[bug report] audit: log nftables configuration change events
Richard Guy Briggs
rgb at redhat.com
Sat Jun 27 17:35:33 UTC 2020
On 2020-06-26 13:22, Dan Carpenter wrote:
> Hello Richard Guy Briggs,
>
> The patch 8e6cf365e1d5: "audit: log nftables configuration change
> events" from Jun 4, 2020, leads to the following static checker
> warning:
>
> net/netfilter/nf_tables_api.c:6160 nft_obj_notify()
> warn: use 'gfp' here instead of GFP_XXX?
>
> net/netfilter/nf_tables_api.c
> 6153 void nft_obj_notify(struct net *net, const struct nft_table *table,
> 6154 struct nft_object *obj, u32 portid, u32 seq, int event,
> 6155 int family, int report, gfp_t gfp)
> ^^^^^^^^^
> 6156 {
> 6157 struct sk_buff *skb;
> 6158 int err;
> 6159 char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
> ^^^^^^^^^^
> This should probably be "gfp".
Agreed, nice catch. Checking other similar uses from that patch
leads me to another bug and the need to extend audit_log_nfcfg() to
accept a GFP flag. Patch coming...
> 6160 table->name, table->handle);
> 6161
> 6162 audit_log_nfcfg(buf,
> 6163 family,
> 6164 obj->handle,
> 6165 event == NFT_MSG_NEWOBJ ?
> 6166 AUDIT_NFT_OP_OBJ_REGISTER :
> 6167 AUDIT_NFT_OP_OBJ_UNREGISTER);
> 6168 kfree(buf);
> 6169
> 6170 if (!report &&
> 6171 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
> 6172 return;
> 6173
> 6174 skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
> ^^^
>
> 6175 if (skb == NULL)
> 6176 goto err;
> 6177
> 6178 err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
> 6179 table, obj, false);
> 6180 if (err < 0) {
> 6181 kfree_skb(skb);
> 6182 goto err;
> 6183 }
> 6184
> 6185 nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
> 6186 return;
> 6187 err:
> 6188 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
> 6189 }
>
> regards,
> dan carpenter
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list