[bug report] audit: log nftables configuration change events

Richard Guy Briggs rgb at redhat.com
Sat Jun 27 17:35:33 UTC 2020 

On 2020-06-26 13:22, Dan Carpenter wrote:
> Hello Richard Guy Briggs,
> 
> The patch 8e6cf365e1d5: "audit: log nftables configuration change
> events" from Jun 4, 2020, leads to the following static checker
> warning:
> 
> 	net/netfilter/nf_tables_api.c:6160 nft_obj_notify()
> 	warn: use 'gfp' here instead of GFP_XXX?
> 
> net/netfilter/nf_tables_api.c
>   6153  void nft_obj_notify(struct net *net, const struct nft_table *table,
>   6154                      struct nft_object *obj, u32 portid, u32 seq, int event,
>   6155                      int family, int report, gfp_t gfp)
>                                                     ^^^^^^^^^
>   6156  {
>   6157          struct sk_buff *skb;
>   6158          int err;
>   6159          char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
>                                       ^^^^^^^^^^
> This should probably be "gfp".

Agreed, nice catch.  Checking other similar uses from that patch
leads me to another bug and the need to extend audit_log_nfcfg() to
accept a GFP flag.  Patch coming...

>   6160                                table->name, table->handle);
>   6161  
>   6162          audit_log_nfcfg(buf,
>   6163                          family,
>   6164                          obj->handle,
>   6165                          event == NFT_MSG_NEWOBJ ?
>   6166                                  AUDIT_NFT_OP_OBJ_REGISTER :
>   6167                                  AUDIT_NFT_OP_OBJ_UNREGISTER);
>   6168          kfree(buf);
>   6169  
>   6170          if (!report &&
>   6171              !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
>   6172                  return;
>   6173  
>   6174          skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
>                                                 ^^^
> 
>   6175          if (skb == NULL)
>   6176                  goto err;
>   6177  
>   6178          err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
>   6179                                        table, obj, false);
>   6180          if (err < 0) {
>   6181                  kfree_skb(skb);
>   6182                  goto err;
>   6183          }
>   6184  
>   6185          nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
>   6186          return;
>   6187  err:
>   6188          nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
>   6189  }
> 
> regards,
> dan carpenter

- RGB

--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

More information about the Linux-audit mailing list