make_reply(int seq, int type, int done,
> int multi, const void *payload, int size)
> {
> struct sk_buff *skb;
> @@ -832,7 +824,7 @@ struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done,
> if (!skb)
> return NULL;
>
> - nlh = nlmsg_put(skb, portid, seq, t, size, flags);
> + nlh = nlmsg_put(skb, 0, seq, t, size, flags);
> if (!nlh)
> goto out_kfree_skb;
> data = nlmsg_data(nlh);
> @@ -876,7 +868,6 @@ static int audit_send_reply_thread(void *arg)
> static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int done,
> int multi, const void *payload, int size)
> {
> - u32 portid = NETLINK_CB(request_skb).portid;
> struct net *net = sock_net(NETLINK_CB(request_skb).sk);
> struct sk_buff *skb;
> struct task_struct *tsk;
> @@ -886,12 +877,12 @@ static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int
> if (!reply)
> return;
>
> - skb = audit_make_reply(portid, seq, type, done, multi, payload, size);
> + skb = audit_make_reply(seq, type, done, multi, payload, size);
> if (!skb)
> goto out;
>
> reply->net = get_net(net);
> - reply->portid = portid;
> + reply->portid = NETLINK_CB(request_skb).portid;
> reply->skb = skb;
>
> tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
> @@ -1075,7 +1066,7 @@ static int audit_replace(pid_t pid)
> {
> struct sk_buff *skb;
>
> - skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0, &pid, sizeof(pid));
> + skb = audit_make_reply(0, AUDIT_REPLACE, 0, 0, &pid, sizeof(pid));
> if (!skb)
> return -ENOMEM;
> return auditd_send_unicast_skb(skb);
> @@ -1245,7 +1236,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> size--;
> audit_log_n_untrustedstring(ab, data, size);
> }
> - audit_set_portid(ab, NETLINK_CB(skb).portid);
> audit_log_end(ab);
> }
> break;
> @@ -1259,8 +1249,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_end(ab);
> return -EPERM;
> }
> - err = audit_rule_change(msg_type, NETLINK_CB(skb).portid,
> - seq, data, nlmsg_len(nlh));
> + err = audit_rule_change(msg_type, seq, data, nlmsg_len(nlh));
> break;
> case AUDIT_LIST_RULES:
> err = audit_list_rules_send(skb, seq);
> diff --git a/kernel/audit.h b/kernel/audit.h
> index 0f1cf6d1878a..c21b74dd7ff2 100644
> --- a/kernel/audit.h
> +++ b/kernel/audit.h
> @@ -237,8 +237,7 @@ extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right);
> extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right);
> extern int parent_len(const char *path);
> extern int audit_compare_dname_path(const char *dname, const char *path, int plen);
> -extern struct sk_buff *audit_make_reply(__u32 portid, int seq, int type,
> - int done, int multi,
> +extern struct sk_buff *audit_make_reply(int seq, int type, int done, int multi,
> const void *payload, int size);
> extern void audit_panic(const char *message);
>
> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 880519d6cf2a..81cdf8d8f319 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1033,7 +1033,7 @@ int audit_del_rule(struct audit_entry *entry)
> }
>
> /* List rules using struct audit_rule_data. */
> -static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q)
> +static void audit_list_rules(int seq, struct sk_buff_head *q)
> {
> struct sk_buff *skb;
> struct audit_krule *r;
> @@ -1048,15 +1048,15 @@ static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q)
> data = audit_krule_to_data(r);
> if (unlikely(!data))
> break;
> - skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES,
> - 0, 1, data,
> + skb = audit_make_reply(seq, AUDIT_LIST_RULES, 0, 1,
> + data,
> sizeof(*data) + data->buflen);
> if (skb)
> skb_queue_tail(q, skb);
> kfree(data);
> }
> }
> - skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
> + skb = audit_make_reply(seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
> if (skb)
> skb_queue_tail(q, skb);
> }
> @@ -1085,13 +1085,11 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
> /**
> * audit_rule_change - apply all rules to the specified message type
> * @type: audit message type
> - * @portid: target port id for netlink audit messages
> * @seq: netlink audit message sequence (serial) number
> * @data: payload data
> * @datasz: size of payload data
> */
> -int audit_rule_change(int type, __u32 portid, int seq, void *data,
> - size_t datasz)
> +int audit_rule_change(int type, int seq, void *data, size_t datasz)
> {
> int err = 0;
> struct audit_entry *entry;
> @@ -1150,7 +1148,7 @@ int audit_list_rules_send(struct sk_buff *request_skb, int seq)
> skb_queue_head_init(&dest->q);
>
> mutex_lock(&audit_filter_mutex);
> - audit_list_rules(portid, seq, &dest->q);
> + audit_list_rules(seq, &dest->q);
> mutex_unlock(&audit_filter_mutex);
>
> tsk = kthread_run(audit_send_list, dest, "audit_send_list");
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list